Latest: Hack Facebook Password! | Wants To Hack CellPhone | Trace Mobile Number(only US) ! | New : Best FUD Keylogger!

Featured Posts

hack mobile

Sunday, December 25, 2011

Password Hacking : How To Spread Your Viruses Successfully Over Internet

Comments Posted by wildrank on Sunday, December 25, 2011
As we had discussed about How to hack email account password using keylogger Rats ect in my previous articles on wildhacker. Today i am writing article on "How To Spread Your Viruses Successfully Over Internet".

In this tutorial I will show you how to spread your trojans/viruses etc over internet. I will show you many methods, and later you choose which one you are going to use.

hack facebook


You might be interested in some of our other articles:
Don’t forget to Subscribe to our RSS feed

Email Password Hacking Software To Hack Hotmail/Gmail etc..

What Is Spreading?

Spreading is the way of your trojans/programs/viruses circulates around the Internet. The point of spreading is to put something hard to find, which people like it. It's about what all people want, but don't have it yet. Well the goal of spreading is to get more victims to your RATs/Keyloggers whatever.

Getting started

Well, to spread you will need a software/keylogger to create trojans/viruses etc.

Some good softwares to create trojans/viruses:
Ok, now the main part if you want your spread to be successfully is to make your viruses FUD by AVs. To make your viruses FUD use a binder or crypter. Most of public binders and crypters, are detected even if they are FUD will be detected soon, so the best way is to use a private stub, and it will stay longer FUD.

Hint for begginers [If you already know this, skip this part]:
A Crypter is a programs that makes other programs UD or FUD by encrypting them.
A Binder is a program that makes other programs UD or FUD by binding them with another file.
UD means undetected, so only a few antivirus programs detect it. FUD means fully undetected, so no antivirus detect it.

How and where to spread ?

Well guys, this is the part who all were waiting for. I will show you a few methods how to spread you viruses and trojans.

1. Omegle

Omegle is a brand-new service for meeting new friends. When you use Omegle, we pick another user at random and let you have a one-on-one chat with each other. Chats are completely anonymous, although there is nothing to stop you from revealing personal details if you would like. You can use Omegle auto spreader while you sleep or when you are free.

Download Omegle Spreader here...

2. YouTube

YouTube is a video sharing website on which users can upload and share videos. Make a 'short' video, no longer than 30 seconds or a minute. In the description, make a short tutorial on how to use the program or the keygen you binded your virus with, add the features of the program and put a download link of your virus. Take a picture as proof aswell, that will make people trust your virus more. Make sure you use a good file hosting, because for example rapidshare won't let them download it first time, so people will get bored and won't download. I use multiupload, awesome host and allows you to see the downloads aswell.

3. Garena

Garena is a free multifunction game platform that allows gamers to interact, organize matches, and play their favorite games online with tens of millions of players. First download Garena client from HERE. After you download Garena install it, and open it. You'll need Garena account, you can create one in 30 seconds. Ok, people in Garena are really stupid and will download your viruses for sure if you make it looks real! You can bind your virus with War3 MapHack, you can find here HERE, or use other hack tools depens which rooms you are going to spread. Ok, after binding your file go to each room and enter you download link. Example of how I do it; "www.multiupload.com/239h8hfsdf - Free MapHack , EXP Hack , Ladder Win , and more!" and I get 500 downloads per day.

4. Forums

This is a really great method and you'll get a lot of downloads everyday. First of all you'll need Multiposter Ultimate Version (Recommended), or you can use the trial one which is limited with 10 forums only.

Here's a download link of the trial version, http://www.multiupload.com/NX5JKHH52G

Ok, if you are going to buy the full version, you will need forum list. Here's a collection of forums http://www.multiupload.com/GZ6DEXDOK2 , you can use google for more and remember the more the forums are, the more are the downloads. You will need templates, you can download from here http://www.multiupload.com/GE5GCY1OIQ or search Google for more! Now you have to register to the forums, I know it's boring but you have to. To get rid of it, use Roboform which you can get it from http://www.Roboform.com. Install it and open it, and start registering. Ok, after everything is done, start posting things like WinRAR, Crack versions of programs, etc. To get more downloads use screenshot of the program in the thread. If you have troubles with screenshots, download "Icsnap" from HERE. It is a useful tool, which upload pictures images from your desktop to imageshack, directly. Ok , now download "Easy Post creator", it's a useful tool aswell which saves your posts. You can download it from HERE.

