Hack Website Softwares

Last year I posted a similar post on top hacking softwares for the year 2010. It was a huge success and it still recieves a lot of hits. Here I have compiled the new list of top 10 hacking softwares which were in limelight for the year 2011. Most of the tools are same but some of them have climbed great hights this year. 


The tools listed here are open source and we are not listing any licensed software here.
Also I would like to add that METASPLOIT" has been excluded from this list because it combines the power of several tools listed in top 10 so here we will only rate individual products.

1. NMAP - And the tradition continues and NMAP still the number one. 
Nmap ,by far is the best security scanning and hacking tool ever made. This software tops every list of top hacking softwares for its two reasons. Firstly,its ease of use and secondly,its wide usage.

It provides a wide range of features like port scanning, fingureprinting, os detection , ping , scanning an IP range , alive hosts etc. It has a rich command mode for advanced users which can combine several commands together to execute ones. Its the most recomended tool for new as well as advanced learners and security experts. It hosts its google  opensource project every year. Download Nmap.

2.SUPER-SCAN-  Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.  If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice. It provides a cool scanning experience with lot of information displayed. Download Superscan.






3. NESSUS vulnerability scanner -  I believe that this is the only tool that can break the top spot of Nmap and reach at number 1. Its a powerful tool but owing to its nature of operation, it is a lot buggy and hangs too. This tool has been the best tool for both network administrators and hackers because of its wide implimentation.The Nessus® vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks. Download Nessus



4. John The Riper - The fastest password cracker. It is available for several versions of unix and windows and has remained the all time favorite brute force password cracker.  currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes. Download JTR.




5. WIRESHARK and KISMET-  Improving by 2 points to reach the number 5th spot is wireshark. The 5th spot is combined spot for kismet as well as wireshark.
 It is the most preferred wireless security assessment tool and a single of its type in this field. It is a must have tool for all wireless junkies. Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames.  Download Wireshark.

Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system.  Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (devices and drivers permitting). Download Kismet





6. PANGOLIN SQL injection scanner - This is by far the best SQL injection scanner which scans a website for sql injection attacks. It performs test on the database to check if vulnerability exists or not. The tool is built to scan numerous popular databases and works quiet effectively for poorly configured websites. It had a tough competition with Havij but the nature of platform made me to choose Pangolin as the winner in this segment. Download Pangolin




7. NIKTO 2- A fresh arival and a must have. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Download Nikto



8. Low orbit Ion Cannon- LOIC is an effective DOS attack tool which is said to have been made by the popular Anonymous hacking group. This tool can be used to flood a webserver with lots of data packets so that the service goes down and it becomes inaccessible. Recentely this tool was used to bring down PayPal and several other top websites around the globe. Download LOIC





9.CAIN & ABEL- The favourite password cracker of all kind. IT fell several ranks this year owing to its low support for new platform and stiff competition from several similar tools who are constantly updating.
Download Cain and Abel

10. HIDE IP-  There were several tools fighting for this last spot but the high usage of anonymous surfing made me to finally put Hide IP on the 10th spot. It is a great tool for anonymous surfing and having anonymity on the web which is very essential while performing hacks and penetration testing. It had TOR as is closest competitor but owing to the slow speed of TOR i decided Hide IP as the owner of this spot.
Download Platinum Hide IP




Hope you will love playing with these great tools. The list can be never ending as there can are numerous tools around. Before ending this post I will again like to remind my readers that a good hacker is one who understands the crux. Tools are mearly used to simplify our work. So forst understand things manually then only jump to using tools.

DARKLORD!!

Hacking Website Steps

1. Open the site you want to hack. Provide wrong username/password combination in its log in form. (e.g. : Username : me and Password: ' or 1=1 --)An error will occur saying wrong username-password. Now be prepared your experiment starts from here.
   
   
   
   
2. 2
   Right click anywhere on that error page =>> go to view source.
   
   
   
   
3. 3
   There you can see the HTML coding with JavaScript.• There you find somewhat like this....<_form action="...Login....">• Before this login information copy the URL of the site in which you are. (e.g. :"< _form..........action=http://www.targetwebsite.com/login.......>")
   
   
   
   
4. 4
   Then delete the JavaScript from the above that validates your information in the server.(Do this very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information)
   
   
   
   
5. 5
   Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=text> “there instead of "<_type=password>". See there if maximum length of password is less than 11 then increase it to 11 (e.g. : if then write )
   
   
   
   
6. 6
   Just go to file => save as and save it anywhere in your hard disk with ext.html(e.g.: c:\chan.html)
   
   
   
   
7. 7
   Reopen your target web page by double clicking 'chan.html' file that you saved in your hard disk earlier.• You see that some changes in current page as compared to original One. Don't worry.
   
   
   
   
8. 8
   Provide any username [e.g.: hacker] and password [e.g.:' or 1=1 --] You have successfully cracked the above website and entered into the account of List user saved in the server's database.
   
   
   

How to hack a website using cmd

how to hack a website by using cmd?

hlo,frndz i'm going to show u how to hack a website by using cmd or using deniel service attack
frst of all what is deniel service attack it means when a website get more data from its capacity and it crashed this is called deniel service attack
for this attack u have a great internet speed bcoz if ur pc has slow speed u havebeen traced by host and u gone to jail
step 1.press wni key+r for run and type cmd for command prompt
2.when cmd open type ping www.sitename.com which u want to crashed or down
3.then it show its ip
4.open notepadand type "ping www.sitename.com-t-l65500 " and save it xxx.bat
5.open the notepad file and it take some time it show "request timed out" but wait and it show its result....

note: in my way do'nt take any risk and i'm not responsibli for any hacking purpose....

web hacker

how to hack a website latest method                                                                        

Every wondered how Anonymous and other hacktivists manage to steal the data or crash the servers of websites belonging to some of the world biggest organisations? Thanks to freely available online tools, hacking is no long the preserve of geeks, so we've decided to show you how easy it is to do, in just four easy steps.Step 1: Identify your targetWhile Anonymous and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability.
Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork.
Follow us  Follow @IBTimesUK 
Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of vulnerabilities by querying a search engine like Google or Bing. It basically allows you to enter a search term into Google and find websites which may have these vulnerabilities somewhere on the site.
Don't worry about needing technical expertise to know what to look for. Kind-hearted hackers have produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are looking for. Looking for files containing passwords? There's got a Dork for that. Login credentials? There's a Dork for that.For example, if you are looking for files stored on websites containing passwords, then a sample search query we found openly listed on one indexing site was: intitle:"Index of" master.passwd. This returns the results shown in the screengrab above.
So now you have a list of potential victims. Next you need to narrow this down even further.
Step 2: Check for vulnerabilitiesHaving a huge number of sites which may or may not be vulnerable is not much use unless you can pinpoint one which is actually open to attack. This is when a programme called a vulnerability scanner comes into its own and the most popular is called Acunetix.
Acunetix, developed by a UK-based company, was designed, and is still used, as a tool for web developers to test sites they are building. However the hacking community has commandeered the tool and uses it to identify existing vulnerable sites.
You can download a trial version of the software for free from the official Acunetix website or if you venture into the murky depths of a hacker forum and search for Acunetix, you can find cracked versions of the full application freely available.Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.
Step 3: Attack the websiteAttacking a website is done by two main methods. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site.
This type of attack is known as a SQL (pronounced sequel) Injection. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. SQL is a programming language designed for managing data in a database.
But fear not, you won't need to understand a single line of SQL to carry out this attack. Thankfully another freely-available and easy-to-use application, originally developed in Iran, can be downloaded from the web saving you the trouble of dealing with any complex code.The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so, unsurprisingly, this is the piece of software required to penetrate a website.
Again there are free and paid-for versions of Havij available with the paid-for version having more powerful capabilities. Again the world of hacker forums is your friend here and cracked versions of the full Havij application are available if you look for them.
The Havij interface is once again like any other Windows program and all a virgin hacker needs to do is simply copy-and-paste the address of their target website and press a button.
Havij allows you to perform a number of different types of operation including one called a Get, which unsurprisingly gets all the information stored on databases on that particular site which can be usernames, passwords, addresses, email addresses, phone numbers and bank details.
And that's it, within minutes you can search for, download and use a couple of automated tools which will allow you to access websites which are vulnerable to this type of attack. While most high profile companies' websites will be protected from this type of attack, the fact that Sony's website and the personal information of its customers was stolen in a manner similar to this, shows just how vulnerable the web is.
Step 4: If all else fails, DDoSHacktivist collective Anonymous changed their tactics in the last 12 months moving away from DDoS as their primary tool for attacking websites, preferring if possible to use SQL Injection instead. However, when this is not possible, they will revert to DDoS attacks, and you can to, with the help of another freely available tool.
And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to stress test websites, but has been high-jacked by hackers in order to attack websites.Available as a free download from Source Forge, LOIC employs a very user-friendly interface and all potential hackers need to is type in the URL of the site they want to crash and LOIC will do the rest. What the application will do is send up to 200 requests per second to the site in question.
While most bigger sites might be able to deal with this request without crashing, most websites out there will not, especially if you get together with some other hacking virgins and combine your efforts.
So easy is it to use this technology that you can even control it from your BlackBerry, meaning you can be enjoying a pint in the pub with your friends while carrying out a DDoS attack on a website of your choice.
If our tutorial has not provided you with enough information, there are dozens of other tutorials on various hacker forums around the web and even video tutorials on YouTube which you can watch.