Remove Unused Media From WordPress

Remove Unused Media From WordPress

Remove Unused Media From WordPress Clean your Media Library from the media which aren’t used in any of your posts, gallery and so on. It features an internal trash, moving the files in there temporarily for you to make sure the files aren’t actually in used; once checked, you can trash them permanently. Before using this plugin, make sure you have a proper backup of your files and database. This is the most important step on the usage of this plugin as you can’t trust any file deletion tools. The Pro version of this plugin brings also scanning to the /uploads folder and will detect which files aren’t registered in the Media Library, not used in your content and so on. Retina images are also detected and supported, shortcodes, HTML in sidebars and of course your posts, pages and all post types.

Read More From My Site:

1.  [TopAdd]


2. Social Locker Premium Plugin For WordPress


3. Launch Taskbar Programs With Keyboard


4. How To Downgrade WordPress To A Previous Version

Download Given Bellow Plugin & Install or Activate after installing the this plugin you go to Meow Apps > Media Cleaner & Select Post Analyze , Post Meta Analyze as per given bellow screenshot.

[caption id="attachment_4352" align="aligncenter" width="693"] Remove Unused Media From WordPress[/caption]

If you see given bellow message so Click on Access Media Cleaner Dashboard

[caption id="attachment_4354" align="aligncenter" width="696"] Remove Unused Media From WordPress[/caption]

after that go to Media > Cleaner & Click on Scan Button, this plugin is automatically scan all unused media from median library, when you show finish message just simply click on Delete All button and wait few minutes.

[caption id="attachment_4447" align="aligncenter" width="696"] Remove Unused Media From WordPress[/caption]

Now you successfully delete all unused media

[TopAdd]
[sociallocker]Download Link [/sociallocker]

 

What Is WordPress Plugin Full Explain?

"What Is WordPress Plugin" Plugins are packages of code that extend the core functionality of WordPress. WordPress plugins are made up of PHP code and other assets such as images, CSS, and JavaScript.

By making your own plugin you are extending WordPress, i.e. building additional functionality on top of what WordPress already offers. For example, you could write a plugin that displays links to the ten most recent posts on your site.

Or, using WordPress’ custom post types, you could write a plugin that creates a full-featured support ticketing system with email notifications, custom ticket statuses, and a client-facing portal. The possibilities are endless!

READ MORE IN MY SITE

1. Downgrade WordPress Version


2. Yoast SEO Premium Plugin
   

Most WordPress plugins are composed of many files, but a plugin really only needs one main file with a specifically formatted DocBlock in the header.

Hello Dolly, one of the first plugins, is only 82 lines long. Hello Dolly shows lyrics from the famous song in the WordPress admin. Some CSS is used in the PHP file to control how the lyric is styled.

• Social Locker Premium Plugin For WordPress


• Remove WordPress Memory Size Exhausted Error


• How To Block Ad Blocker Extension In Browser

Yoast SEO Premium Plugin For WordPress

Yoast SEO Premium Plugin (formerly known as WordPress SEO by Yoast) is the most complete & powerful WordPress SEO plugin that exists today for WordPress.org users. It incorporates everything from a snippet editor and real-time page analysis functionality that helps you optimize your pages content, images titles, meta descriptions and more ato XML sitemaps, and loads of optimization options in between. Possibly even more important, buying Yoast SEO Premium Plugin (formerly known as WordPress SEO by Yoast Premium) gives you access to our support team.

Read

1. Remove WordPress Memory Size Exhausted Error (php Memory Limit)


2. Home Villas Real Estate WordPress Theme

Yoast SEO Premium Plugin Features

• Post titles and meta descriptions


• Robots meta configuration


• Canonical


• Breadcrumbs


• Primary category


• Permalink cleanup


• XML sitemaps


• RSS enhancements


• Edit your robots.txt and .htaccess


• Clean up head section


• A redirect manager


• Multiple focus keywords

Download Yoast SEO for WordPress Plugin

[sociallocker] Click Here To Download [/sociallocker]

[sociallocker] hi [/sociallocker]

DroidSQLi Hack Website Using SQL Injection

How to hack website using automated SQL injection in Android phone. If you know We know 70% website hacked by using DroidSQLi (SQL injection). SQL Injection are two types:

Read Top Indian Hackers You Should Know

[caption id="attachment_3688" align="aligncenter" width="1600"] Hack Website Using SQL Injection[/caption]

---

Note From Admin: We need a 20 Author for this website, who have previously write a for any WordPress or blogger blog & have a knowledge of how to write post in blog, we pay to every Author. We pay 60 Rupees for every 20 post. If you are interested in writing a posts for this site so please send a mail to ask2guruji@gmail.com or send a message "Author" >space "Your Name" space "Email ID" to 8505977702 or you can call for any query.

---

1. 
   

   Automated SQL injection

   
   


2. 
   

   Manual

   
   

For manual  SQL injection Query we need laptop / PC,  back track (OS) , havij or Kali, and etc..But now you can attack on site using your android mobile phone and Tables and hack website. Only you need 3 things:

1. 
   

   SQL Vulnerable site

   
   


2. 
   

   android mobile

   
   


3. 
   

   DroidSQLi tool

   
   

DroidSQLi is the first automated SQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks. DroidSQLi supports the following injection techniques: Time based injection Blind injection Error based injection Normal injection It automatically selects the best technique to use and employs some simple filter evasion methods Related Post

[button color="" size="" type="" target="" link="http://ask2guruji.org/android/droidsqli-pro-android-app-for-hackers/"]Download Link[/button]

Remove WordPress Memory Size Exhausted Error (php Memory Limit)

Remove WordPress Memory Size Exhausted Error

Remove WordPress Memory Size Exhausted Error Are you seeing an allowed memory size exhausted error in WordPress? This is one of the most common WordPress errors, and you can easily fix it by increasing the php memory limit in WordPress. In this article, we will show you how to fix WordPress memory exhausted error by increasing PHP memory.

What is WordPress Memory Exhausted Error?

WordPress is written in PHP, which is a server-side programming language. Every website needs a WordPress hosting server for it to function properly.

Web servers are just like any other computer. They need memory to efficiently run multiple applications at the same time. Server administrators allocate specific memory size to different applications including PHP.