Now you can save your posts, and you don't have to rewrite them twice just copy them from Easy Poster and post them in other forums.

5. Torrents

Torrent is a small file (around few kilobytes) with the suffix .torrent, which contains all the information needed to download a file the torrent was made for. You can use public torrents such as:
You can find a list of top 100 downloads for windows applications here:

http://thepiratebay.org/top/301

Or, you can use private torrents , they are the best because people are trustworthy there.

6. Facebook

Facebook is a social utility that connects people with friends and others who work, study and live around them. You can use facebook for spreading your viruses asweel. Join some groups and upload your virus to any hosting website, and tell them that this is a private photo viewer or something like this, and they will trust you.

7. mIRC

The most popular shareware IRC chat client for Windows. You can use it to spread you viruses, join any network and start spamming with your links in all channels saying free psyBNCs, Eggdrops etc, most of people will download it, depens which network you will use, some networks are made for gamers etc.

So friends, I hope you will like this
How To Spread Your Viruses Successfully Over Internet Tutorial....
If you have any problem in above How To Spread Your Viruses Successfully Over Internet Tutorial, please mention it in comments section. Comments, suggestions and ideas are welcomed.If you have other methods let me know, I will add them. :)

Enjoy Email Hacking ........


Wednesday, December 7, 2011

Free Wupload, Filesonic, Hotfile, Megaupload Premium Link Generator

Comments Posted by wildrank on Wednesday, December 07, 2011
Hello Guys, After my so many post on How To Hack Website. Today i am sharing this one more premium link generator site for Wupload, Filesonic, Hotfile, Megaupload, It also provides premium cookies for above site which you can use to download unlimited data from Wupload, Filesonic, Hotfile, Megaupload website with high speed like premium accounts.

Most of the users asked me about how to download unlimited from Wupload, Filesonic, Hotfile, Megaupload with high speed without having premium account. So friends this post is for you, by using these premium link generators or using premium cookies you can download unlimited from Wupload, Filesonic, Hotfile, Megaupload for free without any time limitations and with high speed...

Wupload, Filesonic, Hotfile, Megaupload premium link generator

You might be interested in some of our other articles:
Don’t forget to Subscribe to our RSS feed

Wupload Premium Link Generator :

Step 1: First of all go to the Wupload premium link generator website. (click here to visit website)

Wupload premium link generator
                            
                                                     Wupload Premium link generator

Step 2: Now copy your Link in the text box and click on Submit.

Step 3: You will get Premium Wupload Download link bellow submit button.

Step 4: After that login into Wupload free account and use that link to download file as premium user.

Note : Use Internet Explorer or Mozila Firefox Browser.

Step 5: That's all..


Monday, December 5, 2011

Website Hacking : The Cross-Site Request Forgery (CSRF/XSRF) FAQ

Comments Posted by wildrank on Monday, December 05, 2011
Hello friends. In my previous article I have written about The Cross-Site Request Forgery (CSRF/XSRF) on WildHacker. Today I wants to clear some basic problems or question of readers about The Cross-Site Request Forgery (CSRF/XSRF. So I am writting this article for such readers to help them sort out their Cross-Site Request Forgery (CSRF/XSRF) related problems.

I was just going through comments made by you guys and noticed some readers left unanswered or they were not convinced by me. So, here are answers to some of commonly asked questions about the Cross-Site Request Forgery (CSRF/XSRF).


You might be interested in some of our other articles:
Don’t forget to Subscribe to our RSS feed

The Cross-Site Request Forgery (CSRF/XSRF) FAQ

What is Cross Site Request Forgery?
Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: http://site/stocks?buy=100&stock=ebay) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. Typically an attacker will embed malicious HTML or JavaScript code into an email or website to request a specific 'task url' which executes without the users knowledge, either directly or by utilizing a Cross-site Scripting Flaw. Injection via light markup languages such as BBCode is also entirely possible. These sorts of attacks are fairly difficult to detect potentially leaving a user debating with the website/company as to whether or not the stocks bought the day before was initiated by the user after the price plummeted.

Who discovered CSRF?
In the 1988 Norm Hardy published a document explaining an application level trust issue he called a confused deputy. In 2000 a post to bugtraq explained how ZOPE was affected by a confused-deputy web problem that we would define today as a CSRF vulnerability. Later in 2001 Peter Watkins posted an entry on the bugtraq mailing list coining the CSRF term in response to another thread titled The Dangers of Allowing Users to Post Images.

What can be done with CSRF?
Most of the functionality allowed by the website can be performed by an attacker utilizing CSRF. This could include posting content to a message board, subscribing to an online newsletter, performing stock trades, using an shopping cart, or even sending an e-card. CSRF can also be used as a vector to exploit existing Cross-site Scripting flaws in a given application. For example imagine an XSS issue on an online forum or blog, where an attacker could force the user through CSRF to post a copy of the next big website worm. An attacker could also utilize CSRF to relay an attack against a site of their choosing, as well as perform a Denial Of Service attack in the right circumstances.

Is CSRF and Cross-site Scripting the same thing?
Cross-Site Scripting exploits the trust that a client has for the website or application. Users generally trust that the content displayed in their browsers was intended to be displayed by the website being viewed. The website assumes that if an 'action request' was performed, that this is what the user wanted and happily performs it. CSRF exploits the trust that a site has for the user.

What are common ways to perform a CSRF attack?
The most popular ways to execute CSRF attacks is by using a HTML image tag, or JavaScript image object. Typically an attacker will embed these into an email or website so when the user loads the page or email, they perform a web request to any URL of the attackers liking. Below is a list of the common ways that an attacker may try sending a request.

HTML Methods

IMG SRC
<img src="http://host/?command">

SCRIPT SRC
<script src="http://host/?command">

IFRAME SRC
<iframe src="http://host/?command">
JavaScript Methods

'Image' Object
<script>
var foo = new Image();
foo.src = "http://host/?command";
</script>

'XMLHTTP' Object (See "Can applications using only POST be vulnerable?" for when this can be used)
IE
<script>
var post_data = 'name=value';
var xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
xmlhttp.open("POST", 'http://url/path/file.ext', true);
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4)
{
alert(xmlhttp.responseText);
}
};
xmlhttp.send(post_data);
</script>

Mozilla
<script>
var post_data = 'name=value';
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST", 'http://url/path/file.ext', true);
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4)
{
alert(xmlhttp.responseText);
}
};
xmlhttp.send(post_data);
</script>

Many other ways exist in HTML/VBScript/JavaScript/ActionScript/JScript and other markup languages to make the users browser perform remote requests.

Is this vulnerability limited to browsers?
Absolutely not. An attacker could embed scripting into a word document, Flash File, Movie, RSS or Atom web feed, or other document format allowing scripting. Applications utilizing XML documents use XML parsers to quickly parse through data. Certain tags within an XML document may tell the XML parser to request additional documents from a URI. Browsers will be the dominant way to execute these attacks but aren't the only way.

Can applications using only POST be vulnerable?
Yes. An attacker could craft a web form on site A and using JavaScript auto submit the form to a target location of Site b. If the application containing the CSRF payload uses a browser component that runs in the local zone, then sending remote POST requests to any website is possible using XMLHTTP or similar objects.

There's another way to attack a website using purely POST based parameters, however this depends entirely on how the web application was developed. Popular web based libraries such as Perl's CGI.PM module allow a developer to fetch a parameter without caring if it came in through a GET or POST request. As is the case with certain usages of CGI.PM, POST requests can be converted to GET by the attacker and the application action will still be performed. Below is an example.

Perl's CGI.PM
------------------------------
use CGI qw(:all);
$value = param('foo');
print "Content-type: text/html\n\n";
print "The 'foo' parameter value is $value\n\n\n";
------------------------------
This script allows either a GET or POST request to be sent the application. This is not limited to Perl and can affect any language depending on the library they are using, or way the application was developed. If you are using CGI.pm and want to prevent GET requests one way is to perform a request method check before executing the rest of your code using '$ENV{'REQUEST_METHOD'}'. Below are the most common ways to fetch a parameter by language, that allow for either GET or POST requests to be sent.

