Hacking windows xp

Posted by tech master  |  at  7:31 PM

1 comments:

Hack angelfire account

Posted by tech master  |  at  7:19 PM

Ok...lets start!



Now hacking angelfire pages is not that big of a deal...there are other ways to
hack angelfire pages but i have tested them and they dont work. BUT my way is
easy,fast and NEW...



One day i was wondering around angelfire pages, trying to find a way to hack
them i knew the email trick was lame and angelfire never reply's so i started
thinking...i made a fake account at angelfire and started exploring...after
about 4hrs i saw it!!.



If you view the source on bedit.html (the page right after you log in) you can
see that your password is there its not hidden or anything is just there!! this
is where its located...its about 17,18 lines down from <html> at the top.



<font color=teal>Your page <a href="http://www.angelfire.com/mi/KrazieBread/index.html">
http://www.angelfire.com/mi/KrazieBread/index.html </a> has been saved.<br>You
may have to click Reload or Super-Reload (Shift+Reload) to see your edited page
and not your old version when you go to your URL.<br>You can also announce your
new page on <a href="http://homepages.whowhere.com/bin/showpage.pl?add">WhoWhere?</a>,
<a href="http://newtoo.manifest.com/"><u>What's New Too!</u></a>, or if you
really want to get noticed, go to <a href="http://www.submit-it.com/"><u>Submit
It!</u></a><br>Tune up your Web Site at the <a href="http://www.angelfire.com/cgi-bin/ct?ad=websitegarage&vp=/index.clicked&ru=http://www.websitegarage.com/whowhere">Web


Site Garage</a>.</font>

</td></tr></table></center>

<form select method="post" action="http://www.angelfire.com/cgi-bin/bedit">

<input type="hidden" name="storage" value="mi">

<input type="hidden" name="hpd" value="KrazieBread"> --------

<input type="hidden" name="password" value="KRAZIEb"> <-----!ITS HERE!.

--------

The bold text is the password.



You probably saying "SO WHAT?? WHAT'S THE BIG DEAL??"



The big deal is that A LOT i mean A L O T of people don't know there password is
there and you can just get in there page.



I have kept this a secret for a long time but i think its time for me to tell
you guys how to do it...it has worked for me about 90% of the time and many
angelfire pages have been hacked MY WAY, not the lame email way or the cgi way
that DON'T EVEN WORK!





WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



++!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

YOU NEED A EMAIL ACCOUNT BEFORE YOU START THIS...GO TO WWW.HOTMAIL.COM AND MAKE

ONE DON'T GIVE REAL INFO JUST LIE ABOUT EVERYTHING BUT REMEMBER YOUR LOGIN AND
PASSWORD

BECAUSE YOU'LL NEED THIS LATER ON!! now follow the steps :)

++!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



=\\**** 1st step ****//=<==



Find a lamer you wanna test this on or if you know someone you wanna fuck up
just use him...(the best way of getting this done right is to be nice to the
lame victim so he don't think your trying anything on him) anyhow...get the
lamer and tell him that you know a nice trick that well let him know who enters
his page and when they enter it with there ip internet username and password and
that all this well be emailed to him.



And ask him if he wants to give it a try...if the person doesn't really fall for
it then just tell him its a very good way to get back people you hate, and all
he has to do is tell the lamer to go to his page and the persons info well be
emailed tohim. (that might just make him think again about it)



=\\**** 2nd step ****//=<==



After the poor victim says ok ask him to follow these steps...

1st- tell him to log on to his page (angelfire account).



2nd- after he is in tell him to save the page (PAGE SHOULD BE BEDIT.HTML)
somewhere he can find later on (SAVING AS IN =SAVE AS= ON YOUR BROWSER MENU) and
tell them to tell you when he is done...



=\\**** 3rd step ****//=<==



After he has done all this tell him you have to scan the file (BEDIT.HTML) with
a program you have, to make sure his page is not infected with the YELLOW virus
because if it is then the trick well not work...ask him to send you the
BEDIT.HTML file and that it wont take more then 3mins. If they say send me the
program i wanna do it my self say you cant its on a cd and its protected so it
cant get send around and USE YOUR IMAGINATION AGAIN ! until you get him to send
you the BEDIT.HTML file.



=\\**** 4th step****//=<==



fast right when you get the file click on it, and BANG your in his account :)
now remember the email id you made before...well RIGHT AWAY change the victims
email, go to *change email* and type in yours...now angelfire will send you an
email and in it it has your new giving password and your new email so the POOR
LAME

VICTIM cant email them saying he lost his password or anything because angelfire
thinks he changed his email and they just think the poor victim is lying so they
wont reply :)...now that you have changed his email the page is yours just log
in angelfire with the new password giving to you and that's all.



0 comments:

Hack a website if you have an account with the server

Posted by tech master  |  at  7:28 PM

 This article is on how you can hack a webpage if you already have an
account with the server.



