For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.
Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
Recent Changes
Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:
Adapted Metasploit wrapping functions to work with latest 3.3 development version too.
Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.
Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or –os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter.
This make sqlmap 0.7 to work again on Windows too.
Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).
HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.
For a complete list of changes view the ChangeLog.
In this post we will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). C programming language used create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.
Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since wehave also given a program to re-enable all the USB ports.
3. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.
3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).
4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.
I have got a lot of comments that the settings for free Airtel GPRS that I had posted earlier doesn’t work. So I have found out another hack to get free GPRS on Airtel. The following settings have been tested in different States and are found to be successfully working on most of them.
I have got 2 settings which you can tryout to see if any of them works for you.
First IP Address :: 10.49.16.10 Port :: 8877 APN :: airtelfun.com
Second IP Address :: 200.199.82.61 Port :: 8080 APN :: airtelmms.com
second one works in some states only
I have also got some IP Addresses and Open Ports which are working for different Users so I have listed them. You can tryout if the above settings doesn’t work.
Working IP Addresses (a) 10.2.45.155 (b) 10.49.16.10 (c) 10.4.1.55 (d) 10.6.6.6 (e) 10.89.15.15 (f) 100.1.200.467 (g) 100.1.200.211 (this one is for west bengal)
In this post We will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.
Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).
The operation of domain name is as follows
Any website say for example gohacking.com consists of two parts. The domain name (gohacking.com) and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.
1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding let me take up a small example.
John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.
What happens when a domain is hijacked
Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.
For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name (abc.com) is said to be hijacked.
How to hijack a domain name
To hijack a domain name, you need to gain access to the domain control panel of the target domain. For this you need the following ingredients
1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.
You can get these information by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hack the domain name. It is the key to unlock the domain control panel. So you need to hack this email account and take full control of it. Email hacking has been discussed in my previous post how to hack an email account.
Once you take full control of this email account, you need to visit the domain registrar’s website and click on forgot password in the login page. You will be asked to enter either the domain name or the administrative email address to initiate the password reset process. once you do this all the details to reset the password will be sent to the administrative email address. Since you already have access to this email account you can easily reset the password of domain control panel. After resetting the password, login to the control panel with your new password and from there you can hijack the domain within minutes.
How to protect the domain name from being hijacked
The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain. So refer my previous post on how to protect your email account from being hacked. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.
In this post we will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). C programming language used create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.