JSP Example
Commonly Used: request.getParameter("foo")
Solution: Check the HTTP Request method and see if it is using POST before performing the requested action.

PHP Example
Commonly Used: $_REQUEST['foo']
Solution: Use $_POST['foo'] instead to specify POST Only.

ASP.NET Example
Commonly Used: Request.Params["foo"];
Solution: Use HTTPRequest.Form (Request.Form) which grabs POST only.
Converting actions to POST only is not a solution to CSRF, but should be implemented as a best practice. See "What can I do to protect my own applications?" for a more comprehensive solution.

How do I detect if a website is vulnerable?
If your website allows performing a site function using a static URL or POST request (i.e. one that doesn't change) then it is possible. If this command is performed through GET then it is a much higher risk. If the site is purely POST see "Can applications using only POST be vulnerable?" for use cases. A quick test would involve browsing the website through a proxy such as Paros and record the requests made. At a later time perform the same action and see if the requests are performed in an identical manner (your cookie will probably change). If you are able to perform the same function using the GET or POST request repeatedly then the site application may be vulnerable.

Can CSRF be prevented by implementing referrer checking?
No for two reasons.
First there are many ways that a Referer header can be blanked out or modified such as via web filtering software, parental control software, privacy software, proxies, or DOM trickery. This makes the referer header unreliable by nature.

Second Referer headers can be spoofed using XMLHTTP and by using flash as demonstrated by Amit Klein and rapid7. While these particular methods have been patched by the vendors, not every user visiting your website has applied these patches. Even if they did the first issue would still exist.

Has a vulnerability in a major site been discovered?
A vulnerability in GMail was discovered in January 2007 which allowed a attacker to steal a GMail user's contact list. A different issue was discovered in Netflix which allowed an attacker to change the name and address on the account, as well as add movies to the rental queue etc...

What can I do to protect myself as a user?
Nothing. The fact is as long as you visit websites and don't have control of the inner architecture of these applications you can't do a thing. The truth hurts doesn't it?

What can I do to protect my own applications?
The most popular suggestion to preventing CSRF involves appending non predictable challenge tokens to each request. It is important to state that this challenge token MUST be associated with the user session, otherwise an attacker may be able to fetch a valid token on their own and utilize it in an attack. In addition to being tied to the user session it is important to limit the time period to which a token is valid. This method is documented in multiple documents however as pointed out in mailing list postings an attacker can utilize an existing browser vulnerability or XSS flaw to grab this session token.

This is most common question of most of the readers about The Cross-Site Request Forgery (CSRF/XSRF).

I hope now, you will have most of your doubts about The Cross-Site Request Forgery (CSRF/XSRF) cleared. This article is meant only for you. If you still have problems in The Cross-Site Request Forgery (CSRF/XSRF), don't hesitate to ask me in comments.

Enjoy HaCkInG...


Sunday, December 4, 2011

Website Hacking : Cross Site Request Forgery (CSRF/XSRF) Tutorial Part 4

Comments Posted by wildrank on Sunday, December 04, 2011
In my previous articles on wildhacker I wrote about How to find a vulnerable Website? , Basic information of website hacking and XSS Tutorial. Today i am writing this Part 4 article on "Cross Site Request Forgery Tutorial For Website Hacking".Today in this article, I am going to teach you how to hack website using CSRF/XSRF attack.

If you have not read part 1 and part 2, I strongly recommend you read both my articles for learning more about Website Hacking....

Basic Information About Website Hacking Part 1


How to find a vulnerable Website?? Part 2


Basic XSS Tutorial For Website Hacking Part 3

website hacking

You might be interested in some of our other articles:
Don’t forget to Subscribe to our RSS feed

Cross Site Request Forgery Website Hacking Tutorial

What is it?

CSRF attack we can to send a fake request from the browser of the user, and thus enter to site with the permission of the user and maintain interact with the site like the script is the user himself.

CSRF is commonly used to confirm something without the users the awareness, so for example, lets say Bob has an account on webbhosting.com, and Josh wants this account completely removed from the DB, this can be done by the user himself, but others can't remove his account except the ones with appropriate permissions. So lets say the link to remove an account was:

Code:

This can be included in a IMG file, such as:

Code:

You can trick people to go to the link by saying its pictures, a download, etc, etc.

