Dear Readers: HWS has recently started a new project for the students of engineering ====> The Engineering Projects


Write at HWS !!!

Guest Posting

How secure is your Computer ?

Check out your computer safety here . A lot of tools , tricks and hacks related to computer .

Blogger Tips and Tricks

A Lot of tips ,tricks and hacks related to blogger . Seo tricks to get maximum targetted traffic to your blog.

Easy ways to Earn Online

Online earning is not so difficult but it needs a lot of patience and hardwork. Here are some techniques to earn money through internet.

Facebook Tricks

A lot of facebook tips , tricks and hacks.It requires a lot of time but reading is must.

Pro Hacking

If you have knowledge about basic techniques then try this,but be careful as it is highly toxic.

Tuesday, July 24, 2012

Basics about Shell Uploading

I am sure many have you have read about "Hacked / Defaced with shells", So I am pretty sure that the first thing that comes to your mind is "What the heck are these shells?" . So this article would give you complete idea about shells and its use.

I will soon write about "RFI, LFI" which are somewhat connected with shells. Meanwhile, keep playing with it and learn more. As without practice you won't get anything.

Difference between FTP & Shells:

Many times I see that some of us know how to use the shell but once they have uploaded they get confused. So to start with, Let me give you some information about FTP:
  • File Transfer Protocol
Whenever you want to open your website, the first thing you will do is to get some web hosting for your self. That cud be either free or paid. When your get your hosting services, you create a website on your computer first and then upload it to your hosting server so it becomes a World Wide Web. This process of uploading the documents from your computer to your hosting server is done through FTP [File Transfer Protocol]. It basically looks like a program with 2 columns, one column shows your computer files and another shows your servers files. Just like when you copy the stuffs from some USB drive to your computer. So here, I will show you an example is how you would connect if you own example.com. So when you want to connect your self to your web hosting server, following information is required in order to authenticate yourself:

Server : ftp.example.com
Username: XEO
Password: whatever

So, once you put in this information, server understands that you are XEO and gives you access to all the files on the server so you can work on it.
  •   Shells
Since you understand the FTP now, we know that none of us will get access to Go4expert's server because we don't have the username and password authenticate yourself. Somehow we can manage to get the access to G4E's FTP we can easily remove/edit/replace files. So we can destroy this entire forum and upload our own stuffs. That is when shells comes into the picture. Shells are a malicious PHP files which you will need to upload to any website, and once you execute it you will get access to its server directly WITHOUT authenticating your self.
  • Moral of the Story:
I wrote the difference between FTP and shells so that you guyz can understand it, because lots of people tends to get confused between them. So again to make it clear, you can following thing:
FTP is a protocol that lets you connect your computer to your hosting server so that you can upload/edit/delete/replace your files. Since we wouldn't have the username & password to connect to any website's ftp, thats why we will use the SHELL to get access. SO SHELL IS NOT FTP BUT IT GIVES YOU ACCESS TO THE HOSTING SERVER.
  • Funny Incidents:
Let me tell you guyz why i gave time to write this much about FTP in this article.I remember i saw couple of threads which said following thing:

"Hi guyz, i managed to hack my 1st website today! YAY, I am really happy! But theres only 1 problem, i uploaded the shell and ran it and it worked fine. The only problem is i dont have access to FTP."

Y0, i hacked a website today, uploaded a shell and it worked fine, now i am trying to get access to FTP
  • Main Logic
Shell is not a tool that you can run and complete your work. As I said, its just a normal ".php" file, you have to find a way in any website to upload that shell. The Idea is, you upload the shell to any website so it will be saved on their server and it will give you the access to it.

Phase 1 : Uploading a shell:

Suppose you want to hack "something.com". So the first thing that you will do is, open up "something.com", and try to find some place from where you can upload the files on the website. There are many such places for example, "file uploads, avatars, resume upload, cooking recipe uploads, upload your photo". So these are the places which will give you an opportunity to upload your shell. All you have to do is, try to upload the shell.php which is located in your computer and click on submit. So suppose you went to the webpage "something.com/submit_resume.php" and you uploaded your resume.

Phase 2 : Executing your uploaded shelll:

Once we have uploaded the shell as shown in "Phase:1", we know that its sitting on the server. The only thing we need to do now is to execute the shell from a browser so we get access to it.
  • Example:
So suppose i uploaded my shell as an attachment in any thread. SO now that attachment is sitting on that thread's server. Now if we want to executive it, we will use following URL:

Code: http://www.something.com/forums/attachment.php?attachmentid=456&d=1249607339

So that is the DIRECT url to the attachment which is called EXECUTION. In the same way if you execute your shell, it will take you to a webpage where you will see everything thats on the server. And you will have FULL ACCESS to remove/edit/replace/delete the files. So you are another XEO !

Phase 3 : Defacing:

Defacing is a word which means "replacing the current index file with our own index with our motive and slogan on it". So once you have access to the server, you are the king
  • Different types of shells:
There are many shells available, most of them are public and some of them are private. Most of them does the samething to give you the access of the server. "c99, r57, b0yzone, j32" are some very common and easily available shells.
  • Where do I get them from?
The best way is Google search with "inurl:c99.txt". You can replace c99 with r57, j32 or anything else.

Important Piece of advice

I would suggest you to download WAMP SERVER, which lets you make your own server on your comptuer. And then try to use shells on it. Which will help you avoid hacking in live environment. Because, if webmaster is smart then, he can simply check the logs for that shell fine and track down your IP which executed the shell. Then you might be in problem.

Thanks for your time to read the article . Hope you liked it . PEACE!

Monday, July 23, 2012

Use Facebook in Hackers's Language "1337"

Hey guys howz you all. Today I am going to share this news, every hacker loves the 1337 decoding language atleast most of the hackers do. So, if you Love 1337 then its a Good News for you, Facebook officially Launched H4X0R's Language (Hackers) 1337 (leet speak).

I really enjoyed while using it and it yours chance to give it a try and do let me know how's you find it. I think Facebook is now finally doing some kool changes after that shitty timeline. 

How to apply 1337 On your Facebook ?

  • Login to your Facebook account
  • Goto account setting
  • Search for language Option
  • Now set it to "Leet Speak"
  • You've done !
 If you want to use Facebook in your old language then set it to English (US) again and enjoy :)

Thursday, July 19, 2012

How to Earn Money from a Hacking Blog

Of course adsense is Good revenue Program For Blog & websites, but you can't use adsense on your hacking blogs, even you having lot of traffic on your blog. because its againest adsense's TOS, adsense doesn't allow Hacking contest. but don't worry you can earn money online by your hacking Blog using others ways.



 

Infolinks

  • Infolinks is a Good  Pay Per Click Advertising program for blogs, you can use it on your information security & hacking Blogs ! infolinks provides “in-text advertising”, search widget, Tags cloud, releted tags etc !

VgLink Advertising Program

  • Some days ago i heard about Vglink and i started using it. vglink is also “in-text advertising” program, you can install it easily on your wordpress & blogger blogs. Signup For Vglink 

Direct Advertising

  • Contact advertisers and Publish Thier banners etc on your website/ blog, you can add "advertise here" banners on your blog to sell the place for Advertisement. you can also try buyselladds for direct advertisement. 
  • As you can see above my posts there you will find this image , if you want your add to display there you can contact me.


placeyouradhere23.jpg (125×125)

Paid Reviews

  • Paid reviews can boost your earnings, you need to post review of any tool, software, website or any product. Its a Quick way of make money online !!!
  • You can see one such post here .

Write and Sell E-Books

  • If you got Good skills in information security & Hacking you can write and sell own e-books, make it attractive and sell via amazon, ebady and your blog/website.
  • I have written two books which are open rite now but I am thinking of binding them and publish them online. I will tell you the way how to do it in my coming posts.

Paid serivces

  • You can start own services, its depends on your skills, like i'm Good in SEO and blog designing so i'm running this Paid Web Designing and SEO service, for example see this blog which I have designed .

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 

Recent Posts

Join Me On Facebook

700+ Followers

Followers


meet women in Ukraine contatore visite website counter
DMCA.com

Recent Comments

Follow Me On Twitter

1112+ Followers