List of all the SQL Injection Strings

One of the major problems with SQL is its poor security issues surrounding is the login and url strings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .




First SEARCH the following Keywords in Google or any Search Engine:



admin\login.asp

login.asp



with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable



INJECTION STRINGS: How to use it?



This is the easiest part…very simple



On the login page just enter something like



user:admin (you dont even have to put this.)

pass:’ or 1=1–



or



user:’ or 1=1–

admin:’ or 1=1–



Some sites will have just a password so



password:’ or 1=1–



In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.



The one I am interested in are quick access to targets



PROGRAM



i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string



combo example:



admin:’ or a=a–

admin:’ or 1=1–



And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string



Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever



inurl:login.asp

index of:/admin/login.asp



like this: index of login.asp



result:


http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search



17,000 possible targets trying various searches spews out plent more



Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so



http://www.somesite.com/login.asp

http://www.another.com/admin/login.asp



and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter



1) A Proxy list

2) My Target IP list

3) My Combo list

4) Start.



Now I dont want to go into problems with users using Ares..thing is i know it works for me…



Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.



There you go you should have access to your vulnerable target by now



Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes



user=’ or 1=1– just as quick as login process



Combo List



There are lot of other variations of the Injection String which I cannot put on my blog because that is Illegal. If you are interested I can send it to you through Email. Just write in your email address in comment and I will send it to you as early as possible but you need to remain patient it may take 1 or 2 days.



As a result of a lot of requests for the list of SQL Injection String and due to lack of time on our behalf to respond to your Comments we have now decided to give the download link for the list of SQL Injection Strings. Now you just need to Subscribe to our RSS Feed via Email and get the Download link at the bottom of the Confirmation Email. Please don’t Forget to click on the Confirmation Link given in that Email.

3 Amazing Firefox Hacks

What good is a browser unless you can tweak it, hack it and bend it to your will? No good at all. The more you can hack it, the better it is. And that means that Firefox must be a great browser as when ever you feel that you know everything about it you come across a bunch of hidden (and some not-so-secret) tips and tricks available that will crank Firefox up and pimp your browser. Make it faster, cooler, more efficient. So today I have come up with 3 amazing firefox tricks you might not be aware of.




1. Save Session For All Tabs Opened In Multiple Firefox Windows

If you are an ardent user of Firefox then you may be aware that when more than one firefox windows are opened up, in that case when you close a firefox window, it does ask me the option to save the session and exit, rather it ask to close all the tabs in that firefox window, but it wont save the tabs in other windows. So this way you could not save the session for multiple tabs opened in multiple firefox windows.






In such a case, there is only one option left to save the session for all the tabs opened in separate firefox windows by terminating firefox through task manager, here is how you do it.



Press Ctrl+Shift+Esc to quickly launch task manager, click the process tab and locate firefox.exe and right click selecting the exe and click End Process Tree.

Next time when you will open firefox it will open all the tabs in all the windows that were previously open.



2. Open & Log In to Multiple Accounts Gmail, Facebook, or Twitter Accounts In FireFox

Firefox extension CookiePie manages Firefox’s cookies—small bits of text stored on your computer that tell a site you’re logged in, for example—in such a way that you can log into the same site multiple times.



How to use it?



Just follow the steps given below:



■Install CookiePie Firefox Extension.

■Create a new tab or use an existing one.

■Open the context menu of the tab (i.e: Press the right mouse button over the tab) and select “Toggle On/Off CookiePie”.

■A cookiepie icon will appear over the tab.

■Go to a site (e.g.: http://www.gmail.com) and login into your account.

■Create another tab.

■Enable CookiePie on that tab too.

■Log in with another account on the same site.

3. Bypass Download Waiting Time On Rapidshare, Megaupload, zShare, Mediafire etc

SkipScreen is a really useful firefox addon for lot of users who download various types of files from the popular file and media sharing sites like Rapidshare, Megaupload, zShare, Mediafire, and more.



Most of these file sharing web sites have a annoying waiting time limit before a free user can start downloading the requested file. So, SkipScreen can be really useful in saving your time wasted seeing the download waiting time as it removes the screen of download waiting time from these media sharing sites.



SkipScreen monitors the pages where you see the download time and will get the content you want before the download waiting time completes.