I would also recommend that you encode the action that is being performed via:

meyerweb.com

Prevention:

When you get links sent by people you don't know very well, just use the view-source: function in FF. Another prevention is to add a token via:

Code:

You can also use this to force the administrator to spit logs on the server (in this case a SQL backup) most of these aren't chmod'd, robots.txt'd, so within a few days you can use this to locate the database:

Code:
Code:
etc

I'd recommend using base64/URL encode usage using a ?refer / ?redirect / XSS vulnerability on their site, you can use this to redirect to the dumpfile that will spit the backup log on the site, once clicked by the administrator you're goal is reached.

Example :

A great example of using on CSRF, is bank site after the user connects to site created cookies on his computer(Role of the cookies is save the data).

From this moment any action performed from the user browser approved by the site system. Here comes in the AJAX technology, with the AJAX we can to send request(packet request) performed by the browser itself.

This means all the cookies and sessions of the user sent with the request(Unlike server-side language) So if there is a form that is used on bank site to money transfer.

We can send POST request to a form using AJAX and the request is approved by the site system, because all the cookies of the user browser sent with the AJAX request

Example for CSRF exploit

html:
Code:

php:
Code:

What's the risk here?, as you can see the php script check if it's valid cookies and without additional filtering operation approved the transfer.
This means that if we have the cookies we need only to send fake request to system with the cookies of the user and the system is approved the transfer.

AJAX:
Code:

As already explained, requests sent AJAX are sent from the browser itself so we do not have to worry about to get the cookies of the user.
So even though we sent only the POST in the request sent to the server you'll see something like this:

Code:

Once returned from the server 200(request was received successfully) transferred $100 from the user account to account number 0123456789.
And so the CSRF attack works........

Limitations :

Several things have to happen for cross-site request forgery to succeed:

  1. The attacker must target either a site that doesn't check the referrer header (which is common) or a victim with a browser or plugin bug that allows referrer spoofing (which is rare).
  2. The attacker must find a form submission at the target site, or a URL that has side effects, that does something (e.g., transfers money, or changes the victim's e-mail address or password).
  3. The attacker must determine the right values for all the form's or URL's inputs; if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
  4. The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site.
Note that the attack is blind; i.e., the attacker can't see what the target website sends back to the victim in response to the forged requests, unless he exploits a cross-site scripting or other bug at the target website. Similarly, the attacker can only target any links or submit any forms that come up after the initial forged request, if those subsequent links or forms are similarly predictable

So friends, I hope you will like this
Cross Site Request Forgery Tutorial For Website Hacking....
If you have any problem in above Website hacking Using Cross Site Request Forgery Tutorial, please mention it in comments section.

Enjoy Website Hacking ........


 
  • Gmail Hacking

    Wants to hack Gmail a/c password ? Learn best way to hack Gmail password..

  • Jailbreak Iphone/iPad

    Jailbreak your Iphone or iPad to give it more functionality free of cost...

  • Facebook Hacking

    Wants to hack Facebook password? But Don't Know Where to Start? Learn here......

  • MAC Keylogger

    Learn how to hack emails account password on MAC OS using keylogger....

  • Mobile Hacking

    Monitor mobiles,Records the activities of anyone who uses iPhone, BlackBerry....

Disclaimer

ALL INFORMATION / TUTORIALS WRITTEN ON WILDHACKER.COM ARE FOR EDUCATIONAL PURPOSES ONLY, THE SITE WILDHACKER.COM IS NOT RESPONSIBLE IN ANY WAY FOR HOW THIS INFORMATION IS USED, YOU USE IT AT YOUR OWN RISK. YOU MAY LEARN ALSO HOW TO GET YOUR OWN ACCOUNT BACK FROM ALL THIS INFRORMATION.

Recipes

Unlock Iphone Website Hacking

Facebook Hacking Keylogger

Unlock Blackberry Unlock Modem

Gmail Hacking Hack Yahoo

Hotmail Hacking Remote Hacking

Traffic / Ranking

Powered by:

Wild Hacker © 2012. All Rights Reserved | Contact | Bloggers.com