When your WordPress code requires more memory than the default allocated memory, you get to see this error.

1	Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 2348617 bytes) in /home4/xxx/public_html/wp-includes/plugin.php on line xxx

[caption id="attachment_40103" align="aligncenter" width="550"]BlogThis!

Britney Spears' Instagram Used By Russian Hacker Group

The social media giants like Instagram, which is on its way to hitting a billion users this years, surely have a number of harmless comments posted each day. But, will be there some occasional moments when some clever hacker posts some comments that instructing a malware how to get in touch with its controllers or servers?! A latest report says a Big yes! The Slovakian security company ESET said on Tuesday that a Russian espionage hacker group called, Turla has created such cleverly hidden comment. The interesting thing is that it was on the popular American singer Britney spears.

Instagram comments on the American singer just got used to store the location of a C&C server (command & control server) of the 'Turla' hackers. The shocking operation was made by using a Mozilla firefox extension, in which a hidden backdoor in it. The team said it is one of the tool owned by the group, which is believed to be funded by the Russian government.

Off course, The singer might not be aware of that one of the comments on her photo were doing something weird that it could pave a path to establish a communication between the hackers and the malware they created.

What Just Happened?!

The infamous Hacker group 'Turla' created a backdoor pretending to be a firefox extension and made the users to trickly download it. The Turla group’s method of attack is through a malicious site that forcibly makes the users to downloads files and allowing to execute the malicious codes in it, which is known as 'Drive-By download method'. This drive-by download method is commonly used by exploit kits, malvertising campaigns and espionage groups.

[caption id="attachment_3623" align="aligncenter" width="590"] Firefox Extension source: ESET[/caption]

Here in Britney's case, their attack were through a compromised Swiss security site. but, instead of drive-by download, this time the visitors of the compromised site were asked to install a firefox extension. The extension is called HTML5 Encoding. It was a javascript based backdoor which tracks user activities to its operators. As a part of tracking the user data, the malware should be connected with  command and control server( C&C Server), which is used to provide commands to the victim computer. So it must be linked with the URL of that server. What they did was something intelligent.

Read More: Warning! You Are Being Watched Without Your Knowledge

An account from the attacking group posted a random( spam look alike) comment on Britney’s Instagram post. There was a trackable hash that contained a string of characters hidden in that comment .

The comment is given below.

"#2hot make loved to her, uupss #Hot #X," user asmith2155 wrote.

The comment, now deleted (account also deleted), was actually a web address that required a fairly complicated, multi-step process to decipher. When decrypts, it will become  ‘2kdhuHX’. The URL of the C&C server was resolved through a Bit.ly short URL. So the string combined with bit.ly link and made itself a URL link that would in turn connect with its command-and-control (C&C) server. Strange but unbelievable right?!

Explanation

In this case, the malware went through all of the comments on Spears' Instagram photo and computed a number, or a "hash," for each one, while it looked for a specific hash. When it found the comment with the right hash, it would check it out for particular characters, grab the letters that came after those characters and turn them it into a link. That link would then let the malware connect to its controllers.

Through the ESET team's Explanation,

---

"Looking at the photo’s comments, there was only one for which the hash matches 183. This comment was posted on February 6, while the original photo was posted in early January. Taking the comment and running it through the regex, you get the following bit.ly URL:

http://bit.ly/2kdhuHX

Looking a bit more closely at the regular expression, we see it is looking for either @|# or the Unicode character \200d. This character is actually a non-printable character called ‘Zero Width Joiner’, normally used to separate emojis. Pasting the actual comment or looking at its source, you can see that this character precedes each character that makes the path of the bit.ly URL:

smith2155< 200d >#2hot ma< 200d >ke lovei< 200d >d to < 200d >her, < 200d >uupss < 200d >#Hot < 200d >#X

When resolving this shortened link, it leads to static.travelclothes.org/dolR_1ert.php , which was used in the past as a watering hole C&C by the Turla crew."

---

Why This Method?

Hiding this sensitive information out in the open isn't just a funny trick, but would have several uses. Since this information isn't included into the malware itself, researchers have to go and find out the information themselves in the wild, assuming it is still comments there to be found. But more importantly, it means the malware's controllers can change the secret destination without touching the malware itself. All they would have to do is delete the original comment and create a new one with the same hash and a new encoded URL. Instead of giving the malware a specific key to a specific lock, hackers told the malware how to find places where keys would be hidden, leaving them free to change either lock or key.

Conclusion

Its on a post of a popular celebrity, right. but, the main part is it demonstrates us the extend to which the cyber space could be spied. If the attackers could this through the instagram, what types of methods/spies might be happening in facebook, twitter etc?!

Carding Credit Card Hacking Full Explain

Carding Credit Card Hacking

[caption id="attachment_3659" align="aligncenter" width="960"] Carding Credit Card Hacking Full Explain[/caption]

Carding Credit Card Hacking I had posted some posts about credit card hacking or generally known as carding, but I never try to well explain them, I was really enough busy in posting tutorial instead of explaining the basic of carding. So today I am trying to give you a well intro to carding as well as explaining all term related to carding. "Use Socks 5 In Carding" Please don’t be lazy! try to read all if you don’t want to be fooled by other in future Don't forget to read full post.

---

Note From Admin: We need a 20 Author for this website, who have previously write a for any WordPress or blogger blog & have a knowledge of how to write post in blog, we pay to every Author. We pay 60 Rupees for every 20 post. If you are interested in writing a posts for this site so please send a mail to ask2guruji@gmail.com or send a message "Author" space "Your Name" space "Email ID" to 8505977702.

---

What Is Carding?

Carding is a term describing the trafficking of credit card, bank account and other personal information online as well as related fraud services.[source Wikipedia]

“Carding” is term related to fraud of credit card usually. At this time, every shopping site or other purchase in site using credit card, which get attention from hacker and they noticed this point and start using it for their benefit. 

What Is Term Ripper in Carding?

I think you must see some posts in Facebook or What’s App group, according to them they are carder, can card for you in some advance payment usually 50% of product that you want to card, in some cases they want cc from you. But when you deal them in inbox, they just take money from you and disappear in as they get their money simply they block you. In simple words Facebook, full fill with 90% of ripper. So, it’s really important to understand carding and how to prevent from ripper. I’m not posting about ripping in carding, it is about how to card so let's focus again on carding, start with basic requirements.

