sfsdfsdfsdfdsasdasdaS
HERE IS THE METHOD TO HACK INTO A WEBSITE OR DATA INFORMATION:-
1. Using Forms to Your Advantage:
You probably already know about sql injection, my goal is to explain how vulnerable forms can be if not handled correctly. When targeting a system, most times you will start off with 0 code to exploit. The only thing you have is a constructed webpage to break to pieces and successfully find vulnerabilities to use to your advantage.
ACQUIRING DATABASE INFORMATION
A very logic way of acquiring system information from a website's database is by causing errors in the sql queries. These errors can be created through search forms, dynamic links, or session cookies. Most sql injection papers explain how dynamic links and text boxes can be used to execute sql queries but in my opinion, this vulnurability is more common in other input types (select boxes, hidden fields, checkboxes and radio buttons, and cookies!).
Mixing data types generally crashes a webpage if it's not well coded. Take for example a link to "memberinfo.php?o_id=1". If your goal is to crash that page it would be a good idea to stick in a " or a ' in the o_id variable. If you're lucky you will get a debug message containing the crippled sql query. After you have all the information you need and you know what you're going after you're ready to hack the hell out of every page that you have access to.
CHANGING FIELDS' VALUES
The first form you think of is the profile page. Most profile pages ignore a user's intellectuals and don't mask out,for example, select boxes. A way of exploiting this vulnerability is by injecting a sql query in the value property of the field.
javascript:alert(document.profileform.user_sex.value="gay\',user_pasword=\'HACKED\' WHERE user_id=1#");
If we assume that the server side sql query looks something like this:
"UPDATE user_data SET user_password='$user_password',user_email='$user_email',user_sex='$user_sex' WHERE user_id=$user_id";
Then the final query will look somewhat like this:
"UPDATE user_data SET user_password='mypassword',user_email='myemail',user_sex='gay',
user_password='HACKED' WHERE
user_id=1 #' WHERE user_id=7382";
# Is a sql comment operator.
2. Bypassing Session Cookies
OVERRIDING BASIC SESSION COOKIE AUTHENTICATION
Most of the time session handling is done with the use of cookies. The cookies tell the webpage who you are and what you have access to and what you don't have access to. If the page does not handle session cookies correctly a hacker might be able to change their identity to that of another user's. Cookies are stored in "window.document.cookie". With javascript we are able to erase,edit,create cookies for any website. This task is more complicated than regular types of attacks. I will not go into great detail about how it's done.
To View the Cookie:
javascript:alert(unescape(document.cookie));
To Change Cookie Data:
javascript:alert(window.c=function a(n,v,nv){c=document.cookie;c=c.substring(c.indexOf(n)+n.length,c.length);
c=c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length));nc=unescape(c).replace(v,nv);document.cookie=n+"="+escape(nc);return unescape(document.cookie);});alert(c(prompt("cookie name:",""),prompt("replace this value:",""),prompt("with::","")));
So If You are logged in as "John Doe" in www.ima13370h4x0r.net and your session cookie reads:
SessionData=
a:3:{s:11:"SessionUser";s:5:"75959";s:9:"SessionID";i:70202768;s:9:"LastVisit";i:1078367189;}
The cookie is actually serialized but you should be able to recognize "75959" as your user_id. Some of the time you will find a website that stores data (like user_id) in cookies but does not typecast the data. This is a serious hole in the site's code because any user is able to change their user_id to any other user or administrator user_id.
Changing the cookie value is easy once you have declared the window.c function. First change s:5:"75959" to s:x:"ADMINID" where x is the length of the new value. So if you want to change 75959 to 1. You must change s:5:"75959" to s:1:"1" :-) Sometimes you will need to change 75959 to "13 or 1=1" in order to bypass any WHERE statements any sql session queries used to keep you logged in the website.
----------------------------------------------------------------------------------------
Notes:
In-line javascript statements can be added to your browser's favorites for easier access to your own functions.
It is possible to declare your own functions for use in extended hacks. Declare the function as a method of window. "alert(window.newfunction = function (){...})"
1. Using Forms to Your Advantage:
You probably already know about sql injection, my goal is to explain how vulnerable forms can be if not handled correctly. When targeting a system, most times you will start off with 0 code to exploit. The only thing you have is a constructed webpage to break to pieces and successfully find vulnerabilities to use to your advantage.
