Leaderboard

# jsSql Injection # Automated Mysql injection ,Web based tool # Injectii suportate: [+] Union based [+] Error based # Caracteristici Union Based Detectarea automata a keywordului si a tipului de date String/Integer Se foloseste de eroarea "You have a error in your sintax" pentru a obtine numarul de coloane in numai un request Poate numara coloanele cu Order by sau group by Poate numara coloanele direct in union ( union select 1 ; union select 1,2 ; union select 1,2,3; etc...) Poate incerca si JOIN sintax pentru virgula bypass Poate extrage Baze de de date , Tabele, Coloane,Date prin Dump in one shot sau benchmark In cazul in care cele de sus nu merg poate extrage Baze de date ,tabele ,coloane,date cu Limit x,1 Se poate selecta un fisier unde sa faca DUMP Poate citi fisiere prin load_file Se poate executa propria sintaxa SELECT Prin intermediul unei liste cu cele mai comune tabele si coloane poate ghici unele , in cazul in care nu exista information_schema # Caracteristici Error Based Incearca 3 sintaxe diferite ,se poate seta de la setari o a patra sintaxa pentru order by injection Extrage Baze de de date , Tabele, Coloane,Date Se poate selecta un fisier unde sa faca DUMP Prin intermediul unuei liste cu cele mai comune tabele si coloane poate ghici unele ,in cazul in care nu exista information_schema # Alte caracteristici si optiuni: [+] O functie pentru WAF Bypass ce foloseste /*!12345 */ + url encode + + () urlencoded [+] Un admin panel finder cu 10 threaduri [+] %Inject% pentru a indica locul unde sa injecteze ex: site.com/script.php?id=1%Inject%&parametru_non_vulnerabil sau cand trebuie pus ) in fata ex: site.com/script.php?id=1)%Inject%&parametru_non_vulnerabil sau cand este nevoie de " in loc de ' site.com/script.php?id=1"%Inject%&parametru_non_vulnerabil [+] Load_file fuzzer (impreuna cu o lista aflata in fisierul base.js poate ghici fisierele aflate pe server , daca scriptul ruleaza pe un user cu file_priv=Y) Fisiere: index.html base.js s.php s2.php keywords.php admin_p.html