Basic Requirements in Carding

1. Computer, MacBook, laptop: Common don’t be foolish you can’t card with your simple mobile phone, so it’s time to run your PC, laptop in work. Don’t worry you are not working high level program, it is same as you play game on your PC.


2. VPN: A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it was directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. There are a lot of free and premium VPN are available, it is recommended to use premium or maybe it is a trial software. You can get a lot of free VPN software on internet, or trial Here is link where you can get VPN software for free or premium ones.[button color="" size="" type="" target="" link="http://www.start-vpn.com/tag/free-trial/"]Download VPN[/button]


3. RPD- Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, iOS, Android, and other modern operating systems. RDP servers are built into Windows operating systems; an RDP server for Linux also exists. By default, the server listens on TCP port 3389. Microsoft currently refers to their official RDP server software as Remote Desktop Services, formerly "Terminal Services". Their official client software is currently referred to as Remote Desktop Connection, formerly "Terminal Services Client" You can connect to RPD by clicking on start menu - remote desktop connection - then type victims IP address. Example 74.7.42.89,click connect, now it will pop up screen asking for password and username which is in this case: User name: Shipping Password shipping1. Now click ok, and you will get access to Remote Desktop Connection - which means you are connected to someone computer and you will buy stuff from victims computer. Not YOURS!

4. Socks 5: Socks 5 SOCKet Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. SOCKS performs at Layer 5 of the OSI model (the layer, an intermediate layer between the presentation layer and the transport layer). You can get socks for free or you can buy fresh which i recommend Before we proceed lets learn how to user socks 5 in Mozilla Firefox.

How To Use Socks 5 In Carding?

Example of socks 4/socks 5 are 75.119.127.189:36871

Socks 5 are very easy to use via Mozilla Firefox. First open Mozilla Firefox.

Just follow this step in Firefox

1. go to  options >> advanced >> network >>connections >> settings.


2. Now the screen will pop up various options like :
   
   
   
   1. No proxy;
   
   
   2. Auto Detect;
   
   
   3. Use system proxy;
   
   
   4. Manual proxy configuration.
   
   
   
   

You mark 4. Manual proxy configuration. Now type in socks host IP you have collected from above mention sites. for example Socks Host: 75.119.127.189 Port: 1080.

3. Now press OK and you are connected to secure socks 5. I will explain more when we start carding.


4. Credit card:Victims credit card, you can get a lot of free credit cards here on ABH, or you can buy one from various CVV shops that can be find on internet. Let's see how CC will look like or what information CC contain Example of victims credit card (see image also):

---

First Name : Ben
Middle Name : Jamsin
Last Name : Parker
Spouse Name :
Father Name :
Billing Address : 9006 peppertree circle
City : wichita
State : KS
Zip Code : 67226
Country : US
Phone Number : 3166342050
Credit Card Information :
Card Type : Credit
Credit Card Number : 5102 4129 0001 1332
Exp. Date : 6/June / 2012
Name On Card : H. James Menehan
CVV2 : 474
Mother Maiden Name : penny
Social Security Number : 515 16 4160
Birth Day : 28
Birth Month : 02
Birth Year : 1926

Account Information :

AOL ID : hjimdoc@aol.com
Password : Jm6227mh

This is just only an example of victims credit card, you don't need all this information in carding like. Some sites ask only for card numbers, exp date and CVV2.

Here you can buy a cc (some domain may be blocked by your browser or antivirus)

https://ccbox.su/Login.php
bstab.net
buyst0re.bz
c2v2.net
carderpro.com
cardersbay.in
cardrockcafe.cc
cardsmarket.su
cardstorm.ru
ccbase.biz
ccbases.com
ccbases.net
ccbases.su
ccchecker.ru
ccdumb.cc
n1shop.su
nonvbv.com

Carding Website

Now that you have all this above, let’s start carding

Let’s say we want free phone like Samsung S6, IPHONE 6, etc...

First of all choose a online shopping website from your country. Why? Because if you choose shopping site from another country you, either they not able to make delivery in your country or they take up to 2 days for delivery. I hope you don’t want to wait a lot for your order. I leave this choice on you. When you choose your site, find out which type of it is.

There are two types of shops, VBV and NON VBV:

VBV is a Verified by Visa, an online security system for credit card transactions. Which means you need to provide a card knowing a lot of victim credit card information such as DOB (date of birth), SSN (social security numbers), Secure password witch cc owner use for online purchase. You can check on shop is there a VBV VERIFIED BY VISA ICON on home page.

NON VBV is not verified by visa card, you can buy anything with non vbv cards without going through 3d verification process.

I leave it now for later.

Carding Tutorial

1. Connect to your vpn software and choose ip address of your victim's country.


2. Connect to RPD ( Remote Destkop connection), must be same country (IP), state as credit card holder's address .


3. Now from your RPD, connect to socks5 via mozzila firefox, example 97.77.96.226 34539 United States, Must be same as your victim's address: COUNTRY, STATE, CITY!


4. When you done all that, create email with same name as credit card holder name, same address, same city, and everything. Or if you got email access that's would be a lot better.


5. Go to your website shop you want to card.


6. Register with credit card holder information, name, country, city, address, and email you made one just for this ORDER.


7. Add a shipping address, some sites don't allow to ship to different address but there is plenty of shops which do.Shipping address is where package will be delivered usually Carder called it Drop. Which means you provide your address, girlfriend address, friend address, to your drop etc.


8. Select product you want, and click on check out, now it will ask for you know, how you will pay. Choose credit card, and type victims credit card numbers and other information needed.


9. Click order now, and i am sure 100% they will confirm your order via email or you will get track your order on website, after pressing order.

(note that some sites need phone verification, but you can always buy phone number in internet or in real life , confirm your order, and destroy it after they ship your item)

10. Wait for order to arrive to your shipping address, I personally use . When they arrive they call me, and i can say different address where i want to pick up my order.

Hope you all know now what is carding, ripping, how to get CC and  how to card? Please share this post with your friends.

Top Indian Hackers You Should Know

Top Indian Hackers

Top Indian Hackers Computer hackers are almost always celebrated, whether they fall in the ‘black’ or ‘white’ side of the law. But you rarely get to hear about Indian hackers in our own media. And especially when these hackers are decisively helping organizations and governments in positive ways they ought to be celebrated. Here are 11 best Indian hackers we all should know of.

1. Rahul Tyagi

[caption id="attachment_16103" align="aligncenter" width="613"] Top Indian Hackers[/caption]

Rahul Tyagi | Source: twitte

Aside from being an expert on breaking and entering computers Rahul Tyagi is also an author and a talented actor. With over a hundred training sessions under his belt this guy is as versatile as it gets.

2. Pranav Mistry

[caption id="attachment_16104" align="aligncenter" width="610"] Top Indian Hackers[/caption]

Source: vulcanpost.com

This hacker extraordinaire is also famous for the invention of SixthSense-a technology that’s used by NASA and also the invisible computer mouse-yes, invisible.

3. Ankit Fadia

[caption id="attachment_16105" align="aligncenter" width="627"] Top Indian Hackers[/caption]

Ankit Fadia | Source: attrition.org

Writing a book titled ‘Unofficial guide to ethical hacking’ at the age of 15 is a far cry from playing football at that tender age. And yet, that’s exactly what Fadia did, and the rest is history when it comes to this world-renowned Indian ethical hacker.

4. Koushik Dutta

[caption id="attachment_16106" align="aligncenter" width="614"] Top Indian Hackers[/caption]

Koushik Dutta | Source: egglets.com

After completing his internship with Microsoft, Dutta left the firm and went on to hack Android cell phones. Don’t ask me why, that’s how these guys work. Presently working with Clockwork mod, he turned down an offer from Sony and is working independently for making mobile platforms safer for Android users.

5. Vivek Ramachandran

[caption id="attachment_16107" align="aligncenter" width="609"] Top Indian Hackers[/caption]

Vivek Ramachandran | source: vivekramachandran.com

Having won many awards including ones from both Microsoft and Cisco, Vivek is a force to reckon with in the field of computer security-his oeuvre spread across embedded systems security, e-governance, wireless security and computer forensics.

6. Trishneet Arora

[caption id="attachment_16108" align="aligncenter" width="621"] Top Indian Hackers[/caption]

Trishneet Arora | source: thecampusentrepreneur.com

If you wanna know how it feels like to be 20 years old and world-renowned, ask Trishneet Arora. The dude is actually against hacking and helps companies and industries to protect their security systems.

7. Sunny Vaghela

[caption id="attachment_16109" align="aligncenter" width="614"] Top Indian Hackers[/caption]

Sunny Vaghela | Source: udaipurtimes.com

Vaghela was responsible for spotting loopholes in SMS and call forging in mobile network, that too when he was 18. To his credit, he has also helped Mumbai and Ahmedabad police solve terrorist threats.

8. Benild Joseph

[caption id="attachment_16110" align="aligncenter" width="571"] Top Indian Hackers[/caption]

Benild Joseph | Source: twitter.com

This 23 year old Calicut-born guy used to be the director of the Cyber Crime Investigation Bureau, New Delhi. Benild has registered and pending patents in the arenas of cyber crime forensics and information to his name. He is also the current acting CEO of ‘Th3 art of h@ckin9.’ Sigh, and I though good things came only to those who wait!

9. Falgun Rathod

[caption id="attachment_16111" align="aligncenter" width="620"] Top Indian Hackers[/caption]

Falgun Rathod | Source: clubhack.tv

Considered as the leader in information security in the country, Rathod has played a pivotal role in spreading awareness about info security in India. And yeah, he’s also young-just 25.

10. Rajesh Babu

One of the most dynamic and most ‘secretive’ of all ethical hackers he used to free lance for many government and corporate agencies and now runs his own company in Kerala called Mirox. It’s said that Babu has created the best team of ethical hackers in the country.

11. Jayant Krishnamurthy

[caption id="attachment_16112" align="aligncenter" width="615"] Top Indian Hackers[/caption]

Jayant Krishnamurthy | Source: wikipedia.org

This real life hacker has interests ranging from information extraction to knowledge representation and common sense reasoning in Artificial Intelligence. He is also a computer theorist and researcher. And if those things don’t ring a bell with you, worry not, I can assure you that you’re not alone. I’m getting dizzy just hearing such terms.

These Indian hackers reveal the unending possibilities of the digital domain and also put the country on the global map of progress. A big geeky nod to all of them!

Grabhouse is 100% Broker-free platform that helps people find flats , shared accommodation and PG.

Urban Cocktail is Grabhouse’s initiative to build a community to connect with prospective users.

If you’re looking to change your rented flat in near future, let us know and we will help you find next broker-free house..

Click here provide your details

20 Best Hacking Apps For Android - Part 4

Best Hacking Apps For Android - Part 4

This is the last part of 4 post series on the post '20 best Hacking Apps For Android'.

Read Previous Parts Part - 1 | Part - 2 | Part-3

---

---

Disclaimer: "The Content inside the post is only for educational purposes. we are not responsible if anyone misuses it."

---

---

1.Shark for root

[caption id="attachment_3538" align="aligncenter" width="388"] Shark For Root[/caption]

Shark For Root is an android version of wireshark for security experts and hackers. It is basically a traffic sniffer which works on WiFi, 3G and FroYo tethered mode. The app is based on tcpdump, so you can use tcpdump commands on this android version.

Root access must be required.

[sociallocker][button color="" size="" type="square" target="http://www.mediafire.com/file/c654s093zk4898m/Shark-lv.n3o.shark-102-v1.0.2.apk" link=""]Download Link[/button][/sociallocker]

2.SSLStrip for Android(Root):

It is the famous app you will be familiar with 10000 downloads and install. This tool hijacks the HTTP network and changes https links to HTTP or to https which is called private key. It also offers padlock favicon.

[sociallocker][button color="" size="" type="square" target="https://play.google.com/store/apps/details?id=com.crazyricky.androidsslstrip&hl=en" link=""]Download Link[/button][sociallocker]

3.USB Cleaver

[caption id="attachment_3537" align="aligncenter" width="500"] usb cleaver[/caption]

USB Cleaver is a free Android hacking app that’s capable of stealing information from connected Windows PCs. It can access browser passwords, Wi-Fi password, network information, etc.