ACQUIRING DATABASE INFORMATION
A very logic way of acquiring system information from a website's database is by causing errors in the sql queries. These errors can be created through search forms, dynamic links, or session cookies. Most sql injection papers explain how dynamic links and text boxes can be used to execute sql queries but in my opinion, this vulnurability is more common in other input types (select boxes, hidden fields, checkboxes and radio buttons, and cookies!).
Mixing data types generally crashes a webpage if it's not well coded. Take for example a link to "memberinfo.php?o_id=1". If your goal is to crash that page it would be a good idea to stick in a " or a ' in the o_id variable. If you're lucky you will get a debug message containing the crippled sql query. After you have all the information you need and you know what you're going after you're ready to hack the hell out of every page that you have access to.
CHANGING FIELDS' VALUES
The first form you think of is the profile page. Most profile pages ignore a user's intellectuals and don't mask out,for example, select boxes. A way of exploiting this vulnerability is by injecting a sql query in the value property of the field.
javascript:alert(document.profileform.user_sex.value="gay\',user_pasword=\'HACKED\' WHERE user_id=1#");
If we assume that the server side sql query looks something like this:
"UPDATE user_data SET user_password='$user_password',user_email='$user_email',user_sex='$user_sex' WHERE user_id=$user_id";
Then the final query will look somewhat like this:
"UPDATE user_data SET user_password='mypassword',user_email='myemail',user_sex='gay',
user_password='HACKED' WHERE
user_id=1 #' WHERE user_id=7382";
# Is a sql comment operator.
2. Bypassing Session Cookies
OVERRIDING BASIC SESSION COOKIE AUTHENTICATION
Most of the time session handling is done with the use of cookies. The cookies tell the webpage who you are and what you have access to and what you don't have access to. If the page does not handle session cookies correctly a hacker might be able to change their identity to that of another user's. Cookies are stored in "window.document.cookie". With javascript we are able to erase,edit,create cookies for any website. This task is more complicated than regular types of attacks. I will not go into great detail about how it's done.
To View the Cookie:
javascript:alert(unescape(document.cookie));
To Change Cookie Data:
javascript:alert(window.c=function a(n,v,nv){c=document.cookie;c=c.substring(c.indexOf(n)+n.length,c.length);
c=c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length));nc=unescape(c).replace(v,nv);document.cookie=n+"="+escape(nc);return unescape(document.cookie);});alert(c(prompt("cookie name:",""),prompt("replace this value:",""),prompt("with::","")));
So If You are logged in as "John Doe" in www.ima13370h4x0r.net and your session cookie reads:
SessionData=
a:3:{s:11:"SessionUser";s:5:"75959";s:9:"SessionID";i:70202768;s:9:"LastVisit";i:1078367189;}
The cookie is actually serialized but you should be able to recognize "75959" as your user_id. Some of the time you will find a website that stores data (like user_id) in cookies but does not typecast the data. This is a serious hole in the site's code because any user is able to change their user_id to any other user or administrator user_id.
Changing the cookie value is easy once you have declared the window.c function. First change s:5:"75959" to s:x:"ADMINID" where x is the length of the new value. So if you want to change 75959 to 1. You must change s:5:"75959" to s:1:"1" :-) Sometimes you will need to change 75959 to "13 or 1=1" in order to bypass any WHERE statements any sql session queries used to keep you logged in the website.
----------------------------------------------------------------------------------------
Notes:
In-line javascript statements can be added to your browser's favorites for easier access to your own functions.
It is possible to declare your own functions for use in extended hacks. Declare the function as a method of window. "alert(window.newfunction = function (){...})"
Rapidshare announced several important news:
1. In the future, the download volumes included in a Premium Account is going to be reduced from 10 Gigabyte a day to 80 Gigabyte a month, at continuous exact daily pro rata billing.
2. The sum of accumulated download-traffic is going to be reduced from 50 Gigabyte to 10 Gigabyte.
3. Personal web storage space is going to continue to be set to 500 Gigabyte.
4. Existing Accounts are not affected, aside that due to the change of 10 Gigabyte maximum accumulated traffic, no download volume can be transferred from one day to another.
