THREAD: How to find vulnerable websites (For beginners)
  1. 04-12-2011, 05:11 PM
    #1
    Curt's Avatar
    Curt
    Former Staff
    Curt's Avatar
    Curt
    Former Staff
    2,457
    Posts
    24,120
    Reputation
    Oct 2009
    NextGenUpdate
    I thought i'd post this because using a tool like this is much quicker than doing manual SQLI (unless you prefer doing it old school.:tongue This tool is a little like havij but in my opinion better. I will only be showing you howto find vulnerable websites with this tutorial as their's plenty of tutorials on how to deface an sql vulnerable site.

    First off you need to download the actual tool itself (No this is not my own tool)
    Download (Survey free);

    [Only registered and activated users can see links. ]

    Once you've downloaded the program itself from the above download link, you need to extract it to a place you will know where to find it. You can find a picture of the programme itself, once opened, below.

    Spoiler:


    NOTE- Make sure you don't extract the tool away from the folder because that's where the dorks are.

    Ok so now for the tutorial, this is a little long but who ever said hacking was easy? just simply follow these steps bellow and then you will be successful in "hacking" your opponent.

    Step 1 -First you will need to click the "Scanner" tab and then the little "+" icon on the "All dorks". Once done you will see a list like below.
    Spoiler:

    this is called a "dork" you can pick any dork you want via clicking the little "+" icon, again.

    Step 2 - Next you will need to pick a specific "dork" I'm going to be using ASP with dork ; ".asp?bookID=" you can (enter it into the search box the type of dork you're looking for. This tutorial doesn't require this specific dork, you can chose one to your own preference. So now our stage process should be as shown below.
    Spoiler:


    Step 3 - Now you will need to press the scan button, make sure to press "Remove duplicates". See the below picture.
    Spoiler:


    Step 4 - Once you've completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
    Spoiler:


    Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping. It should look like the following.
    Spoiler:


    Step 6 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject.

    I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.

    I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy to hide yourself, here's a few proxy's that I use.

    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ] (best in my opinion)



    Remember all my tutorials I do myself from my own personal knowledge. Here's some other tutorials I made ;
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]


    Virus scan.
    [Only registered and activated users can see links. ]
    Last edited by Habibi Toxic; 05-02-2016 at 09:25 AM. Reason: New pictures + virus scan + new text.

  2. The Following 77 Users Say Thank You to Curt For This Useful Post:

    , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

  3. 04-12-2011, 07:43 PM
    #11
    Curt's Avatar
    Curt
    Former Staff
    Curt's Avatar
    Curt
    Former Staff
    2,457
    Posts
    24,120
    Reputation
    Oct 2009
    NextGenUpdate
    Originally Posted by BizNasty View Post
    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:23 PM ---------- Previous post was at 02:23 PM ----------

    Spoiler:



    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:23 PM ----------

    [spoiler]


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:24 PM ----------


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:24 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:27 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:
    Are you serious Biz? like really...I spent at least a good hour doing all this, I even went through SQL injection then decided to delete it because there's already loads all over the forum, If you can find this exactly the same on HF then I will give you all my vbux and +rep you, it's impossible. Every thread I make I make from nothing no copy and paste bullshit.
  4. 04-12-2011, 09:02 PM
    #12
    Sk8erFerSur's Avatar
    Sk8erFerSur
    NyanNyanNyanNyanNyanNyan
    Sk8erFerSur's Avatar
    Sk8erFerSur
    NyanNyanNyanNyanNyanNyan
    1,161
    Posts
    2,780
    Reputation
    Aug 2010
    NextGenUpdate
    Originally Posted by BizNasty View Post
    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:23 PM ---------- Previous post was at 02:23 PM ----------

    Spoiler:



    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:23 PM ----------

    [spoiler]


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:24 PM ----------


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:24 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:27 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:
    Lol at quadruple double post.
  5. 04-12-2011, 10:11 PM
    #13
    Sir's Avatar
    Sir
    Reeferlution
    Sir's Avatar
    Sir
    Reeferlution
    2,295
    Posts
    13,611
    Reputation
    May 2010
    NextGenUpdate
    1337 hax0r is 1337 :y:
  6. 04-12-2011, 10:26 PM
    #14
    -☃-'s Avatar
    -☃-
    Canít trickshot me!
    -☃-'s Avatar
    -☃-
    Canít trickshot me!
    354
    Posts
    462
    Reputation
    Apr 2011
    NextGenUpdate
    bought to get my hack on :evil:
  7. 04-12-2011, 10:49 PM
    #15
    Curt's Avatar
    Curt
    Former Staff
    Curt's Avatar
    Curt
    Former Staff
    2,457
    Posts
    24,120
    Reputation
    Oct 2009
    NextGenUpdate
    Originally Posted by Sir View Post
    1337 hax0r is 1337 :y:
    I do try....:hitman:
  8. 04-12-2011, 11:59 PM
    #16
    Nate's Avatar
    Nate
    Guest
    Nate's Avatar
    Nate
    Guest
    n/a
    Posts
    n/a
    Reputation
    Once upon a time...
    NextGenUpdate
    Originally Posted by Curt View Post
    [COLOR="black"]Ok so.. I've seen recently people have been making threads with SQL injection tutorials so I thought i'd make a thread on how to find vulnerable sites the easy way. I thought i'd post one using a tool I like to use when I simply cant be bothered to do it the manual way. This tool is a little like havij but in my opinion better.

    ]
    Wow, another helpful thread by Curt. Thank you very much.

    ---------- Post added at 10:59 PM ---------- Previous post was at 10:39 PM ----------

    Originally Posted by Curt View Post
    Looks like you kids are gonna have some fun within the next few hours
    btw Curt, I think we all want you to go in-depth with the sql injections.
  9. 04-13-2011, 12:43 AM
    #17
    -Syed-'s Avatar
    -Syed-
    < ^ > < ^ >
    -Syed-'s Avatar
    -Syed-
    < ^ > < ^ >
    1,197
    Posts
    3,666
    Reputation
    Jul 2010
    NextGenUpdate
    Im having fun :y: Thanks Curt. Nominated + Thanks :love:
  10. 04-13-2011, 02:07 AM
    #18
    Pichu's Avatar
    Pichu
    RIP PICHU.
    Pichu's Avatar
    Pichu
    RIP PICHU.
    6,598
    Posts
    33,459
    Reputation
    Jan 2011
    NextGenUpdate
    Nice, this is something I wanna learn how to do for the lolz. I need to now learn the other part.

    Anyone quote me and give me some links to some guides on shells and sql interjecting or whatever it is?
  11. 04-13-2011, 10:04 AM
    #19
    Curt's Avatar
    Curt
    Former Staff
    Curt's Avatar
    Curt
    Former Staff
    2,457
    Posts
    24,120
    Reputation
    Oct 2009
    NextGenUpdate
    Originally Posted by Disabled View Post
    Nice, this is something I wanna learn how to do for the lolz. I need to now learn the other part.

    Anyone quote me and give me some links to some guides on shells and sql interjecting or whatever it is?
    There's quite a few in the premium section that's sorta why I didn't go over it in my tutorial. Just use google :muck:
  12. 04-13-2011, 10:28 AM
    #20
    Stx's Avatar
    Stx
    stx@lol.ag
    Stx's Avatar
    Stx
    stx@lol.ag
    2,207
    Posts
    3,457
    Reputation
    Dec 2010
    NextGenUpdate
    Originally Posted by Curt View Post
    There's quite a few in the premium section that's sorta why I didn't go over it in my tutorial. Just use google :muck:
    You say always use a proxy but how would we use it with the program?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Sponsored Links
How to find vulnerable websites (For beginners)