30 September, 2011

How To Find Vulnerable Websites | TUT |


First off you need to download the actual tool itself (No this is not my own tool)
Download ; virus scan is at the bottom.
http://www.mediafire.com/?dtnolcj562ca6ss


Once you've downloaded the file above you need to extract it to a place you will know where to find it. A picture of the programme itself is below.

[Image: dnjFaQ.png]

NOTE- Make sure you don't extract the tool away from the folder because that's where the dorks are.

Ok so now for the tutorial, this is a little long but who ever said hacking was easy?, just simply follow these steps bellow and then you will be successful in "hacking" your opponent.

Step 1 -First you will need to click the "Scanner" tab and then the little "+" icon on the "All dorks". Once done you will see a list like this ;
[Image: Qwsb0M.png]
this is called a "dork" you can pick anyone you want by clicking the little "+" icon again.

Step 2 - Next you will need to pick a specific "dork" i'm going to be using ASP with dork ; ".asp?bookID=" you can use any....it really doesn't matter. So now our stage process should be as shown below.
[Image: hkZGIS.png]

Step 3 - Now you will need to press the scan button, I can't really explain this part so I got a picture for you, make sure to press "Remove duplicates".
[Image: RQBeM5.png]

Step 4 - Once completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
[Image: aYNRVU.png]

Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping because I used a dork basically that doesn't find many vulnerable sites, this tutorial is just an example of what it'l be like. [Image: CvFT8o.png]

Step 6) Following on from "Step 5" the list takes a while because the tool itself is finding if its vulnerable or not. It should look a little like this [Image: JJIF4i.png]

Step 7 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject/upload shell.

I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.

I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy, here's a few proxy's that I use.

http://www.hidemyass.com
http://www.newipnow.com
http://www.xitenow.com/ (best in my opinion)[/COLOR]

-Curt

EDIT: VIRUS SCAN FOR THE DOWNLOAD
PHP Code:
Antivirus    Version    Last update    Result
AhnLab
-V3    2011.04.12.01    2011.04.12    -AntiVir    7.11.6.66    2011.04.12    -Antiy-AVL    2.0.3.7    2011.04.12    -Avast    4.8.1351.0    2011.04.12    -Avast5    5.0.677.0    2011.04.12    -AVG    10.0.0.1190    2011.04.12    -BitDefender    7.2    2011.04.12    -CAT-QuickHeal    11.00    2011.04.12    -ClamAV    0.97.0.0    2011.04.12    -Commtouch    5.2.11.5    2011.04.06    -Comodo    8317    2011.04.12    -DrWeb    5.0.2.03300    2011.04.12    -Emsisoft    5.1.0.5    2011.04.12    -eSafe    7.0.17.0    2011.04.12    -eTrust-Vet    36.1.8268    2011.04.12    -F-Prot    4.6.2.117    2011.04.12    -F-Secure    9.0.16440.0    2011.04.12    -Fortinet    4.2.254.0    2011.04.12    -GData    22    2011.04.12    -Ikarus    T3.1.1.103.0    2011.04.12    -Jiangmin    13.0.900    2011.04.12    -K7AntiVirus    9.96.4360    2011.04.11    -Kaspersky    7.0.0.125    2011.04.12    -McAfee    5.400.0.1158    2011.04.12    -McAfee-GW-Edition    2010.1C    2011.04.12    -Microsoft    1.6702    2011.04.11    -NOD32    6037    2011.04.12    -Norman    6.07.07    2011.04.12    -Panda    10.0.3.5    2011.04.12    -PCTools    7.0.3.5    2011.04.12    -Prevx    3.0    2011.04.12    -Rising    23.53.01.06    2011.04.12    -Sophos    4.64.0    2011.04.12    -SUPERAntiSpyware    4.40.0.1006    2011.04.12    -Symantec    20101.3.2.89    2011.04.12    WS.Reputation.1
TheHacker    6.7.0.1.171    2011.04.12    
-TrendMicro    9.200.0.1012    2011.04.12    -TrendMicro-HouseCall    9.200.0.1012    2011.04.12    -VBA32    3.12.14.3    2011.04.12    -VIPRE    8999    2011.04.12    -ViRobot    2011.4.12.4406    2011.04.12    -VirusBuster    13.6.301.0    2011.04.12    -MD5bfcb8c5408fe750e431f2e843b8b85b8
SHA1
8107304ee63d3a41952f31f05094c26dc231ac9d
SHA256
4dd2985a1940f0cafdb92da4bf569edc29dbd614a4a2bd34c4082d759dc5ab7e
File size
5599232 bytes
Scan date
2011-04-12 20:05:29 (UTC)

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home