5. For all existing Premium Accounts the old conditions are in place (10 Gigabyte download per day), however, you can already make use and profit of the new TrafficShare model.
6. A further change is going to effect a small number of users that neither upload their files through a Premium- or Collector’s Account.
ATTENTION! Files that are stored completely anonymous can now only be downloaded 10 times. Thereafter an error message will appear.
7. With immediate effect the FileMigrator has been made available, enabling you to move any files between Accounts (Links Transfer to Premium Account | Transfer to Collector Account below file link in Premium/Collector Zones), namely with the following combinations: From Collector's to Collector's, from Collector's to Premium, from Premium to Collector's, from Premium to Premium. LinkLists can be transferred from Premium- to Premium Account. More information is available in the Collector's-Zone, and respectively in the Premium Zone.
1. In the future, the download volumes included in a Premium Account is going to be reduced from 10 Gigabyte a day to 80 Gigabyte a month, at continuous exact daily pro rata billing.
2. The sum of accumulated download-traffic is going to be reduced from 50 Gigabyte to 10 Gigabyte.
3. Personal web storage space is going to continue to be set to 500 Gigabyte.
4. Existing Accounts are not affected, aside that due to the change of 10 Gigabyte maximum accumulated traffic, no download volume can be transferred from one day to another.
5. For all existing Premium Accounts the old conditions are in place (10 Gigabyte download per day), however, you can already make use and profit of the new TrafficShare model.
6. A further change is going to effect a small number of users that neither upload their files through a Premium- or Collector’s Account.
ATTENTION! Files that are stored completely anonymous can now only be downloaded 10 times. Thereafter an error message will appear.
7. With immediate effect the FileMigrator has been made available, enabling you to move any files between Accounts (Links Transfer to Premium Account | Transfer to Collector Account below file link in Premium/Collector Zones), namely with the following combinations: From Collector's to Collector's, from Collector's to Premium, from Premium to Collector's, from Premium to Premium. LinkLists can be transferred from Premium- to Premium Account. More information is available in the Collector's-Zone, and respectively in the Premium Zone.
Today ma going to teach you something that even a basic person can do and understand...it is very simple...we are going to give your personal youtube video more views so its recognized more....
BE SURE TO take out EVERYONE OF THE *...just doing that for the html codes to show up
ok..first off...open note pad....and type this out...
Code:
<*me*ta *http-equ*iv="refr*esh" *conten*t="*5"*>
this code refreshes your page every second or two..make sure this is your first line....
now grab the embedded code for your youtube video...showed be on the right side under your account picture..copy and paste it under accouple spaces from the code above...
example:
Code:
<*obje*ct wid*th="42*5" heig*ht="3*44"><*par*am na*me="m*ovie" valu*e="ht*tp://www.yout*ube.co*m/v/REQRHdMRi*mw&hl=en*"><*/para*m><*par*am nam*e="all*ow*FullSc*reen" *valu*e="tr*ue"><*/p*aram><*e*mb*ed sr*c="htt*p://www.youtu*be.co*m/v/REQRHdM*Rimw&hl=en"*
typ*e="applic*ation/x-*shockwav*e-flash" *allowfull*scr*een="tr*ue" wi*dth="42*5" heig*ht="34*4"*><*/em*bed*>
ok..now we have the embedded code...so we are going to edit the code with on simple script...&autoplay=1...
so we find this section here
Code:
src="http://www.youtube.com/v/REQRHdMRimw&hl=en"
where at the end where the =en" is we add the &autoplay=1 to it...like this..
Code:
src=*"http://www.youtube.com/v/REQRHdMRimw&hl=en&autoplay=1"
ok..now your embedded code is edited....so we copy the whole embedded code...not the meta code at the top..it stays there...but the youtube code we just editted...paste it 5 times under it...
then we save this file as anything.html....and then click on it and if done correctly your browser should open up with the youtube videos all on the same page...your browser will refresh every second or two and each time it does you get that many more views....let it run over nite...or anytime you like and you will have thousands of views in no time...cuz every time it refreshes thats that many more views....
hope this helps everyone out...good luck...happy youtube hacking...have fun....
BE SURE TO take out EVERYONE OF THE *...just doing that for the html codes to show up
ok..first off...open note pad....and type this out...