[sociallocker][button color="" size="" type="square" target="https://forum.xda-developers.com/showthread.php?t=1656497" link=""]Download Link[/button][/sociallocker]

4.FaceNiff

[caption id="attachment_3536" align="aligncenter" width="378"]so face niff[/caption]

FaceNiff is an android tool for hackers (newbies) who want to sniff and intercept web session profiles over the WiFi connection. That means, if you want to hack into a Facebook account which is using the same WiFi network, you can use FaceNiff. Technically, it's not possible right now, because the Facebook has made SSL encryption mandatory to all connections. But this tool can be used in twitter and many other social medias. Check it

[sociallocker][button color="" size="" type="square" target="http://faceniff.ponury.net/download.php" link=""]Download Link[/button][/sociallocker]

Read more: Good News For Wannacry Victims: Your Files are Easy to Recover

5.WIBR+(WiFi BruteForce)

[caption id="attachment_3535" align="aligncenter" width="201"] wibr+[/caption]

WIBR+ is an android app that is capable of cracking WiFi passwords. It was designed to test the security of the WPA/WPA2 PSK WiFi networks, but now it is widely being used to crack weak WiFi passwords.

It supports two types of attacks -- Dictionary Attacks, and Bruteforce Attacks. It also allows you to use custom dictionaries!

The attacking process is very slow because of the way android handles WiFi connection. According to the developers, 8 passwords/minute is a good speed.

Tip: WIBR+ is a battery eater, so always carry a Power Bank with you!

If this app is not working for you,

- you are trying to crack a network with weak or unstable signal or in a very "noisy" environment (i.e. many networks on the same channel)

- you are trying to access a network that is using MAC filtering (only explicitly allowed devices could access that network).

- you don't have enough patience  ;).

[sociallocker][button color="" size="" type="square" target="http://www35.zippyshare.com/v/Cm839fG7/file.html" link=""]Download Link[/button][/sociallocker]

Read More

1. Indian Hacker Hacked Pakistani Website For His Girl Friend


2. Wannalocker: Android Users Wanna Cry


3. DroidSQLi Hack Website Using SQL Injection

20 Best Hacking Apps For Android Phones Part - 3

20 Best Hacking Apps For Android Phones

20 Best Hacking Apps For Android Phones Part 3 We are writing this posts in 4 parts, if you not read earlier part so, first read all earlier parts of this posts. We bring you 5 apps in each posts.

Read Previous Parts Part - 1 | Part - 2

---

---

Disclaimer: "The Content inside the post is only for educational purposes. we are not responsible if anyone misuses it."

---

---

1. DroidSheep

[caption id="attachment_3514" align="aligncenter" width="448"] 20 Best Hacking Apps For Android Phones - droidsheep - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

DroidSheep is an android tool developed by Andreas Koch for security analysis in wireless networks. It is basically a session hijacking tool that allows hackers to capture session cookies over the wireless network. That means you can sniff and capture the web session profiles of a person who is on the same network. both FaceNiff and DroidSheep are the tools capable of hijacking the web session profiles over a wireless network. But the problem with FaceNiff is, it only works with a list of websites while the DroidSheep works with almost all the websites/services.

Read Indian Hacker Hacked Pakistani Website For His Girl Friend

[button color="" size="" type="square" target="" link="http://www.mediafire.com/file/idm12m9zhj1b69i/DroidSheep-de.trier.infsec.koch.droidsheep-15-v15.apk"]Download Link[/button]

---

2. Lucky Patcher

[caption id="attachment_3517" align="aligncenter" width="705"] 20 Best Hacking Apps For Android Phones - Lucky Patcher - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

A very well known app mostly used by the Android Gamers to Hack In-app purchases in the game. It is a Great and one of my favorite Android application which is used to remove ads, modify apps permissions, backup and restore apps, bypass premium applications license verification etc, this app working in rooted and unrooted device.

[button color="" size="" type="square" target="" link="https://www.luckypatchers.com/download/"]Download Link[/button]

---

3. SSHDroid

[caption id="attachment_3518" align="alignleft" width="350"] 20 Best Hacking Apps For Android Phones - SSHDroid - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

SSHDroid is an android app that can turn your android device into an SSH server. That is, it allows you to securely connect to your device from a computer and execute commands or edit files.

Requirements: SFTP client:
If you are using a Windows, download and install WinSCP. (Official Link | MediaFire Link)

If you are using Mac, download and install Cyberduck. (Official Link | MediaFire Link) Android device (rooted or non-rooted).

[button color="" size="" type="square" target="" link="https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en"]Download Link[/button]

---

4. APK inspector

[caption id="attachment_3497" align="alignright" width="320"] 20 Best Hacking Apps For Android Phones - APKinspector - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

APKInspector is a powerful GUI tool for analysts to analyse the android application. The goal of this project is to aide analysts and reverse engineers to visualise compiled android packages and their corresponding DEX Code.

APKInspector provides both analysis functions and graphic feature for the user to gain deep insight into the malicious app compiled android packages and their corresponding DEX Code APKInspector provides both analysis functions and graphics  features for the users to gain deep insight into the malicious apps.

[button color="" size="" type="square" target="" link="https://github.com/honeynet/apkinspector/"]Download Link[/button]

---

5. Eviloperator

This app automatically connects two persons in a phone call making them feel that they called each other. The best part is that it can record and save the entire conversation.

[button color="" size="" type="round" target="" link="http://android.appaix.com/download/evil-operator-1252-83295.html"]Download Link[/button]

---

---

 

 

 

 

Good News for Wannacry Victims: Your Files Are Easy to Recover!

We all know about the panic made by the infamous ransomware worm wannacry. It hit more than 3lakhs of systems within 72 hours. The latest reports says that there are some errors found in the wannacry code and it might allow the victims to restore the files without any decryption keys.

Senior researcher at security company kasperkey lab Anton Ivanov, along with his team mates’ fedor sinitsy and orkhan mamedov explained thursday that some critical errors in the code made by wannacry developers. They made mainly 2 types errors.

1. While deleting the original file.


2. While processing the read-only files.

By utilizing these errors, the victims can restore their files using just a recovery software.

1.Error in the removal logic

When wannacry encrypts a file it first reads the original file, encrypts it and save it to an extension .WNCRYT. Then it moves to another extension .WNCRY and deletes the original file. Our issue resides in this area that is in the way the ransomware deletes the original file after encryption.

The deletion logic may vary depending on the location and the properties of the victim’s files.

The Files are located on the system drive c:

• If the files is in the desktop or documents folder, the original file will be overwritten with random data before removal. In this case, there is no way for restoring the files.


• If the files are stored outside the important folders(ie, Desktop and Documents), then the original files will be moved into a temporary folder(%TEMP%\%d.WNCRYT, where %d denotes a numeric value). In this case, the original files are not overwritten, but only deleted, it means there is a chance to recover it.

The files are located on other drive:

• Ransomware creates a folder($RECYCLE folder) and intents to move the original files to it. The files In this folder will be also set to hidden attribute. But, in some case, due to the synchronization errors, the ransomware doesn’t move the files to that folder. Even if it, deletion is not in the secure way, which makes the restore of file into available.

The standard way a computer deletes a file is by designating the area of the hard drive as an area that other files can go. But until new data takes up the physical space of the old data the old remains on the hard disk.

In order to delete a file so that file recovery software cannot recover it, malware developers or security minded user must overwrite the original file with new disk. Wannacry did not do this in any but the desktop and documents folders. Instead it uses the normal mechanism to delete files, which can be undone.

2.Read-Only files processing error

The developers also found a bug in read-only file processing. If such files are there in the machine, it create an encrypted copy. But the original files are not deleted or overwritten. But set to the the hidden attribute.

The researchers concluded,

“From our in depth research into this ransomware, it is clear that the ransomware developers have made a lot of mistakes and, as we pointed out, the code quality is very low.

If you were infected with WannaCry ransomware there is a good possibility that you will be able to restore a lot of the files on the affected computer. To restore files, you can use the free utilities available for file recovery. We advise organizations share this article with their system administrators – as they can use the file recovery utilities on affected machines in their network.”

 

20 Best Hacking Apps For Android Phones Part - 2

20 Best Hacking Apps For Android Phones Part 2 We are writing this posts in 4 parts, if you not read earlier part so, first read all earlier parts. This is the second part of "20 Best Hacking Apps For Android Phones" . Hope you read our earlier part. Now we bring you the next.

Read Previous Parts Part - 1

---

---

Disclaimer: "The Content inside the post is only for educational purposes. we are not responsible if anyone misuses it."

---

---

1. zANTI

[caption id="attachment_3524" align="aligncenter" width="480"] 20 Best Hacking Apps For Android Phones - zANTI - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

zANTI is a penetration testing toolkit developed by Zimperium Mobile Security for cyber security professionals. Basically, it allows you to simulate malicious attacks on a network. With the help of zANTI, you will be able to do various types of operations such as MITM attacks, MAC address spoofing, scanning, password auditing, vulnerability checks and much more. In short, this android toolkit is a perfect companion of hackers.

Overall features,

• Change device's MAC address.


• Create a malicious WiFi hotspot.


• Hijack HTTP sessions.


• Capture downloads.


• Modify HTTP requests and responses.


• Exploit routers.


• Audit passwords.


• Check a device for shellshock and SSL poodle vulnerability.

---

2. AnDOSid

[caption id="attachment_3526" align="alignleft" width="1600"] 20 Best Hacking Apps For Android Phones - AnDOSid - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

AnDOSid is an android tool developed by Scott Herbert that you can use to launch DoS attacks from your mobile phone. It was developed as a stress testing tool, but you know, anything can be misused, even a pen....

---

3. cSploit

[caption id="attachment_3530" align="aligncenter" width="496"] 20 Best Hacking Apps For Android Phones - cSploit - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

cSploit is an open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to do network security assessments on a mobile device.

Features:

• Map your local network


• Fingerprint hosts' operating systems and open ports


• Add your own hosts outside the local network


• Integrated traceroute


• Integrated Metasploit framework RPCd
  
  
  
  • Search hosts for known vulnerabilities via integrated Metasploit daemon
  
  
  • Adjust exploit settings, launch, and create shell consoles on exploited systems
  
  
  • More coming
  
  
  
  


• Forge tcp/udp packets


• Perform man in the middle attacks (MITM) including:
  
  
  
  • Image, text, and video replacement-- replace your own content on unencrypted web pages
  
  
  • javascript injection-- add your own javascript to unencrypted web pages.
  
  
  • password sniffing ( with common protocols dissection )
  
  
  • Capture pcap network traffic files
  
  
  • Real time traffic manipulation to replace images/text/inject into web pages
  
  
  • DNS spoofing to redirect traffic to different domain
  
  
  • Break existing connections
  
  
  • Redirect traffic to another address
  
  
  • Session Hijacking-- listen for unencrypted cookies and clone them to take Web session
  
  
  
  

---

4. Droidsqli

[caption id="attachment_3532" align="alignleft" width="1600"] 20 Best Hacking Apps For Android Phones - DroidSQLi - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

DroidSQLi is an android app that allows you to launch SQL injection attacks on a target URL. It's fully automated, so you don't need much technical knowledge to operate this application. Just find a vulnerable URL and then put it in the "Target URL", then tap on "Inject". That's it!

---

 

5. Fing Network Tools

[caption id="attachment_3545" align="aligncenter" width="1600"] 20 Best Hacking Apps For Android Phones - Fing Network Tools - ASK2GURUJI - BLOGGER ASHOK PUNETHA[/caption]

Fing is a simple android tool for network analysis. It can help you to, discover devices connected to the WiFi network, switch on a device from your mobile/tablet, perform traceroute and some network operations.

All Download Links

[sociallocker] Download - Zanti | Download - AnDOSid  | Download - csploit  | Download - DroidSQLi | Download - Fing [/sociallocker]

if you like this post, please give me little donation

[wp_paypal button="donate" name="My product" button_image="http://ask2guruji.com/blog/wp-content/uploads/2017/06/paypaldonation.png"]

 

Indian Hacker Hacked Pakistani Website For His Girl Friend

Hackers usually take over a site to promote their agenda or for personal gain. However, this recent hack was done purely out of “love.”

The Islamic University of Bahawalpur had its website hacked by an Indian hacker recently on june 2nd. The page has been defaced with an elaborate love letter.

