Wednesday, 30 November 2011

Metasploit MSSQL Interesting Data Finder

Usage is fairly simple, set the standard parameters and run exploit. By default it will search for columns whose names include the words passw, bank, credit and card. If you want to change these set the NAMES field to be a pipe separated list of names to look for.

Once installed you can find the module in auxiliary/admin/mssql/mssql_idf .

Example

msf > use auxiliary/admin/mssql/mssql_idf
msf auxiliary(mssql_idf) > show options

Module options:

   Name      Current Setting         Required  Description
   ----      ---------------         --------  -----------
   NAMES     passw|bank|credit|card  yes       Pipe separated list of column names
   PASSWORD                          no        The password for the specified username
   RHOST                             yes       The target address
   RPORT     1433                    yes       The target port
   USERNAME  sa                      no        The username to authenticate as

msf auxiliary(mssql_idf) > set PASSWORD MyPass
PASSWORD => MyPass
msf auxiliary(mssql_idf) > set RHOST 192.168.0.54
RHOST => 192.168.0.54
msf auxiliary(mssql_idf) > exploit

Database       Schema     Table             Column                 Data Type Row Count 
============== ========== ================= ====================== ========= ========= 
msdb           dbo        backupmediaset    is_password_protected  bit       0
msdb           dbo        backupset         is_password_protected  bit       0
AdventureWorks Person     Address           MyPassword             nchar     19614
AdventureWorks Purchasing Vendor            CreditRating           tinyint   104
AdventureWorks Person     Contact           PasswordHash           varchar   19972
AdventureWorks Person     Contact           PasswordSalt           varchar   19972
AdventureWorks Sales      ContactCreditCard CreditCardID           int       19118
AdventureWorks Sales      CreditCard        CreditCardID           int       19118
AdventureWorks Sales      CreditCard        CardType               nvarchar  19118
AdventureWorks Sales      CreditCard        CardNumber             nvarchar  19118
AdventureWorks Sales      SalesOrderHeader  CreditCardID           int       31465
AdventureWorks Sales      SalesOrderHeader  CreditCardApprovalCode varchar   31465

[*] Auxiliary module execution completed

As you can see it has found a number of interesting looking columns, the
row count field should help identify which ones can be ignored or given
lower priority. It is now over to you to start querying them to check 
for data.
     

 

Directory of Search Engines

Directory of Search Engines 

Find search engines from across the world with Search Engine Colossus
 
International Directory of Search Engines. Giving you links to search engines from the USA, EU countries, Australia, Canada, China, India, Japan, Brazil, Russia, and more....


---------------------------------
www.searchenginecolossus.com
--------------------------------

How to bypass default win XP password


Every Windows XP does not have a default password for administrator user. For accessing the system we follow these steps:
----------------------------------------------------------------------------------------------------
1. log-off your computer 
2. type <ctrl>+<alt>+<delete> (delete button is pressed 2 times)
3. After our Logon screen change to classic style then we type username as: administrator and in password fill nothing for login then press enter or login.
---------------------------------------------------------------------------------------------------
note:-->This method works on fresh installation on windows xp machine. If administrator changes the password it will not work

