How to Install Windows 10 on Your PC

Want to install Windows 10 on your own PC? We’ve got you covered with the instructions, although it’s just like installing any other version of Windows.
 

 For more on Windows 10, read our brief announcement post with some of the details.
You should not install Windows 10 on your primary PC. Use a test computer or a virtual machine.

• Step 1: Join the Windows Insider program and download the Windows 10 ISO image
• Step 2: If you are installing on a regular PC, Burn it to an optical disk or create a bootable USB flash drive. Otherwise, just attach the ISO image using the virtual machine software of your choice.
• Step 3: Install it mostly by clicking the Next button.

For posterity, here are all of the installation steps, although you could just remember the word “Next” and get through it fine.
When you first boot the computer you’ll see a screen like this one:

Click Next and you’ll be taken to the Install now button screen. Which obviously you should click.

At this point you can choose whether you want to upgrade Windows or install a new custom install. Since we’re recommending that everybody install into a virtual machine or on a test PC, you should select Custom

Read More

How to install Windows 10 Technical Preview in VirtualBox

Do you want to take a closer look at the Windows 10 Technical Preview, but you don't want to disrupt your current computing environment with what is essentially an incomplete and potentially unstable operating system? If, so you're in luck, because you can do so quite easily and without any fear by installing the Windows 10 Technical Preview in an Oracle VM VirtualBox virtual machine. In this article, I'll show you how.

Get the Technical Preview

To get the Windows 10 Technical Preview, which is available as an ISO file, all you need is a Microsoft Account and an internet connection. To get started, go to the Windows Technical Preview site and read through the information. When you're ready, click the Get Started button, sign in with your Microsoft Account to join the Windows Insider Program, and then follow the steps to go to the download page (Figure A). Next, download the appropriate ISO file to your hard disk.
Figure A

You'll need a Microsoft Account to join the Windows Insider Program.

Traditionally, you'd have to burn the ISO to a DVD. However, with VirtualBox, you don't have to, because the program can mount an ISO and run the installation just like it was on optical media.

Get VirtualBox

Fortunately, the Oracle VM VirtualBox package is provided free of charge. You just need to download it.
To get the Oracle VM VirtualBox, just go to the Download VirtualBox page and select the Windows version. Once you have it, the VirtualBox installation procedure involves following along with the Setup Wizard (Figure B). Of course, there are multiple steps, but the procedure is fairly straightforward.
Figure B

Read More

How to Clone Any Website Using HTTrack

Welcome back, my hacker novitiates!
Recently, I demonstrated a hack where you could redirect traffic intended for one site, such as bankofamerica.com, to your fake website. Of course, to really make this work, you would need to make a replica of the site you were spoofing, or better yet, you could simply simply make a copy of the original site and host it on your own server!
HTTrack is just the tool for doing that.
HTTrack takes any website and makes a copy to your hard drive. This can be useful for searching for data on the website offline such as email addresses, information useful for social engineering, hidden password files (believe me, I have found a few), intellectual property, or maybe replicating a login page for a Evil Twin site to capture login credentials.
Unfortunately, HTTrack is not included in Kali, so we will need to download and install it. Fortunately, though, it is included in the Kali repository, so all we need to do is open the software repository and download and install it.
HTTrack comes in both a Windows and a Linux version. For those of you who refuse to take off the training wheels, you can download and install HTTrack for Windows on its website.

Step 1: Download & Install HTTrack

From Kali, we need to navigate to "System Tools" and then "Add/Remove Software," like in the screenshot below. 

That will open a screen like the one below. Notice the window in the upper left-hand corner next to the "Find" button. Enter "httrack" there and it will find the packages you need to install HTTrack.

You can also install it by typing the following in a terminal.

• kali > apt-get install httrack

Step 2: Use HTTrack

Now that we have installed HTTrack, let's start by looking at the help file for HTTrack. When you downloaded and installed HTTrack, it placed it in the /usr/bin directory, so it should be accessible from any directory in Kali as /usr/bin is in the PATH variable. Let's type:

• kali > httrack --help

I've highlighted the key syntax line in the screenshot above. The basic syntax is the following, where -O stands for "output." This switch tells HTTrack where to send the website to.

• kali > httrack <the URL of the site> [any options] URL Filter -O <location to send copy to>

Using HTTrack is fairly simple. We need only point it at the website we want to copy and then direct the output (-O) to a directory on our hard drive where we want to store the website. One caution here, though. Some sites are HUGE. If you tried to copy Facebook to your hard drive, I can guarantee you that you do not have enough drive space, so start small.

Step 3: Test HTTrack

In an earlier tutorial on hacking MySQL databases behind websites (MySQL is the most widely used database backend behind websites), we used a website that we could hack with impunity called webscantest.com. Let's try to make a copy of that site to our hard drive.

• kali > httrack http://www.webscantest.com -O /tmp/webscantest   

As you can see, we successfully made a copy of all the pages of this site on our hard drive.