Acesta este primul dintr-o serie de tutoriale care prezinta diverse comenzi si scurtaturi in bash. Lista de comenzi se afla mai jos: sudo !! Comanda de mai sus ruleaza comanda anterioara ca si r00t. du | sort -gr > dimensiune_fisiere Comanda sorteaza dimensiunea fisierelor in ordine crescatoare dupa care salveaza rezultatele in "dimensiune_fisiere". echo La miezul noptii | at midnight Comanda de mai sus se executa de fiecare data la miezul noptii(echo poate fi inlocuita cu orice comanda). find . -type f | wc -l Comanda numara toate fisierele care se gasesc in directorul curent. Numara, de asemenea, si fisierele situate in subdirectoare ale directorului curent. ps aux | sort -nk +4 | tail Comanda afiseaza primele 10 procese dupa consumul acestora de memorie(+4 reprezinta a patra coloana dupa executia comenzii ps aux). tail afiseaza ultimele zece linii ale unui fisier in stdout. In cazul nostru acestea sunt procesele care consuma cea mai mare cantitate de memorie. tar czv fisier folder1 fisier2 | ssh user@server tar zxv -C /destinatie Comanda de mai sus arhiveaza fisier, folder1 si fisier2 dupa care le scrie in stdout. Rezultatul este transmis pe server prin ssh dupa care este dezarhivat in directorul /destinatie de pe server. nslookup rstforums.com | tee rst_dns.txt Comanda tee face o copie a iesirii standard(stdout) a comnezii nslookup in fisierul rst_dns.txt reset Comanda restaureaza sesiune unui terminal inchis. URL=rstforums.com && wget -rq --spider --force-html "https://$URL" && find $URL -type d > link-uri_rst.txt && rm -rf $URL Comanda de mai sus extrage toate link-urile de pe forum dupa care le salveaza in link-uri_rst.txt. watch -n 30 uptime Cu aceasta comanda putem pastra o sesiune ssh activa(watch este rulata la fiecare 30 de secunde; conexiunea este inchisa dupa un anumit timp de inactivitate). ssh user@192.168.6.7 "ps aux | grep apache2" Putem rula o comanda pe un server. Comanda de mai sus verifica daca apache este pornit pe 192.168.6.7. (cd /tmp && ls -la) Cu aceasta comanda putem naviga intr-un director, executam o comanda dupa care revenim in directorul initial. find /cale/catre/director -type f -print0 | xargs -0 rm Comanda de mai sus permite stergerea fisierelor din /cale/catre/director(directoarele sunt pastrate). mkdir ~/Proiecte/proiect{1..3} Comanda de mai sus permite crearea unui numar mare de directoare itntr-o singura linie de comanda. Acestea vor avea forma proiect1, proiect2, proiect3. du -s * | sort -n | tail Comanda de mai sus afiseaza primele zece cele mai mari fisiere/directoare din directorul curent. whereis numecomanda which numecomanda locate numecomanda Comenzile de mai sus permit localizarea unui executabil. ssh -N -L2000:localhost:80 statieladistanta Crearea unui tunel ssh de la portul 80 al unei statii la distanta si portul 2000 al statiei curente(pe cea care a fost rulata comanda). echo "rm -rf /director-mare/nefolositor" | batch Comanda de mai sus sterge directorul daca acesta ocupa mai mult de 80 la suta din dimensiunea capacitatii de stocare in care se gaseste. ssh user@host cat /cale/catre/fisier/ladistanta | diff /cale/catre/fisier/local- Comanda de mai sus compara doua fisiere:unul situat pe statia locala iar celalalt pe o statie la distanta. cat /etc/issue Comanda de mai sus afiseaza numele distributiei curente. iptables -A INPUT -s 192.168.2.3/32 -j DROP Comanda de mai sus blocheaza conexiuni care vin din partea statiilor ce au urmatoarele IP-uri 192.168.2.xx . lspci -vv Comanda de mai sus afiseaza toate drivere-le instalate. python -m HTTPServer Comanda de mai sus creeaza un server http care poate fi accesat la adresa http://$HOSTNAME:8000/ lsof -i -n | grep ESTABLISHED Comanda de mai sus afiseaza toate conxiunile TCP active. curl -I rstforums.com Comanda de mai sus preia antetele HTTP(HTTP headers) ale forum-ului.

Dupa cum spune si titlul, incercam sa ii gasim casuta puiutului din imaginile de mai jos. Are doua luni, face la litiera fara probleme, mananca absolut orice, se intelege cu cainii. A fost gasita abandonata impreuna cu 2 fratiori care erau morti. Daca aveti nevoie de un animalut acasa, sau cunosteti pe cineva care ar dori asa ceva, dati semne. Orice ajutor este binevenit. P.S Vorbim de cei din Bucuresti. Multumesc. http://i.imgur.com/M9gNzDf.jpg http://i.imgur.com/RxjXf2J.jpg

Sa iti explic ceva havij cand scoate date dintr-un tabel date foloste o sintaxa de genul select concat(coloana,coloana2,coloana3) from tabel limit X,1 X ala merge de la 0 pana la cate randuri sunt in tabel. De ce sa faci asta cand poti face asta (select @ from(select @:=0x00,(select 0 from tabel where @ in(@:=concat(@,coloana,coloana1,coloana2))))x) Asa le va scoate taote randurile odata iar in logurile victimei in loc sa apara 3000 de requesturi(sau cate randuri sunt) , va aparea decat un singur request. Havij nu se foloseste optim de erorile bazei de date , daca in sursa apare eroarea You Have a error in your sintax, el v-a incerca sa caute numarul de coloane si va incepe sa faca: union select 1 union select 1,2 union select 1,2,3 union select 1,2,3,4 ...... etc. De ce sa faca atata requesturi cand poate face: group by 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100 iar dintr-un sigur request in sursa v-a aparea o eroare de genu Unknow column '34' sa zicem , inseamna ca sunt 33 de coloane.1 request vs 33 de requesturi.

