Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts

Thursday, October 7, 2010

Your First Live Hacking Technique

By Sajad KK 5:36 PM , 9 comments
There are many hacking techniques used for hacking a website. Here i am giving you a taste of SQL Injection method. SQL, OS, and LDAP injections occur when untrusted data is sent to an interpreter as part of a command or query. We can trick the interpreter into executing unintended commands. So, follow the below steps carefully. Now most of the sites are designed with SQL Injection in mind, hence the below method only works for poorly designed websites.

WARNING:
Any actions and or activities related to the material contained within this Website is solely your responsibility. The author and this sitewill not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

1) Go to Google and search for vulnerable ASP sites using "inurl:adminlogin.asp"

2) Choose a result

3) You will get a login window similar like this, use below data to login

Username : admin (always its admin)
Password : 'or'1'='1

4) If you are lucky, you will be redirected to the Admin Panel





5) Finished, you hacked a website!

the theory behind this hack is explained below,

SQL injection is the result of weak coding. Analyzing the above example, the site uses a SQL statement similar below to access and compare username and password from the database.

SELECT username,pwd FROM members WHERE 'username'='given username' AND 'pwd'='given password
when we type 'or'1'='1 in the password field it becomes
SELECT username,pwd FROM members WHERE 'username'='admin' AND 'pwd'=''or'1'='1'
So 1 = 1 will be always true and it proceeds the login. As for your knowledge it will not work with websites made of PHP. I will explain other techniques like XSS attacks in coming days. Happy Hacking!
Read More...

Wednesday, October 6, 2010

Viewing Live Webcams Using Google!

By Sajad KK 10:43 AM , , , 3 comments

cam
Google can be used to view unprotected live web cams around the world. It's a pretty old trick but still works like charm. By using simple Google Search queries, any user that has Internet can logon, access and watch thousands of unprotected surveillance cameras and webcams around the world.Privacy? Once online, there is no privacy. Your computer would only be private WITHOUT internet connections. Once the connection is up, virtually anyone can see you and what you’re doing. So the trick to find and search for open unprotected Internet webcams that broadcast to the web, is by using the following query:



 inurl:/view.shtml
 or
 intitle:”Live View / – AXIS” | inurl:view/view.shtml

The above query will reveal IP network web cameras that able to transmit live footage or individual images across the Internet from Axis Communications.However, contrary to popular believe, most of these webcams found by this trick is naturally meant for public viewing, and normally linked from a public website. Those private webcams attached to PC or used at the living room or bedroom or bathroom are normally won’t be able to find unless the owners purposely let Google crawl the link.

here is more queries,

inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210?
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1? intext:”Open Menu”
intext:”MOBOTIX M10? intext:”Open Menu”
intext:”MOBOTIX D10? intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1?
intitle:”sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console – Web Monitor”

www.drakepeak.net have built a database of live cameras found on the Internet. The database can be accessed directly at: http://www.drakepeak.net/index.php?content=livecams
Read More...