Step 4: Explore the Site Copy

Now that we have captured and copied the entire site to our hard drive, let's take a look at it.
We can open the IceWeasel browser (or any browser) and view the contents of our copied site to the location on our hard drive. Since we copied the web site to /tmp/webscantest, we simply point our browser there and can view all the content of the website! If we point it to /tmp/webscantest/www.webscantest.com/login.html, we can see that we have an exact copy of the login page!

Hmmm...what could we possibly use that for???

Step 5: Copy Our Favorite Web Site

Now, let's try HTTrack on our favorite website, wonderhowto.com. Let's try to make a copy of a forum post I wrote last week about the CryptoLocker hack. First, let's open that page right here and copy the address into Kali after the HTTrack command and then the location where you want send the copy to.

• kali> httrack http://sh4h4d4t.heck.in/hack-into-gmail-and-facebook-using-kali.xhtml -O /tmp/crytoloc

You can send the copied website to any location, but I sent mine to /tmp/crytoloc. When we do so, HTTrack will go into Null Byte, grab that webpage, and store an exact copy of it on your hard drive. Notice it also tells us that it is 208 bytes.

As you can see below, we were able to copy my Null Byte article on CryptoLocker to my Kali hard drive and open an exact copy of it with my browser.

If you are trying to find information about a particular company for social engineering or trying to spoof a website or login, HTTrack is an excellent tool for both tasks. Many of you have been asking about how to create a clone website for dnsspoof or grab credentials for an Evil Twin, now you have the tool to do so!

Read More

Website hacking login bypass using sql injection 2

What is SQL Injection?
Acunetix describes it as ” the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.” Today in this article, we are going to see login bypass using SQL Injection.
To make it more interesting, I am going to divide this article into two parts. First, the Web Programmer part and second the hacker part. I am going to use Wamp server for this.  Imagine a web programmer  has been hired to code a website for a newly formed company named shunya.  He codes the website as below.The first file is the  index.php.  On this page he creates three buttons. He adds functionality to the ‘Login’ button.


So when a user clicks on the Login button, he is  redirected to  another page called action.php which is a login form for the users of shunya.com.

It’s script is given below.

In the above code notice that the form action is set to process.php. This file validates the users. What this script does is, when a user enters the username and password it creates a connection to the database and checks if the user is in the database. If the user is in the database and his authentication is correct, he is taken to the page login_success.php.

The above script is very important to understand SQL Injection. You can see that the username and password are submitted as raw input. Notice also the query underlined.
This is the database the programmer has created  for the website. 

When a user in the database enters the correct password as shown below, he is redirected to the login_success page.

The page below is the page I set for login_success.php.

When a user not listed in the database, or a valid user logs tries to login without password like below,

this happens.

That’s the end of the programmer part. Now it’s time for the hacker part. A hacker happens to find the site of shunya.com. In the Login form, he inserts a single quote to see if the site is vulnerable to SQL Injection.

He gets a below error message. This indicates the site is vulnerable to SQL Injection.

Then he tries a query like the one shown below.


Surprisingly, he gets access to the restricted area.How does the above query work. When a user enters the above query the statement $sql in the process.php works as,
$sql = “SELECT * FROM $tbl_name WHERE username= ” or ‘0;’
This  is a valid  SQL query and user is validated even without checking the password. There are some other queries which can work similarly. Two of them are here.

‘ or ‘1’=’1;
‘ or ‘1’=’1”

When a hacker enters these two queries, the username field becomes

” or ‘1’=’1;

which transforms to validate the user if username is empty or 1=1. Now whatever may happen, one will always be equal to one. We can find many more using trial and error. This vulnerability exists because we are supplying raw data to our application. Our web programmer after a short time finds out this vulnerability and patches it as below.


What the mysql_real_escape_string does is it removes any  special characters from the input. Now try the same queries and see what happens. Thank you.

Read More

How can I use the version "trial" after 30 days

3 Steps

1) Uninstall the software after the trial period has expired

2) Start -> search -> (tastati) regedit + ENTER ...

Read More

Windows 10 Preview ISO Images Download Links & Product Key Live

The ISO images for Windows 10 Technical Preview has gone live for free public download via Windows Insider Program as scheduled at 9am PST on October 1st, 2014. Windows 10 was announced by Microsoft in an event in San Francisco a day before.

Here’s how you can download and install Windows 10 Technical Preview:

1. Visit https://insider.windows.com/ to sign up for the Windows Insider Program. A Microsoft account is required.
2. Optionally, read the system requirements, which is pretty much similar to Windows 8/8.1.
3. Download the Windows 10 ISO from http://windows.microsoft.com/en-us/windows/preview-download?ocid=tp_site_downloadpage (in fact, you should be able to visit this page and start the download without signing up).
4. Burn the ISO to DVD or USB flash drive (with tool such as Rufus and Windows 7 USB/DVD Download Tool), or mount it in virtual machine if you intend to install Windows 10 in virtual environment.
5. Double-tap or double-click setup.exe, or boot from the installation media, and then follow the steps.

Read More