25 Windows Hidden Tools You Seldom Use

To run any of these apps go to Start > Run and type the executable name and press Enter.
================================================
  1. Character Map (charmap.exe) - Very useful for finding unusual characters.
  2. Disk Cleanup (cleanmgr.exe) – The usual Disc cleanup.
  3. Clipboard Viewer (clipbrd.exe) - Views contents of Windows clipboard.
  4. Dr Watson (drwtsn32.exe) - Troubleshooting tool,runs when windows crashes.
  5. DirectX diagnosis (dxdiag.exe) - Diagnose & test DirectX, video & sound cards.
  6. Private character editor (eudcedit.exe) - Allows creation or modification of characters.
  7. IExpress Wizard (iexpress.exe) - Create self-extracting / self-installing package.
  8. Microsoft Synchronization Manager (mobsync.exe) - Appears to allow synchronization of files on the network for when working offline. Apparently undocumented.
  9. Windows Media Player 5.1(mplay32.exe) - Retro version of Media Player, very basic.
  10. ODBC Data Source Administrator (odbcad32.exe) – Database connection utility for support with external servers,create ODBC data sources,to administer remote databases or for supporting the ODBC database utility in Visual basic language.
  11. Object Packager (packager.exe) - To do with packaging objects for insertion in files, appears to have comprehensive help files.
  12. System Monitor (perfmon.exe) - Very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for budding uber-geeks only.
  13. Program Manager (progman.exe) - Legacy Windows 3.x desktop shell.
  14. Remote Access phone book (rasphone.exe) - Documentation is virtually non-existent.
  15. Registry Editor (regedt32.exe or regedit.exe) – For making custom changes or hacking the Windows Registry.
  16. Network shared folder wizard (shrpubw.exe) - Creates shared folders on network.
  17. File signature verification tool (sigverif.exe) - This tool will search the operating system and identify any unsigned device drivers installed on the system. It will also verify all signed device drivers.
  18. Volume Control (sndvol32.exe) - I've included this for those people that lose it from the System Notification area.
  19. System Configuration Editor (sysedit.exe) - Modify System.ini & Win.ini just like in Win98!
  20. Syskey (syskey.exe) - Secures XP Account database, use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications.
  21. Microsoft Telnet Client (telnet.exe) – Built in telnet client which can be used to connect to servers to sent emails or to hack :) This is disabled in in vista but you can re-enable it by going to Control panel –> Programs and Features –> Click "Turn Windows features on or off" on left –> Scroll down and check "Telnet Client".
  22. Driver Verifier Manager (verifier.exe) - Seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented.
  23. Windows for Workgroups Chat (winchat.exe) - Appears to be an old NT utility to allow chat sessions over a LAN, help files available.
  24. System configuration (msconfig.exe) - Can use to control startup programs, make changes to startup of XP.
  25. Group Policy Editor (gpedit.msc) - Used to manage group policies, and permissions.Its an Administrator only tool.

How to Hack Windows Administrator Password?

Sometime we forget our administrator password and we want to access the machine but we do not know their password so we have 2 methods to logon this machine:
1. Safe mode
2. with Help of bootable software
=================================================
1. Safe mode
Press F8 Button when windows start after select Safe mode and click yes and go to run type cmd. And type following command.

C:\> net user administrator 123
note-->here 123 is the password of administrator
=================================================
2. with Help of bootable software
We can use following bootable disk images:we can easily crack the password of administartor using bootable disk.
following are bootable disk
---------------------------------------------------------------------
  • Offline NT Password & Registry Editor
  •  Backtrack 4 DVD (Back4.iso)
---------------------------------------------------------------------

  • Offline NT Password & Registry Editor: it actually deletes your password allowing access to Windows without any password.
Tested with the following: NT 3.51, NT 4, Windows 2000, Windows XP, Windows 2003 Server,Vista and Server 2008.As far as I know, it will work with all Service Packs (SP) and all editions (Professional, Server, Home etc) Also, 64 bit windows version (XP, 2003, Vista, 2008) should be OK.

Feature’s:
  • Very fast password cracking tool
  • No access to Windows or knowledge of old passwords is needed
  • Program is completely free and open source, which means it will most likely stay free
  • Works with Windows Vista passwords and Windows XP passwords (and more) Program's ISO image is much smaller than those of other password recovery tools
  • No installation in Windows is required making this program an easy alternative to many other password recovery tools.
Download Offline NT Password & Registry Editor bootable disk-->
http://pogostick.net/~pnh/ntpasswd/
http://pogostick.net/~pnh/ntpasswd/cd100627.zip



  • Backtrack 4 DVD (Back4.iso)
Hack the Windows administrator Passwords password with Bactrack 4 DVD it is also the bootable disk
Steps for Hack the Windows administrator Passwords password with Bactrack 4 DVD :
  1. Burn Backtrack 4 iso in DVD and boot from DVD and after start backtrack with
    username: root and password: toor and then type command startx     
  2. open backtrack---> Privilege Escalation --->Password Attacks---> Chntpw
  3. After type following command:
  4. chntpw –i /mnt/hda1/windows/system32/config/SAM
  5. After type 1 and type username: administrator select 1 option to clear     password
Video demo---> http://www.youtube.com/watch?v=D1LnAQcKtbM