Read More From My Site

1. Top Indian Hackers You Should Know


2. 20 Best Hacking Apps For Android - Part 4


3. Download YouTube Videos Using Tube Mate


4. DroidSQLi Hack Website Using SQL Injection


5. Social Locker Premium Plugin For WordPress


6. What Is SEO Why SEO Important

The browser tab displays the message:

"Hacked by ~vicky~for his love[blue idiot] just hacked into this website for you..we are united indian hackers"

Vicky or Vikrant has supposedly hacked the site to profess his love for his girlfriend as evident from his message (screenshot below).

[caption id="attachment_3451" align="aligncenter" width="700"] site deface page[/caption]

He didn’t mention the girl’s name or why he hacked a site to do that. He did however leave a message for the site owner at the end as well.

"Sorry website owner for getting pwned and thanks to mr.404 not found"

“Devil’s Cafe”

 At the end of the hacker’s message there is a site link “devilscafe.in” which leads to a shady looking blog on “Informational Security” and “SEO & Blogging”.

The message on the about page reads:

"…it is more likely that people often mistake my site to be that promotes Hacking. But in reality, our goal is to prevent hacking. We believe that unless you know how to hack (ethically), you cannot defend yourself from malicious hack attacks."

It’s probable that the site owner is Vikrant himself and he has hacked the Islamia University of Bahwalpur’s site. However, nothing is confirmed for sure.

Source: propakistani.pk

20 Best Hacking Apps For Android Phones Part-1

20 Best Hacking Apps For Android Phones

20 Best Hacking Apps For Android Phones Hacking is a topic which everyone is keen to know. We can also do it, study it even without much of the technical knowledge. So, We bring you a series of 4 posts on 20 Best Hacking Apps For Android Phones. Here is the First part.

Disclaimer: The content inside the post is only for educational purposes. We will not be responsible if anyone misuse it.

here we go..

#1. AndroRAT

[caption id="attachment_3439" align="aligncenter" width="338"] 20 Best Hacking Apps For Android Phones[/caption]

AndroRAT stands for Android and RAT (Remote Administrative Tools). The app aims to give you the control of the Android system remotely and fetch the information from it. The features in this useful Android hacking app include collecting information like contacts, call logs, messages, and location. The app also allows you to remotely monitor received message and state of phone, making a phone call and sending texts, taking picture from camera, opening URL in the default browser etc.

Download Link: http://gallery.mobile9.com/f/4734109/

#2. Nmap

[caption id="attachment_3440" align="aligncenter" width="480"] 20 Best Hacking Apps For Android Phones[/caption]

Nmap is an android tool that you can use on a network to determine available hosts, services, operating system versions, types of packet filters/firewalls and other characteristics. It is an incredibly useful tool for hackers (ethical or unethical).

Requirements:

• The device must have root access. (You can run the app without root access, but some features will not work)


• SuperSU/Busybox/SuperUser.

Download Link: http://www.mediafire.com/file/raxqhxdmmyhbqte/anmap.apk

#3. Hackode

[caption id="attachment_3441" align="aligncenter" width="562"] 20 Best Hacking Apps For Android Phones[/caption]

Hackode is an android app developed by Ravi Kumar for penetration testers Ethical hackers and cyber security professionals. It contains various modules including Reconnaissance, Scanning, Exploits and Security Feed
This Application contains different tools like:

*Reconnaissance
Google Hacking
Whois Lookup
*Scanning
Ping
Traceroute
MX Records
DNS Dig
*Exploit
Tools to be added Soon
*Security Feed
Security news

With some of the modules like Reconnaissance you are able to do some tasks like Google Hacking, allowing you to find the vulnerability from sites using the google dorks.

Download Link: https://play.google.com/store/apps/details?id=com.techfond.hackode

#4. DroidBox

DroidBox is an app that offers dynamic analysis of Android applications. Using the app, one can get a wide range of results about the hashes for the APK package, network traffic, SMS and phone calls, information leaks via different channels etc.

Download Link: https://code.google.com/archive/p/droidbox/

#5. Whatsapp Sniffer

20 Best Hacking Apps For Android Phones

WhatsApp Sniffer is a great Android hacking app, which works in tandem with the WhatsApp application. Using this app, you can hack private WhatsApp chats, pictures, audios and videos of your friends who are using your Wi-Fi Hotspot. You can manipulate pictures, videos, account info at your pleasure.

 Note: Disable Antivirus 

Download Link: http://softstribe.com/apk/download-whatsapp-sniffer-apk-file-android/

Stay tuned for next parts.. :) click here to check the 2nd part. click here to check the 3rd part

Top 5 All Time Best Hacking Tools For Hackers

Top 5 All Time Best Hacking Tools For Hackers: Today in this post i am tell about 5 best hacking tools. So, if want to to learn hacking these tools are important for you.

Read What Is SQL Injection? How To Hack Website Using SQL Injection ?

"THIS TUTORIALS ONLY FOR EDUCATIONAL PURPOSE ONLY" so lets start.

1. Metasploit

Penetration testing software to help you act like the attacker

[caption id="" align="aligncenter" width="635"] Top 5 All Time Best Hacking Tools For Hackers[/caption]

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

2. NMAP

Used to Scan Ports and Map Networks – and a whole bunch more!

[caption id="" align="alignnone" width="1280"] Top 5 All Time Best Hacking Tools For Hackers[/caption]

Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, Literally, thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime. Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target.

3. THC Hydra

A very fast network logon cracker which support many different services.

[caption id="" align="aligncenter" width="800"] Top 5 All Time Best Hacking Tools For Hackers[/caption]

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules.

4. Aircrack-ng

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:
Monitoring: Packet capture and export of data to text files for further processing by third party tools.
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
Testing: Checking WiFi cards and driver capabilities (capture and injection).
Cracking: WEP and WPA PSK (WPA 1 and 2).
All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

5. John the Ripper password cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.John the Ripper is free and Open Source software, distributed primarily in source code form, Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Warning! You Are Being Watched Without Your Knowledge

When NSA contractor the famous('infamous', 'the hero') Edward Snowden revealed that the US government is watching us through the yahoo web chat in a project called, 'Optic Nerve', we got really scared. A Developer from AOL, Mr.Ran Bar Zik has reported the similar situation Now. He insists we could get spied, watched without our knowledge through a UX design flaw in google chrome. If any hacker with malicious intention exploit this flaw, yes. it is possible. User will be not aware that they are being spied.

