Sunday, February 28, 2016

SQL injection for Fun | Blackhattrick Blog

Disclaimer:
Performing this kind of activity is illegal. Please refer the article for knowledge purpose.Blog owner is not responsible if any unethical activity will done.

Hello Guys,

                Here I am again for you with new article on Sql Injection.


Here I use Google Dorks to look for Vulnerable Sites for SQL Injection. 
Note: you must know about Google hacking cheat sheet.

SQL Injection:

                SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).




Follow the Steps:

Go to Google Search for enter string below,
inurl:"/admin/_login.php /admin/_login.phpinurl:index.php?id= -

 Here I use “inurl:"/admin/_login.php” for demonstration.

After search you may open any web site to check for vulnerability.

Suppose if your web URL is: www.site.com/admin/_login.php replace _login.php with index.php,
if the web page does not change(remains as it is) then your Sql injection will work 99%.




 Almost 88% web sites are vulnerable as per study.

Try Sql injection Cheats. I will use ' or 1=1; #





Bingo!!!!!!!!!!
You got Administrator Panel Access !!!!!



Benefits:
In Organizations, Analyst/administrator can use the trick to check whether vulnerability present on the server so they can patch it on priority.

Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing

Wednesday, February 24, 2016

Hacker`s Friendly Search Engine | Blackhattrick Blog

Hello Guys,
Reconnaissance is the Pre-phase of Hacking life cycle.
Hacker first initiate information Gathering/collection activity by Active & Passive Way.
There are search engines available where attacker can get information about the target easily on Internet.

Information such as Port opened with additional details, geographical information, who.is info, services running, open-source security reports about phishing, malware, botnets and other malicious activities. Search for IP addresses or domains in our reputation database.

I came across Following Search Engines listed as below:
 
  • https://cymon.io
  • https://exchange.xforce.ibmcloud.com
  • https://duckduckgo.com (Search Engine)
  • https://www.shodan.io
  • https://censys.io/

https://cymon.io
Cymon is the largest tracker of open-source security reports about phishing, malware, botnets and other malicious activities. Search for IP addresses or domains in our reputation database. Cymon ingests events and other malicious activities from almost 200 sources daily. On average, more than 15,000 unique IPs and 100,000 events are processed each day.




https://duckduckgo.com (Search Engine)




 https://exchange.xforce.ibmcloud.com
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers.



https://censys.io/
Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed. [more information



https://www.shodan.io
Shodan is the world's first search engine for Internet-connected devices


Benefits:
As an attacker you can collect information about your target passively.As an Security Analyst you can collect the information about the target whom attacking on your Company Infra.

Guys, If you know other Hackers Search Engines put the comment to other also know.


Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing

Tuesday, February 23, 2016

VMware Workstation Installation on Kali2.0 Sana | Blackhattrick Blog






Step 1: Update your Kali Linux and Install Required Packages for VMware Workstation

1. Login into your server as root or non-root user with sudo privileges and run the following commands to keep your system up-to-date.

apt-get update && apt-get upgrade -y

2. Run the commands below to install required packages for VMware Workstation to run properly.

   

apt-get install build-essential linux-headers-`uname -r`

Step 2: Download VMware Workstation Binaries

1. Download the VMware Workstation software binary from VMware official site. You will download script file like “VMware-Workstation-Full-11.0.0-2305329.x86_64.bundle”, by default this installer script file downloaded without execute permission, so you will need to give it in later step.

2. Go to the directory which contains the VMware Workstation binary file. File looks like “VMware-Workstation-Full-11.1.2-2780323.x86_64.bundle”.

3. Give execute permission for this installer file.

   

chmod +x VMware-Workstation-Full*.bundle

Step 3: Install VMWare Workstation on Kali Linux 2.0 Sana

1. Next, run the command below to begin the installation of VMware Workstation inside Kali Linux 2
1
   

./VMware-Workstation-Full-11*.bundle

2. Once the installer is running, you see the following window the screen.

Accept the license agreement to continue.

Follow normal process which we follow while installing Application in windows.

You may use License Key as below

5A02H-AU243-TZJ49-GTC7K-3C61N







Enjoy VMware Workstation 12 PRO Full Version For Free.Happy Learning :)


Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing