Login | Register
Results 11 to 20 of 82

Thread: How to find vulnerable websites (For beginners)


  1. Curt's Avatar

    Curt Former Staff

    Join Date Oct 2009

    Posts 2,788

    Membership Former Staff

    Reputation: 26720

    04-12-2011 04:11 PM #1 How to find vulnerable websites (For beginners)

    [font=Tahoma]I thought i'd post this because using a tool like this is much quicker than doing manual SQLI (unless you prefer doing it old school.:tongue This tool is a little like havij but in my opinion better. I will only be showing you howto find vulnerable websites with this tutorial as their's plenty of tutorials on how to deface an sql vulnerable site.

    First off you need to download the actual tool itself (No this is not my own tool)
    Download (Survey free);

    [Only registered and activated users can see links. ]

    Once you've downloaded the program itself from the above download link, you need to extract it to a place you will know where to find it. You can find a picture of the programme itself, once opened, below.

    Spoiler:


    NOTE- Make sure you don't extract the tool away from the folder because that's where the dorks are.

    Ok so now for the tutorial, this is a little long but who ever said hacking was easy? just simply follow these steps bellow and then you will be successful in "hacking" your opponent.

    Step 1 -First you will need to click the "Scanner" tab and then the little "+" icon on the "All dorks". Once done you will see a list like below.
    Spoiler:

    this is called a "dork" you can pick any dork you want via clicking the little "+" icon, again.

    Step 2 - Next you will need to pick a specific "dork" I'm going to be using ASP with dork ; ".asp?bookID=" you can (enter it into the search box the type of dork you're looking for. This tutorial doesn't require this specific dork, you can chose one to your own preference. So now our stage process should be as shown below.
    Spoiler:


    Step 3 - Now you will need to press the scan button, make sure to press "Remove duplicates". See the below picture.
    Spoiler:


    Step 4 - Once you've completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
    Spoiler:


    Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping. It should look like the following.
    Spoiler:


    Step 6 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject.

    I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.

    I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy to hide yourself, here's a few proxy's that I use.

    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ]
    [Only registered and activated users can see links. ] (best in my opinion)



    Remember all my tutorials I do myself from my own personal knowledge. Here's some other tutorials I made ;
    How to hack phpbb2 forums
    How to deface vbulletin site's once gained admin


    Virus scan.
    [Only registered and activated users can see links. ]
    Last edited by Curt; 09-06-2012 at 06:48 PM. Reason: New pictures + virus scan + new text.


  2. Curt's Avatar

    Curt Former Staff

    Join Date Oct 2009

    Posts 2,788

    Membership Former Staff

    Reputation: 26720

    04-12-2011 06:43 PM #11


    Quote Originally Posted by BizNasty View Post
    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:23 PM ---------- Previous post was at 02:23 PM ----------

    Spoiler:



    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:23 PM ----------

    [spoiler]


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:24 PM ----------


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:24 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:27 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:
    Are you serious Biz? like really...I spent at least a good hour doing all this, I even went through SQL injection then decided to delete it because there's already loads all over the forum, If you can find this exactly the same on HF then I will give you all my vbux and +rep you, it's impossible. Every thread I make I make from nothing no copy and paste bullshit.

  3. Sk8erFerSur's Avatar

    Sk8erFerSur NyanNyanNyanNyanNyanNyan

    Join Date Aug 2010

    Posts 1,230

    Membership Donator

    Reputation: 2800

    04-12-2011 08:02 PM #12

    Quote Originally Posted by BizNasty View Post
    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:23 PM ---------- Previous post was at 02:23 PM ----------

    Spoiler:



    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:23 PM ----------

    [spoiler]


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:24 PM ---------- Previous post was at 02:24 PM ----------


    Cool post, but please post the source, as I know this isn't yours.

    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:24 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:

    ---------- Post added at 02:27 PM ---------- Previous post was at 02:27 PM ----------

    This isn't your tutorial, same as the one on HF.
    Give credits, it's cool anyways.
    :love:
    Lol at quadruple double post.
    I <3 vBookie!

  4. Sir's Avatar

    Sir Reeferlution

    Join Date May 2010

    Posts 2,393

    Membership Donator

    Reputation: 14171

    04-12-2011 09:11 PM #13

    1337 hax0r is 1337 :y:

  5. -☃-'s Avatar

    -☃- Canít trickshot me!

    Join Date Apr 2011

    Posts 360

    Membership Standard

    Reputation: 462

    04-12-2011 09:26 PM #14

    bought to get my hack on :evil:

  6. Curt's Avatar

    Curt Former Staff

    Join Date Oct 2009

    Posts 2,788

    Membership Former Staff

    Reputation: 26720

    04-12-2011 09:49 PM #15

    Quote Originally Posted by Sir View Post
    1337 hax0r is 1337 :y:
    I do try....:hitman:

  7. Nate Guest

    Join Date

    Posts n/a

    Membership Unregistered / Not Logged In

    Reputation:

    04-12-2011 10:59 PM #16

    Quote Originally Posted by Curt View Post
    [COLOR="black"]Ok so.. I've seen recently people have been making threads with SQL injection tutorials so I thought i'd make a thread on how to find vulnerable sites the easy way. I thought i'd post one using a tool I like to use when I simply cant be bothered to do it the manual way. This tool is a little like havij but in my opinion better.

    ]
    Wow, another helpful thread by Curt. Thank you very much.

    ---------- Post added at 10:59 PM ---------- Previous post was at 10:39 PM ----------

    Quote Originally Posted by Curt View Post
    Looks like you kids are gonna have some fun within the next few hours
    btw Curt, I think we all want you to go in-depth with the sql injections.

  8. -Syed-'s Avatar

    -Syed- < ^ > < ^ >

    Join Date Jul 2010

    Posts 1,238

    Membership Donator

    Reputation: 3766

    04-12-2011 11:43 PM #17

    Im having fun :y: Thanks Curt. Nominated + Thanks :love:

    Guys all the stuff i posted on Private Premium is not directly from me. All from my friends. Credits to him(not on this site)

  9. Pichu's Avatar

    Pichu RIP PICHU.

    Join Date Jan 2011

    Posts 6,702

    Membership Former Staff

    Reputation: 33441

    04-13-2011 01:07 AM #18

    Nice, this is something I wanna learn how to do for the lolz. I need to now learn the other part.

    Anyone quote me and give me some links to some guides on shells and sql interjecting or whatever it is?
    Send me a PM with the message: "What What In The Butt".
    I will compile a list of names and put you all in my signature permanently.
    I rarely log on so it may be a month before I do it.

    [Only registered and activated users can see links. ], [Only registered and activated users can see links. ], [Only registered and activated users can see links. ], [Only registered and activated users can see links. ]and [Only registered and activated users can see links. ] wants it in the Butt.

  10. Curt's Avatar

    Curt Former Staff

    Join Date Oct 2009

    Posts 2,788

    Membership Former Staff

    Reputation: 26720

    04-13-2011 09:04 AM #19

    Quote Originally Posted by Disabled View Post
    Nice, this is something I wanna learn how to do for the lolz. I need to now learn the other part.

    Anyone quote me and give me some links to some guides on shells and sql interjecting or whatever it is?
    There's quite a few in the premium section that's sorta why I didn't go over it in my tutorial. Just use google

  11. Stx's Avatar

    Stx stx@lol.ag

    Join Date Dec 2010

    Posts 2,475

    Membership Donator

    Reputation: 5477

    04-13-2011 09:28 AM #20

    Quote Originally Posted by Curt View Post
    There's quite a few in the premium section that's sorta why I didn't go over it in my tutorial. Just use google
    You say always use a proxy but how would we use it with the program?
    :shh:
    [Only registered and activated users can see links. ]
    EH MINECRAFT SERVERS - CHEAP&SIMPLE ✔ - STARTING AT £3 [10% PROMO CODE]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •