| |
|
|
| |
|
|
When trying to exploit some website using sqlmap, its a good idea to be anonymous. Sqlmap has excellent support for using common proxies or tor.
First start tor and ensure that it is running the socks5 daemon on port 9050. Then use the socks5 proxy with sqlmap as follows
# ./sqlmap.py --tor --tor-type=SOCKS5 -u "http://www.hackable.org/view_section.php?id=10"
The above command uses tor with type SOCKS5. The --tor option by default tries to use the HTTP proxy instead of SOCKS5. Therefor its necessary to specify the tor-type to SOCKS5.
To further improve the anonymity of the scan, use some fake user agent. Here is a quick example.
# ./sqlmap.py --tor --tor-type=SOCKS5 -u "http://www.hackable.org/view_section.php?id=10" --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
The above example uses a google bot kind of user agent in the http headers of the scan, further complicating the identity of the hacker.
That is pretty much of it. Enjoy hacking!! |
|
|
|
| |
|
|
|
| cauz |
March 18, 2014, 4:04 a.m. |
| |
|
|
|
| Shawn Fanning |
Well, user feedback was excellent. Even when the software didn't work at all, there were few people who were avid users, and there were people who were just sending excellent feedback and excellent ideas. |
| Jeff Abbott |
No one forces me, or any other writer, to sell a film option on the books. If you don't want to run the risk that the filmmakers may adapt your work in a way you don't like, then you don't sell the option. You know when you sell it that they will have to make some changes, just because film and TV are different media than books. |
| Mohsin Hamid |
It is not surprising that most Pakistanis do not support America's bombardment of Afghanistan. The Afghans are neighbours on the brink of starvation and devastated by war. America has shown itself to be untrustworthy, a superpower that uses its values as a scabbard for its sword. |
| Bindi Irwin |
My Dad was such an incredible person, and you have the option of just curling up in a dark corner and letting it all go or you have the option of standing strong, sticking together and carrying on what he lived and died for. And I think that's what's so important - to be able to carry on where he left off. |
| Eric Fellner |
If there's a British film in the marketplace that is successful on a worldwide basis - whether it's 'A Room with a View,' 'Four Weddings' or 'The Full Monty' - money follows, and everyone tries to emulate that success. |
| Ron Paul |
How did we win the election in the year 2000? We talked about a humble foreign policy: No nation-building; don't police the world. That's conservative, it's Republican, it's pro-American - it follows the founding fathers. And, besides, it follows the Constitution. |
| Swami Vivekananda |
Take up one idea. Make that one idea your life - think of it, dream of it, live on that idea. Let the brain, muscles, nerves, every part of your body, be full of that idea, and just leave every other idea alone. This is the way to success. |
| Bill Halter |
If ask 100 Arkansans about the phrase, 'the public option,' or 'a public option,' you'll get 100 different impressions about what that means. |
| Cindy Gallop |
Client companies and advertising agencies are old-world-order places. The systems and processes and structures come from a time when you shot the TV commercial, then you did the print ads, then you did everything else - including the website. Everything has changed, but the systems haven't. |
| Francois Fenelon |
Nothing is more despicable than a professional talker who uses his words as a quack uses his remedies. |
|
|
|
|
How to tunnel Internet traffic over SSH in Windows
using free software
This is a basic guide to SSH dynamic port forwarding. It is intended as an introduction to this technology for intermediate to advanced computer users in the hopes that it will be useful. It is not intended to be the best nor most comprehensive guide on the subject. I found a similar document here.
SSH is a protocol for secure (encrypted) communications, most commonly used for remote login sessions to the command line on v...
|
| |
|
|
|
In the previous post on sqlmap basics we learnt how to use sqlmap to hack a vulnerable web application and fetch the list of databases, tables, columns and data rows. In this post we shall see how to do some simple fingerprinting on the remote database to find valuable information that can be used to assist in further exploitation of a system.
So lets say we have a vulnerable url
http://loca...
This post is a comment.
|
| |
|
|
|
|
now that my list of product ids is in the millions and ive used about 40gb of proxy bandwidth scraping maybe 50k pages from that data, i have to carefully weigh out how much i want to spend on proxies (spent about $30) on this experiment that could result in just a simple takedown notice to stop the method. granted i can always reuse and modify this data. but i guarantee if you had a million page site based directly around real ecommerce products you would make good money if it stays up
|
| |
|
|
|
Oh wow I just re-read this. Good idea, past Charlie. I can add the 'post as anonymous' option without having to make everything public. Then you just have to have an account to post anonymously and if I want to make it public later, I can do that too.
This post is a comment.
|
| |
|
|
|
|
one of my modules silently edits the registry for a systemwide web proxy. i'm looking for a good solution that might change amazon pub-ids, adsense ids, and most importantly redirect according to what site they are visiting. i don't care about banking, i'm already grabbing passwords. i want to be able to dynamically inject javascript into every page they visit etc
|
| |
|
|
|
Advanced Hybrid Peer to Peer Botnet. The botnet requires no bootstrap procedure.
The botnet communicates via the peer list contained in each bot. However, unlike Slapper [8], each bot has a fixed and limited size peer list and does not reveal its peer list to other bots. In this way, when a bot is captured by defenders, only the limited number of bots in its peer list are exposed.
A botmaster could easily monitor the entire botnet by issuing a report command. This command instructs all (or partial) bots to report to a specific compromised machine (which is called a sensor host) that is cont...
|
| |
|
|
|
Today I want to talk about a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect source amplification vectors.
Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites. Note that XMLRPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you?re likely very fond of. But, it can also be heavily misused like what we are seeing.
The story
...
This post is a comment.
|
| |
|
|
|
Dead People Mysteriously Support The FCC's Attack On Net Neutrality
We've noted for months how an unknown party has been using bots to bombard the FCC website with entirely bogus support for the agency's planned attack on net neutrality. Inquiries so far have indicated that whatever group or individual is behind the fake support used a bot that automatically pulled names -- in alphabetical order -- from a compromised database of some kind. Earlier this year one reporter actually managed to track down some of these folks -- who say they never filed such comments or in many instances had no idea what net neutrality even is.
Earlier this year, some reporters discovered that some of the bigges...
|
| |
|
|
|
We are impressed by five prisoners in the US who built two personal computers from parts, hid them behind a plywood board in the ceiling of a closet, and then connected those computers to the Ohio Department of Rehabilitation and Correction's (ODRC) network to engage in cybershenanigans.
Compliments are less forthcoming from the State of Ohio's Office of the Inspector General, which published its 50-page report [PDF] into this incident yesterday, following a lengthy investigation.
The Inspector General was alerted to the issue after ODRC's IT team migrated the Marion Correctional Institutio...
This post is a comment.
|
| |
|
|
|
I had this idea one night for creating a decentralized search engine.
It would pull data from other search engines (through proxies or from a single server, so no personal user data is involved) and then re-display it to the user.
The next additional thought I had was to make it into a 'roll your own' search engine, so users could then deploy their search engine on their own server to have further control of the traffic as you obviously cant trust shit like duckduckgo (fishy)
Then you could m...
|
| |