How it Works

Presently the modern web browsers like google chrome and mozilla firefox uses a collection of protocols called, webRTC(Web real time communication) protocol for real time audio video communication. Web browsers doesn't need a plugin if they are using webRTC.

To protect from unauthorized audio and streaming using this webRTC, browser requests the users to allow particular websites to use webRTC and then to access devices camera and microphone. The main and exploitable danger part of this is once granted, the website will have access until you manually cancel these webRTC permissions. So, the web browser alerts the user with and indication,mostly in the window header, whenever there is audio and video are being recorded. The only indication in google chrome too lies on the window header.



The danger part is, if any websites with malicious intention popups with headless windows, it can record audio and video secretly.

The developer Ran Bar Zik also provided a demo website that demonstrates the situation. you too can check it with google chrome. just clicking on those 2 buttons are needed. don't worry it is nothing to worry, it is safe.

Google Says,

The more interesting thing is when Mr. Ran Zik the flaw to google on April 10, 2017, they rejected it as a flaw. through their words,

"This isn't really a security vulnerability – for example, WebRTC on a mobile device shows no indicator at all in the browser," a Chromium member replied to the researcher's report. "

Currently the flaw is reported to be affected in google chrome only. but off course it may other web browsers.

Prevention

[caption id="attachment_3430" align="alignnone" width="690"] Facebook CEO Mark Zuckerberg's Post on Instagram[/caption]

• Disable webRTC if you really don't need it.


• If you require this on some sites, allow only trusted ones.


• The funny but only safest solution is what Facebook CEO showed us,Tap the camera from our devices

What Is SQL Injection ? How To Hack Website Using SQL Injection ?

WHAT IS SQL INJECTION ? SQL injection, also known as SQLi, is a common attack vector that uses malicious SQL code for backend database manipulation to use information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

1. How To View Your Email Subscribers In WordPress


2. DroidSQLi Hack Website Using SQL Injection


3. DroidSQLi Pro Android App For Hackers

The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorised viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly harmful to a business.

When calculating the potential cost of a SQLI, it’s important to consider the loss of customer trust should personal information such as phone numbers, addresses and credit card details be stolen.

While this vector can be used to attack any SQL database, websites are the most frequent targets.

WHAT ARE SQL QUERIES

SQL is a standardized language used to use and manipulate databases to build customizable data views for each user. SQL queries are used to execute commands, such as data retrieval, updates and record removal. Different SQL elements implement these tasks, e.g., queries using the SELECT statement to retrieve data, based on user-provided parameters.

A typical eStore’s SQL database query may look like the following:

SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = ItemNumber

From this, the web application builds a string query sent to the database as a single SQL statement:

sql_query= "
SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = " & Request.QueryString("ItemID")

A user-provided input http://www.estore.com/items/items.asp?itemid=999 can then generates the following SQL query:

SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = 999

As you can gather from the syntax, this query provides the name and description for item number 999.

SQL INJECTION EXAMPLE

An attacker wishing to execute SQL injection manipulates a standard SQL query to exploit non-validated input vulnerabilities in a database. There are many ways that this attack vector can be executed, several of which will be shown here to provide you with a general idea about how SQLI works.

For example, the above-mentioned input, which pulls information for a specific product, can be altered to read http://www.estore.com/items/items.asp?itemid=999 or 1=1.

As a result, the corresponding SQL query looks like this:

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemNumber = 999 OR 1=1

And since the statement 1 = 1 is always true, the query returns all of the product names and descriptions in the database, even those thay you may not be eligible to access.

Attackers are also able to take advantage of incorrectly filtered characters to alter SQL commands, including using a semicolon to separate two fields.

For example, this input http://www.estore.com/items/iteams.asp?itemid=999; DROP TABLE Users would generate the following SQL query:

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemNumber = 999; DROP TABLE USERS

As a result, the entire user database could be deleted.

Another way SQL queries can be manipulated is with a UNION SELECT statement. This combines two unrelated SELECT queries to retrieve data from different database tables.

For example, the input http://www.estore.com/items/items.asp?itemid=999 UNION SELECT user-name, password FROM USERS produces the following SQL query:

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemID = '999' UNION SELECT Username, Password FROM Users;

Using the UNION SELECT statement, this query combines the request for item 999’s name and description with another that pulls names and passwords for every user in the database.

SQLI PREVENTION AND MITIGATION

There are several effective ways to prevent SQLI attacks from taking place, as well as protecting against them, should they occur.

The first step is input validation (a.k.a. sanitization), which is the practice of writing code that can identify illegitimate user inputs.

While input validation should always be considered best practice, it is rarely a foolproof solution. The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality.

For this reason, a web application firewall (WAF) is commonly employed to filter out SQLI, as well as other online threats. To do so, a WAF typically relies on a large, and constantly updated, list of meticulously crafted signatures that allow it to surgically weed out malicious SQL queries. Usually, such a list holds signatures to address specific attack vectors, and is regularly patched to introduce blocking rules for newly discovered vulnerabilities.

Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.

For example, a web application firewall that encounters a suspicious, but not outright malicious, input may be cross-verify it with IP data before deciding to block the request. It only blocks the input if the IP itself has a bad reputational history.

Incapsula cloud-based WAF uses signature recognition, IP reputation and other security methodologies to identify and block SQL injections, with a minimal amount of false positives. The WAF’s capabilities are augmented by IncapRules—a custom security rule engine that enables granular customization of default security settings and the creation of additional case-specific security policies.

Our WAF also employs crowdsourcing techniques that ensure that new threats targeting any Incapsula user are immediately propagated across the entire user-base. This enables rapid response to newly disclosed vulnerability and zero-day threats.

How To Hack Website Using SQL Injection?

Hello guys, i am Blogger Ashok Puneth today in this section i am teach you how to hack website database using SQL injection, this tutorials only for educational purpose, ask2guruji not responsible for any issue, try this tutorial on own risk.

"If you like this tutorials please give a little donation and help me"

[wp_paypal button="donate" name="My product"]

watch full video tutorial

https://www.youtube.com/watch?v=6wKST22auxw&t=8s

"If you like this tutorials please give a little donation and help me"

[wp_paypal button="donate" name="My product"]