Gmail Account Hacking Tool

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.



When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.



Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.



The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. Todd Mumford, from the SEO company called SEO Visions Inc, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”



Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”



If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

18 Tips to Improve your Apple iPhone Battery life

The iPhone is a great device for performing a wide variety of functions, like sending email, watching a movie, getting directions to a destination, playing games, surfing the internet, or of course, making a phone call. One thing that hampers the iPhone’s ability to be a worry-free productivity device is its the battery life. It can vary widely depending on how you use your iPhone. So here are few Tips that will definately increase your battery life in your iPhone (They are also applicable to your iPod. Not tested on iPad but you may try it).

1.Power-cycling the iPhone: A good place to start out is by power-cycling the iPhone. You can do this by holding down the power button on the top of the iPhone until you see the “Slide to Power Off” screen. Once the iPhone is off, go ahead and push the power button again to turn it on. Use the iPhone as you normally would and see how the battery life is lasting.

2.Drain the battery fully: Go to Settings -> General -> Auto-Lock and set it to Never. This is to wear the battery down. After the battery discharged and it was shut down for a few minutes push the home button to ‘revive’ it. Once the battery sits a moment it can pull some reserve power. Do this repeatedly until the screen displayed an empty battery image and it wouldn’t stay on for more than a second. Now charge it completely. Now your battery is as good as new.

3.Avoiding the Extremes: If you want to enhance your iPhone battery lifespan remember to avoid temperature extremes. Avoid using your iPhone at temperatures higher than 95° F (or 35° C) and in very cold environments. Using the iPhone in very hot conditions can inflict permanent battery damage whereas cold temp usage causes temporary battery performance degradation.

4.Regular Updates: Keep your iPhone software constantly updated to ensure your phone has the latest battery performance maximisation technology.

5.Optimise the Settings: Some apps are battery draining like viewing videos, gaming, email and so on. Just remember the following battery tips to maximise its life.

■Minimize use of Location Services by using it only when needed or disabling the location services option.

■Set your Fetch New Data options to hourly or fetch data manually. Frequent use of mail client only drains the battery faster.

■Disable your Push Mail client when not needed to avoid receiving mail as they arrive.

6.Limit Third-party Application Usage: 3 rd party apps like games prevent auto power saving options like screen dimming or switching off hence the battery is constantly at peak performance.

7.Turn off Wi-Fi, Bluetooth and 3G: When not in use switch off these apps to conserve battery. Also note using Wi-Fi to access the net instead of the cellular network service requires less power.

8.Use your iPhone regularly: It may sound weird but its true that not using the iPhone for long time at a stretch decreases the battery life. Use it regularly and charge the battery at least once every six months even if you don’t use your iPhone regularly.

9.Turn off keyboard clicks: If you frequently use your iPhone’s keyboard, navigate to the Sounds pane of Settings and turn the option for Keyboard clicks off.

10.Connect iPhone directly to computer to charge: If you are connecting your iPhone to a computer instead of a wall socket to charge it, don’t connect iPhone to your keyboard or another USB hub/bridge. Make sure it is plugged directly into one of your computer’s USB 2.0 ports.

11.Turn off 3G: If you’re really low on battery, and are willing to do whatever it takes to keep the phone alive for emergency situations, then go and turn off 3G. Hey, EDGE sucks, but it still works.

12.Turn off EQ: Applying EQ settings to your iPhone apparently drains extra battery. If you’re planning on keeping your phone alive all day, turn the EQ settings off.

13.Turn Off Vibrate in Games: A lot of games have very frequent vibrations, which drain battery life. If you can, turn them off in the game’s settings.

14.Don’t download from iTunes or App Store wirelessly: Downloading apps and media is hard on the battery. Just wait until you get home and use your computer.

15.Turn SSH Off: SSH runs is background and drains battery, this can be turned off from the application BossPrefs OR from default SSH service icon. This runs in the background to detect any network activity and this is the main cause of poor battery time for all jailbreak iPhones.

16.Turn off Auto-Brightness: Auto brightness changes the iPhone’s screen brightness on the basis of surrounding light which consumes battery through auto brightness process and changing from low brightness to high brightness level. Turing off this process will stop a back end process and constant brightness level will not consume more battery due to change in brightness level.