Download here: https://hashcat.net/oclhashcat/ This release is again focused on performance increase of the kernels and bugfixes. However, the most code intensive change in this version was the new workload dispatcher as it's part of the the oclHashcat core. The old one wasn't that bad, but the new one is simply faster which adds up to the increased performance of the kernels. As always, make sure to unpack into a new folder. Never reuse an existing oclHashcat folder (because of the cached kernels). One important thing for AMD users: You will need to update to the latest beta version of catalyst before updating oclHashcat. We've decided to no longer wait for AMD to ship the latest "stable" catalyst driver simply because they aren't any more stable than beta drivers... There's also one change made to the binaries itself. We now are using our own toolchain (thanks to crosstool-ng) to create our own binaries with an older glibc. That was required to make the binaries compatible to linux distributions using an older glibc. That means you should be able to run cudaHashcat and oclHashcat now without glibc patching on Kali, some (older) Debian systems, CentOS 6.4, etc.. New algorithms Skype Peoplesoft md5($salt.md5($pass)) Mediawiki B type Kerberos 5 AS-REQ Pre-Auth etype 23 as fast algorithm (reimplementation) Android FDE scrypt Password Safe v2 Lotus Notes/Domino 8 Skype and Peoplesoft are just new parsers as you were already able to crack them with older oclHashcat versions by using the generic hashtypes and by formating the hashes in a way that oclHashcat can load them. By adding parsers we just make it more comfortable for the users to load the hashes as you can use them in their native output. The md5($salt.md5($pass)) generic algorithm was simply added as it was required for the Mediawiki B type hash-type. It's a simple scheme that does not require any special comment. The Kerberos 5 algorithm is a reimplementation as fast algorithm type. That is the case if an algorithm is fast enough to require an on-gpu candidate generator. The algorithm actually was fast enough and just by not selecting it as fast hash it lost some performance. By switching it to a fast type we got some speedup for free. Now it gets interessing. The Android FDE algorithm that was added is the one that is using PBKDF2-HMAC-SHA1 + CBC-ESSIV-AES with 2000 iterations. Only tricky part was the "detection" of a filesystem. Note that this algorithm isn't used anymore in newer android devices. The new one uses scrypt instead of PBKDF2. For details about how the algorithm is working see here: https://hashcat.net/forum/thread-2270.html That's why we've added scrypt to GPU. And what should I tell, it's PITA. The goal of scrypt to run slow on GPU has been fulfilled. Just one note about that. The intention (if I understood currectly) was to make the computuation slow because the memory access is slow. Well that's not what made it slow actually. It's simply the lack of the total memory available on the card. Note that, to run fast with GPGPU, you have to run many tasks in parallel. That means that you have to allocate a huge amount of memory for each parallel task and this is what kills the gpu, not the access time. Also note that this scrypt variant is the real scrypt, not the minimal version that is used for litecoin. The litecoin version uses extreme low settings for N, r and p such that it is not required to work on global memory for all operations. We're using a fully functional scrypt in which you can set N, r and p dynamically. For the benchmark, we're using the defaults of 16k, 8, 1. The Password Safe v2 was also very interessting. This algorithm actually runs slower than the current one used in Password Safe v3, which is also supported with hash-type 5200. On my AMD hd7970, the v2 version runs with 101 kH/s while the v3 version runs with 506.2 kH/s but I don't think it's too much of a problem. Both run slow enough and are salted. Last algorithm that was added is Lotus Notes/Domino 8 which was discovered by our own philsmd. Therefore, oclHashcat v1.30 is world's first Lotus Notes/Domino 8 (H-hashes) cracker! For details about how the algorithm is working see here: https://hashcat.net/forum/thread-3550.html More info: https://hashcat.net/forum/thread-3627.html