SYSTEM&WEB HACKING

Thursday, April 11, 2013

How to find Admin Login Page of a Website ??


There are many ways to find admin page of a website but most of the users are failing to find it .

Here we are discussing some basic and advance effective ways to find the admin page of a website

1.       Adding URL
 This is the first and easiest method to find admin login page. You can add some words after the URL. 
  • www.site.com/admin 
  • www.site.com/administrator 
  • www.site.com/login 
  • www.site.com/wp-login.php
  • www.site.com/admin.php


2.       Using various scripts
 You can use various scripts like various admin finder to get the admin page.Here I am showing you an useful scripts which will help you to get the admin page. To run this script you first need to install Active Perl.get it from http://www.activestate.com/activeperl/downloads

 Now copy the code of http://pastebin.com/WWZszURW and save it as anything.pl and run the script to get the login page of the desired site.

3.       Crawling software 
You can use various crawling tool to crawl the website and get the login page. These website crawl all the pages of the website and show the list of all pages and directories

4.       Robots.txt 
By default various search engines crawl the entire site and by using robots.txt the site owner actually gives the list of links that are not to be crawled by the engine.Now most of the time the admin ask the engine not to crawl the admin page so if you view the robots.txt you can get the link to the login page. 
www.site.com/robots.txt

5.       Google dork 
You can use google dorks to get the login page.some of the dork that you can use are
  • Site:site.com “admin” 
  • Site:site.com inurl:login 
  • site:site.com intitle:"admin login"

6.       Online 
There are few websites that can help you in finding admin login pages. You can use the site http://sc0rpion.ir/af/ to find login page online


7.       Havij 
At last you can use the all time popular Havij to find admin page. Havij is a popular SQL injection tool that has an option to scan and search for admin login pages.
http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/

Info : Deepanker Verma

Wednesday, February 13, 2013

Cobalt strike

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses?
This week's Cobalt Strike adds the ability to manage multiple attack servers at once.
 distops2
Here’s how it works:

When you connect to two or more servers, Cobalt Strike will show a switchbar with buttons for each server at the bottom of your window. Click a button to make that server active. It’s a lot like using tabs to switch between pages in a web browser.

To make use of multiple servers, designate a role for each one. Assign names to each server’s button to easily remember its role.

distss

Dumbly connecting to multiple servers isn’t very exciting. The fun comes when you seamlessly use Cobalt Strike features across servers. For example:

Designate one server for phishing and another for reconaissance. Go to the reconaissance server, setup the system profiler application. Use the phishing tool to deliver the reconaissance website through the phishing server. This is easy to do because Cobalt Strike’s phishing dialog lets you embed a site from any server you’re connected to.

distops_phase1
Web drive-by exploits are especially interesting. Clone a website and embed an exploit on one server. Set the embedded exploit to reference a Beacon listener on another server. When a vulnerable user visits this site, their system will start beaconing to the beacon server.

distops_phase2
This is trivial to do because Cobalt Strike will let you setup an attack that references a listener on any server you’re connected to.

distlistener 
Distributed operations has its drawbacks. Each penetration testing server is a silo with a limited picture of the engagement. Cobalt Strike makes great strides to solve this problem. When you ask for a report, Cobalt Strike queries each server you’re connected to, combines the data, and generates one report. For example, if you send a phishing attack from one server and it references a site on another server, Cobalt Strike will cross-reference the information from both servers and present a coherent picture of the social engineering engagement.

Are you curious what all of this looks like? Watch the video:


This distributed operations capability is in today’s Cobalt Strike update. Grab a 21-day trial to try it out. Licensed users may update Cobalt Strike with the included update program. See the releasenotes.txt file for a full list of changes in today’s update.

Enjoy.


currency : blog.strategiccyber.com

Friday, September 21, 2012

.bat code for shutdown a computer

type in notepad

@echo off
msg * I don’t like you
shutdown -c “Hahahah You are Doomed” -s

save it as hckr333.bat