Code:
<*me*ta *http-equ*iv="refr*esh" *conten*t="*5"*>
this code refreshes your page every second or two..make sure this is your first line....
now grab the embedded code for your youtube video...showed be on the right side under your account picture..copy and paste it under accouple spaces from the code above...
example:
Code:
<*obje*ct wid*th="42*5" heig*ht="3*44"><*par*am na*me="m*ovie" valu*e="ht*tp://www.yout*ube.co*m/v/REQRHdMRi*mw&hl=en*"><*/para*m><*par*am nam*e="all*ow*FullSc*reen" *valu*e="tr*ue"><*/p*aram><*e*mb*ed sr*c="htt*p://www.youtu*be.co*m/v/REQRHdM*Rimw&hl=en"*
typ*e="applic*ation/x-*shockwav*e-flash" *allowfull*scr*een="tr*ue" wi*dth="42*5" heig*ht="34*4"*><*/em*bed*>
ok..now we have the embedded code...so we are going to edit the code with on simple script...&autoplay=1...
so we find this section here
Code:
src="http://www.youtube.com/v/REQRHdMRimw&hl=en"
where at the end where the =en" is we add the &autoplay=1 to it...like this..
Code:
src=*"http://www.youtube.com/v/REQRHdMRimw&hl=en&autoplay=1"
ok..now your embedded code is edited....so we copy the whole embedded code...not the meta code at the top..it stays there...but the youtube code we just editted...paste it 5 times under it...
then we save this file as anything.html....and then click on it and if done correctly your browser should open up with the youtube videos all on the same page...your browser will refresh every second or two and each time it does you get that many more views....let it run over nite...or anytime you like and you will have thousands of views in no time...cuz every time it refreshes thats that many more views....
hope this helps everyone out...good luck...happy youtube hacking...have fun....
Ubuntu is a community developed operating system that is perfect for laptops, desktops and servers. Whether you use it at home, at school or at work Ubuntu contains all the applications you'll ever need, from word processing and email applications, to web server software and programming tools.
Ubuntu is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Ubuntu with your friends, family, school or business for absolutely nothing.
Ubuntu Company issue a new desktop and server release every six months. That means you'll always have the latest and greatest applications that the open source world has to offer.
Ubuntu is designed with security in mind. You get free security updates for at least 18 months on the desktop and server. With the Long Term Support (LTS) version you get three years support on the desktop, and five years on the server. There is no extra fee for the LTS version, we make our very best work available to everyone on the same free terms. Upgrades to new versions of Ubuntu are and always will be free of charge.
Everything you need comes on one CD, providing a complete working environment. Additional software is available online.
The graphical installer enables you to get up and running quickly and easily. A standard installation should take less than 25 minutes.
Once installed your system is immediately ready-to-use. On the desktop you have a full set of productivity, internet, drawing and graphics applications, and games.
On the server you get just what you need to get up and running and nothing you dont.
Here's the link through which u can order Ubuntu for free of cost.
CODE:
https://shipit.ubuntu.com/
So what r u waiting for???
Go and collect ur Ubuntu Cd for free
Ubuntu is and always will be free of charge. You do not pay any licensing fees. You can download, use and share Ubuntu with your friends, family, school or business for absolutely nothing.
Ubuntu Company issue a new desktop and server release every six months. That means you'll always have the latest and greatest applications that the open source world has to offer.
Ubuntu is designed with security in mind. You get free security updates for at least 18 months on the desktop and server. With the Long Term Support (LTS) version you get three years support on the desktop, and five years on the server. There is no extra fee for the LTS version, we make our very best work available to everyone on the same free terms. Upgrades to new versions of Ubuntu are and always will be free of charge.
Everything you need comes on one CD, providing a complete working environment. Additional software is available online.
The graphical installer enables you to get up and running quickly and easily. A standard installation should take less than 25 minutes.
Once installed your system is immediately ready-to-use. On the desktop you have a full set of productivity, internet, drawing and graphics applications, and games.
On the server you get just what you need to get up and running and nothing you dont.
Here's the link through which u can order Ubuntu for free of cost.
CODE:
https://shipit.ubuntu.com/
So what r u waiting for???
Go and collect ur Ubuntu Cd for free
MaCHAcK