This was taken from a text by Lord Somer and since i don't want to butcher
something important out of it

I will just keep the text in its whole form.



Exploiting Net Adminstration CGI (taken from a text by Lord Somer)

#######################################



# Exploiting Net Administration Cgi's #

# like nethosting.com #

# Written by:Lord Somer #

# Date:9/2/97 #

#######################################



Well since nethosting.com either shutdown or whatever I figured what the hell
before I forget how I did the more recent hacks etc... I'd tell you how so maybe
you'll find the same sys elsewhere or be able to use it for ideas.



Basically Nethosting.com did all it's administration via cgi's at net-admin.nethosting.com,
well you need an account, card it if necessary, log in to net-administration,
you'll see crap like ftp administration, email, etc... who really cares about
e-mail so we'll go to ftp. Click on ftp administration. Lets say you were logged
in as 7thsphere.com your url would be something like:



http://net-admin.nethosting.com/cgi-bin/add_ftp.cgi?7thsphere.com+ljad32432jl



Just change the 7thsphere.com to any domain on the sys or if in the chmod cgi
just del that part but keep the + sign and you edit the /usr/home dir. In the
ftp administration make a backdoor account to that domain by creating an ftp
who's dir is / since multiple /// still means /.



Once you have your backdoor have fun. Oh yeah and in the email you can add
aliases like I did to rhad's e-mail account at 7thsphere, why the hell is he on
that winsock2.2 mailing list?



Well the basic theory of this type of exploitation is that:

- the cgi is passed a paramater which we change to something else to edit it's
info

- since it uses the stuff after the + to check that it's a valid logged in
account(like hotmail does), it dosen't check the password again.

- multiple ///'s in unix just mean a /, thus we can get access to people's dir
or the entire /usr/home dir





I used this method for hacking a few well known places:

7thsphere.com

sinnerz.com

hawkee.com

warez950.org

lgn.com

and several other unknown sites.



 

0 comments:

Hacking webpages part1

Posted by tech master  |  at  7:21 PM

There is many different methods of hacking users web pages on a server. I
will attempt to list as many ways possible but don't expect very much in depth
information.



Getting Passwords



Okay suppose you found a page you want to hack, that is on someone else's server
that's a basic server, light security. Okay very light security. I will be
truthful. This pretty much works on servers with no security.

Getting a password file is pretty easy. Simply telnet into the servers FTP
anonymously and look in the ETC directory and get the file called Passwd.
Another way to get them is to find your target and in

a WWW browser type cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd after


the servers name. For example the name may be http://www.hackme.com/, you
would goto
http://www.hackme.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
except instead of www.hackme.com you would replace that with your targets URL.
You may get a passwd file that has no user accounds, but only defaults which
where the encrypted password should be a * would be in its place. On certain
servers with this you may have a shadowed passwd but on all passwd files i have
come across there is some user names like FTP and NEWS that have no encrypted
passwords which is replaced with *. If you find only this and no encrypted
passwds you probably have found a fixed passwd file and you must try another
method of hacking the server. You need to examine this file and look for a line
in the text that looks like this:

rrc:uXDg04UkZgWOQ:201:4:Richard Clark:/export/home/rrc:/bin/kshdoes not
need to look exactly like that, the only important part it needs it the
uXDg04UkZgWOQ and rcc, which is the login part. Get a program called John the
Ripper which can be found on any hacking site on the web. If you are to lazy, or
stupid to find one on the web here is a good place to go for newbies
http://www.hackersclub.com/km/ I
will not go in depth right here on passwd files, but i have written a text on
passwd's going good into the subject which can be found at

http://www.xtalwind.net/~lmclaulin/ugpasswd.txt
. Anyway, using John the
Ripper is easy, if you want to quickly hack something give the command (in DOS
prompt) "john passwd -single" Replace "passwd" in there with the name of the
passwd file, you may have saved it as passwd.txt or something. An important
thing to remember is that the passwd file needs to be in the same directory as
John. To see a list of other methods for

cracking a passwd file, just type John and it will give you a list of commands.
I have found john won't work for me with wordlists but other people say that it
works fine for them. You can use incremental mode (to use that the command is
"John passwd -incremental" It takes like a few days to finish so I wouldn't
really want it to let it go on forever and ever if it was just some normal
passwd file. Unless its like NASA's passwd file (keep dreaming, they probably
change passwords everyday and that file is very outdated) I wouldn't want to use
that too much. To see a complete list of John's cracking capabilities, just type
john and it will give you a list of commands that you may use.




In my next post you will find a tutorial on "How to hack website if you
Have an Account with the Users Server
"

0 comments:

What they says

Copyright © 2013 Techsense. WP Theme-junkie converted by BloggerTheme9
Blogger template. Proudly Powered by Blogger.| Distributed by Rocking Templates
back to top