Tuesday 23 October 2012

Cracking C-Panel Passwords




Cpanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. CPanel utilizes a 3 tier structure that provides capabilities for administrators, resellers, and end-user website owners to control the various aspects of website and server administration through a standard web browser.













So,we need  a cpanel cracking shell on that server to crack the passwords of the websites that are hosted on that server!!


Step 1

First we have to upload

cp.php cpanel cracking shell on that server to start our journey...!!

Step 2
Second thing we need, is the mother of this method!! Yes...we need Usernames of the websites and a Extremely capable password dictionary to crack!!

Now lets start...

Grab all the usernames of websites hosted on the website with the help these commands

1- "ls /var/mail"
2- "/etc/passwd"

Now you will see all the usersnames of the websites and the password list you have provided! Just press the "Go" button and just wait and watch your success!


If you have supplied strong enough password list then you will the a good response from the server ;) like this "Cracking success with username "ABC" with password "XYZ"

it will show you negative response like this "Please put some good passwords to crack username "ABC" :( "




Posted By: Anshuman kak A Script Kiddie from India
Posted by at No comments:

HSBC Recovers from the DDoS Attack, Anonymous Claims to Have 20,000 Debit Card Details.

Many HSBC customers were unable to log in to their internet banking accounts on Thursday, 18th of October. It has been stated that the problem started a little before 20:00 BST and lasted for around seven hours.

Later, an Anonymous hacker group named 'FawkesSecurity' took the liberty to announce that they were responsible for the problem that halted many HSBC account holders from accessing their accounts. The problem was a DDoS attack on the website itself. Which enabled them to steal details of 20,000 debit cards.


We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.
We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.
We apologise for any inconvenience caused to our customers throughout the world."
 







HSBC soon recovered from the attack and the security researchers came to the conclusion that the attack largely resulted from botnet networks of malware-infected PCs.

HSBC was quick to come out with an statement to reassure their clients that their sensitive data had not been exploited in the attack.


"On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.


In response to this statement, Anonymous tweeted that:

When HSBC said ''user data had not been compromised'' This isn't entirely correct. We also managed to log 20,000 debit card details.
It seems like Anonymous is bewildered on whether to prove to the world that they in fact do have the sensitive information that HSBC denies.

"Were debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho."



Darren Anstee, EMEA solutions architect team lead at Arbor Networks, said in reference to the attack:

�Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors. What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place." �

HSBC has fully recovered from the attack and its websites are working perfectly now after being restored, according to their statement on their official website,,,,,

------------------------------------------------------------------------------

On the other hand, there have been unconfirmed reports of a group known as Izz ad-Din Al Qassam being behind the attack. They have been responsible for over 9 attacks on various banks in the US of A as a part of their current campaign which is to have the Innocence of Muslims video removed from YouTube and the Web all over.

A part of Izz ad-Din Al Qassam's statement reads:

With a little searching, we still found the anti-Islamic offensive film on the Internet. Thus the chain of cyber attacks on U.S. banks will continue this week. These attacks will be done since Tuesday, 16 October until Thursday, 18 October 2012 in midday hours. We know that banks officials are concerned and waiting to see this time it is the turn of which banks. For making variation in operation, this time we give them the opportunity to understand whether they are listed or not.

We aren't sure who the real attackers are but according to the reports being received, RBS, Llyods TSB and Barclays banks are going to be next.


Regards: Anshuman Kak a Script Kiddie FRom India...

 Posted by: Sindhia Javed Junejo.

Posted by at No comments:

Saturday 13 October 2012

How Doxing help a Hacker in gaining Information..

Doxing comes from the word "Document".Basically Doxing is the process of gaining information of any person...The Websites used for dioxin is fb.com,pipl.com,in.linkedin.com/ etc. .........
The main goal of hacker in Doxing is to find the target�s email (if you don�t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has connected to some account you have online. On the flip side of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he�s done that, you�re in trouble
So,Always Hide Your Person Information On Any Social Networking Sites



Regards: Anshuman kak a Script Kiddie From India.






.


Posted by at No comments:

A Malicious Software(Ransomware) that Locks Your Computer


Modern Ransomware attacks had been first struck in Russia the center of most hackers living in the world. Later the curse flowed to other countries such as Australia, Germany and United States of America etc. How does it attack? It enters into the system through a downloaded file or a problem in a network device. Later when the program is run it would harm personally
Data on hard drives of a PC. The malware author is the only party that knows the needed private decryption key. Later when the files are encrypted the ransomware will force victim to pay the money in order to decrypt the files or enter the lock code. The method of this kind of payment is via wire transfer, premium-rate text messages, online payment voucher service (Ukash, Paysafecard). Furthermore, ransomwares are installed by visiting malicious websites or by Social Networking sites, or email message.



How To Mitigate?

 1) By keeping firewall on all the time.
2) Turning automatic updates on.
3) Scan your computer on a regular basis.

Regards: Anshuman Kak a Script Kiddie From India.


Posted by at No comments:
Subscribe to: Posts (Atom)