More fun with bat files..... evil fun :)
So hope you liked the loop, easy but funny
So heres some more stuff for you
cls
@echo off
I am not going to tell you how this one works because there is far to much stuff in it and i can not be fucking fucked
to tell you about it because you get bored and maybe died....
This programs copy its self into .bat .exe .txt .html .....they do not work if its in them... and will start up
if it gets into a bat file..... adds its self to the av so it can not be delete by some fool....
By matt with 2 ts use at your own will
Heres some web hacking.... This may not work on all websites as some of them are to well made for people to hack.....
SQL injection is the method of inserting your own, specially crafted queries into a database, in order to 'disturb'
and 'trick' the database into do anything from log you in, to getting an enter map layout of a database, known as a database
footprint.
SQL injections are your best bet for website passwords and logins.
If I were you, I would study up on Php, Html, and Asp, since those are the most commonly used language that are used
in conjunction to SQL servers, and (naturally) learn a lot of Sql. Also keep in mind, there are many different flavor's of
SQL servers, like PostgeSQL, MySQL, and MS SQL (not to be a dick, but about the last flavor of SQL, hah).
Let me show you something in Php:
<CODE>
$username = $_POST["userlogin"];
$password = $_POST["passlogin"];
$query = mysql_query("SELECT
* FROM users WHERE user='$username' AND password='$password'");
$rows = mysql_fetch_row($query);
if ($rows == 0) {
die('Wrong login, please try again.');
}
</CODE>
Anyways, the way this works, is that it get's the value from the login script using the special global built in Php array,
POST. Then, it stores those values in variables, and passes them through a query which is held in $query and after that, inside
this query is the values from the earlyer $username and $password variables, in order to properly check them through the database,
remember this. It then checks the query through the database and checks if $rows is equal to ONE ROW that is going to be selected
from the database using $query, the reason that we will only select one row is because we use mysql_fetch_row(); instead of
mysql_fetch_rowS(); and this is why it will only select ONE row from the database, namely the user and password. After all,
you don't want to select two rows from a database when using a login script, less you're retarded. However, if it can't select
the one row that meets all the requirements, it terminates the query and makes you start over. The reason it does this, is
because the 0 in that if statement section of my code is a boolean character, and 0 is the equal of 'false' in english, so
it's basically saying "If selecting ANY rows from the database comes out false, do this...". So, remember, in booleans, 0
== false, and 1 == true.
Also, for Php experts, note that I left addslashes(); out on purpose.
Now, lets say I log in with:
username: john
password: doe
This is how that query inside of $query will pass once the variables are identified.
<CODE<$query = mysql_query("SELECT
* FROM users WHERE user='john' AND password='doe'");</CODE<
See? Pretty simple, but, what if john was the administrator, and I did this:
username: john
password: ' OR ''='
OR '1'='1
The query, would then pass like this:
<CODE>$query = mysql_query("SELECT * FROM users WHERE user='john' AND password='' OR''=' OR '1'='1'");</CODE>
Now, as you can imagine, that will pretty much confuse the living shit out of a database, since you use the Sql clause
OR in the password slot. And, as you can see, a single ' is always equal to ' and 1 is always equal to 1, so therefor, it
logs you in since the requirments are met. That is only if they don't have addslashes on, otherwise, that wouldn't work.
Now, here is a slightly more advanced one entered in the URL bar:
duck.com/user.asp?id=1337 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
What that will do is, try to <u>union</u> the Id number (which is obviously an integer) with the very top,
number one table from the database. Naturally, word's and numbers can't be unioned or added together, so you'll get a nice
ODBC error on it, revealing the first table name - yay!
After that, it's a lot more complicated since you have to use WHERE, FROM, LIKE, and other clauses to get specific shit
like column names, and maybe even password hashes, you also need to use special sql functions to alter things so they're readable.
This is called "Database footpriting".
I realize this probably confused you to hell, but still, it's the best way I can explain it.
If I were you, I would go to <a href=http://www.w3schools.com>Dubya-Dubya-Dubya-dot-W3schools.com</a> and
learn SQL, ASP, Html, and Php from there. It'll help you out, seriously it will.
Any SQL injection or Php buffs, may feel free to correct me when you feel the need, or see an error
Hope this helps, Matt...
Telnet hacking.....
To use telnet you must start cmd (ms dos) just type in run box cmd and it will start nice and easy :) Type
in telnet and it will start it up ...
Then type this code
end of code --------> thats not code btw
Do not do this if its an website like tripods freewebs ect because you will not be hacking there website
you will be hacking tripods , freewebs site....
This code will let you send files to the sever which if you look at fun with batch you can send some evil
stuff.... Most website will ask for an password to send files i will tell you how to crack password sometime soon.
Matt...