17.Lower the Brightness: More screen brightness requires more battery. A reasonable brightness level is between, 25% to 30% which will brighten up the iPhone screen display good for both day and night.

18.Use your discretion: You understand what’s bad for battery life – doing things that look like they would take a lot of battery life. Just be reasonable. Plan ahead. When you know you won’t charge your phone for hours, don’t go playing games. Resist. Don’t pass your phone around to your friends who say “Oohhh iPhone lemme play.” Don’t take the smart out of smart phone.

5 Popular Data Backup Freewares

The post consists of programs for making duplicate copies of your computer files, digital photos, music, movies, or anything else on your hard drive or portable device that you’d like to duplicate in case of accident or catastrophe.

1. Paragon Backup & Recovery Free Edition (32 bit)

Back up and restore your Windows system.



Paragon Backup & Recovery 10.2 Free Edition – a disaster recovery tool for stand-alone Windows-based PCs. Combining all the existing backup techniques and exclusive recovery environments, this latest edition satisfies the needs of even the most demanding user and is simply the most powerful free backup tool available today.



Paragon launches 2 versions of Backup & Recovery 10.2. 32-bit provides support for 32-bit systems. And 64-bit for 64-bit Operating Systems. Paragon Backup & Recovery 10.2 Free Edition allows you to take complete control of your PC’s safety. Based on solid commercial backup and recovery software from Paragon, it has a rich set of features that you can trust. Simple to install and easy to use.



2. Macrium Reflect Free

Create, burn, and back up disk images.



Macrium Reflect Free Edition. An award winning disk imaging solution for free. A complete disaster recovery solution for your home and office. Protect your personal documents, photos, music and e-mails. Upgrade your hard disk or try new operating systems in the safe knowledge that everything is securely saved in an easily recovered backup file. Macrium Reflect supports backup to local, network and USB drives as well as burning to all DVD formats. This version is for non-commercial home use.



What’s new in this version:

Version 4.2 build 2733 may include unspecified updates, enhancements, or bug fixes.



3. Easeus Todo Backup

Back up and restore data on your system, partition, or hard disk.



EASEUS Todo Backup is a backup and restore solution for a good reason: with detailed instruction wizards, your computer will be in a safe condition within minutes without the help of an IT specialist to backup your system state, partition and disk. EASEUS Todo Backup can backup your system partition to quickly get the system up and running in the event of a system crash or hardware failure. It allows you to backup and restore disk or partition after viruses attack, unstable software download, hard drive failure. Meanwhile, EASEUS Todo Backup is useful if you want to upgrade the older smaller hard disk without reinstalling the operating system and applications once again.



4. Second Backup Free Edition

Easy-to-use file backup and folder sync tool.



Second Backup is an easy-to-use file backup and sync tool, it can archive multiple versions backed up copies for different time (for example, the first copy for Monday is ‘Backup_1′, the second copy for Tuesday is ‘Backup_2′). Automatically backup your important data (includes opening/using files and folders) to external hard drive, USB disk, network, and other storage device. Intuitive interface makes it easy to use, simply tell it which file or folder to backup, where and when to archive them, then it works reliably in the background and uses very little system resources. The backup task can be directed only copy the new or modified files, it monitors the source files and automatically backups the new or changed file to the destination. Automatic scheduling includes specific days of the week, days of the month, hours of the day, or any desired time intervals. E-mail notification lets you know the file backup status anytime and anywhere.



Note: It says it’s "free" and even has "Free Edition" in it’s name but it’s a 30 day evaluation copy which says after 30 days you must buy it.



5. FBackup

Protect your files/folders from data loss.



FBackup is freeware backup program for Windows. FBackup protects your important files and folders from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space. Using FBackup you can easily backup to any local or network drive or to external drives (such as USB drives). FBackup can backup open/locked files and it can perform full and mirror backups (backup type that does not compress the files).



When defining a backup you can also set file filters and schedule the backup for automatic execution. You can run predefined backups, such as My Documents, My Pictures, or Outlook Express and load backup plug-ins that will back up the settings and data of specific applications. FBackup has ZIP64 support (can create backups over 2GB) and creates standard ZIP files, meaning that you can access it with any zip compatible utility.