|TUT| Use google to find SQL Databases and Email Passwords
Ok lets get started, for those of you that don't know, an any file named .sql is usually a storage place for data for a given web site. Sadly, some people do not hide these pages from being seen by Google. When you come across some of these files with Google they may contain hundreds of users and passwords for whatever site they pertain to. Often times the users password will be the same for that website as it is for his/her email account. So, in short, I will be showing you how to do some very basic sql database cracking using Google and "Cain and Abel."
I will go as in depth as I can so don't be surprised if I state the obvious...
What you will need:
Web Browser (Duh)
Cain and Abel
Wordlists
iight, so, you got everything you need now. Where the hell do you start? First thing you need to know is how to use google. In this session we want to search for sql dcuments so we will have to tell google to look for strictly sql files. To do this we use ( ext: ).
So now you have searched for every fucking sql file on the face of the earth... Too bad this wont get you anywhere. We need to narrow down the search to something a bit more specific for our purposes. Since we have told google to look only for SQL file, now we need to let google know what to look for inside of the SQL files. lets say you are really out to get some hotmail accounts. In this case you would want to find an SQL database that had a username with an "@hotmail.com" e-mail address. Making google find an SQL database with the "@hotmail.com" inside of it is very simple. We will use the ( intext: ) command.
Mmmk, you've now got gogole to find a SQL database containing the text "@hotmail.com" Congrats. But this wont get you shit. We need o further narrow our search. What we are looking for is a line of text in the SQL document
that contains all of the user information, including passwords, for that user. Now that you know he basic commands of google to find SQL file and specific text in them you can try different combinations to get what you are
looking for.
What we are looking for in the sql is something like this:
INSERT INTO user VALUES (1, 'idiot', 'e10adc3949ba59abbe56e057f20f883e', 'idiot@lolhacked.com',
In this case we are looking at the user named idiot. His password is e10adc3949ba59abbe56e057f20f883e. Seems like a strong password doesn't it? Its not. e10adc3949ba59abbe56e057f20f883e is really an MD5 hash. e10adc3949ba59abbe56e057f20f883e is really the password 123456. Idiot is living up to his name because his pasword is a simple one to recognize. But lets say his password is something else, something a bet more secure than 123456. You could usehttp://www.md5crack.com and enter the hash to see if it has already been cracked. And if that fails you could enter the hash into Cain and Abel and use brute force or dictionary attacks. I dont advise brute force unless you have an insane computer or eight years to sit and watch every combination! Once you crack the password you have the username, email addy, and password for that user. The password is not always the password for the email account, only 30-40% of the time. If you try the password on the email account and itdoes not work, all is not lost. Look in the URL of the web site you got the password from. You now hae the username and password to a user of that website.
I wrote this tutorial very quickly and I am sure I could be a bit more clear in some areas. Just leave a post here or PM me and I'll help you out. I will include a couple of MD5 hashes along with their passwords here and it may
I will go as in depth as I can so don't be surprised if I state the obvious...
What you will need:
Web Browser (Duh)
Cain and Abel
Wordlists
iight, so, you got everything you need now. Where the hell do you start? First thing you need to know is how to use google. In this session we want to search for sql dcuments so we will have to tell google to look for strictly sql files. To do this we use ( ext: ).
Code:
Simply put, if you want to look for a sql file you would enter this: ext:sql
Code:
If you want Google to look for an SQL file containing the text "@hotmail.com" you would enter the following: ext:sql intext:@hotmail.com
that contains all of the user information, including passwords, for that user. Now that you know he basic commands of google to find SQL file and specific text in them you can try different combinations to get what you are
looking for.
Code:
I reccomend the following serches to find useful SQL's ext:sql intext:@hotmail.com intext:password ext:sql intext:@hotmail.com intext:"INSERT INTO user" ext:sql intext:@hotmail.com intext:"INSERT INTO users" ext:sql intext:@hotmail.com intext:e10adc3949ba59abbe56e057f20f883e
INSERT INTO user VALUES (1, 'idiot', 'e10adc3949ba59abbe56e057f20f883e', 'idiot@lolhacked.com',
In this case we are looking at the user named idiot. His password is e10adc3949ba59abbe56e057f20f883e. Seems like a strong password doesn't it? Its not. e10adc3949ba59abbe56e057f20f883e is really an MD5 hash. e10adc3949ba59abbe56e057f20f883e is really the password 123456. Idiot is living up to his name because his pasword is a simple one to recognize. But lets say his password is something else, something a bet more secure than 123456. You could usehttp://www.md5crack.com and enter the hash to see if it has already been cracked. And if that fails you could enter the hash into Cain and Abel and use brute force or dictionary attacks. I dont advise brute force unless you have an insane computer or eight years to sit and watch every combination! Once you crack the password you have the username, email addy, and password for that user. The password is not always the password for the email account, only 30-40% of the time. If you try the password on the email account and itdoes not work, all is not lost. Look in the URL of the web site you got the password from. You now hae the username and password to a user of that website.
I wrote this tutorial very quickly and I am sure I could be a bit more clear in some areas. Just leave a post here or PM me and I'll help you out. I will include a couple of MD5 hashes along with their passwords here and it may
Code:
Plaintext of 1fb5bedc9340c3a098b77937ca162746 is schipper Plaintext of 377905b7f444ac2e2f44443f031d45ff is 28488 Plaintext of 0c61be766e8ea62ce69d10381d12462d is finesse Plaintext of c2e285cb33cecdbeb83d2189e983a8c0 is julia Plaintext of 1245ed06dabfdded11c0d30c62c54cce is mauke Plaintext of 255ec55e0e9cd72f13e610cc67503d4a is mirco Plaintext of 1a1dc91c907325c69271ddf0c944bc72 is pass Plaintext of 37be0d36f1447e5a4b6863c644124b41 is Hasen Plaintext of 07b0ec26df615f96136b5c413735eddd is Niklas Plaintext of f7b99e1538f9dc6b8c8225bf676a1c3c is hooligan88 Plaintext of 315b5b24ff41be674dcd10b37b34ee35 is lonsdale Plaintext of 5e9b9edbe4c007c65c56c686ea22c594 is oioioi Plaintext of 8e1a05486faa078ec4387fa2713b4129 is werwolf88 Plaintext of f09ca01331bf4136ca230435bbc26d4a is Dolly69 Plaintext of 205cde6837ff1426e3faa44f7f65e1b0 is aienms Plaintext of 337f5596628fde523939f1bbbcba52a0 is bolle3 Plaintext of 10d25c8e2642c3247ad3efc59b419166 is dktuo0 Plaintext of f03fcf375d5f3b7e72d113115c945607 is oeska7 Plaintext of 8c4fb7bf681156b52fea93442c7dffc9 is salt123 Plaintext of ad45656c4fc392e6d5e0ce7112378c80 is shakur96 Plaintext of c81d76d6c160db37ea82635e5b26a9a0 is simpson Plaintext of 8a98dcbbdb7652de8cc3d634d2a07c4c is walhalla Plaintext of 827ccb0eea8a706c4c34a16891f84e7b is 12345 Plaintext of 58a3814efd05b913b2a2cc4399fdd1cf is Dschingis Plaintext of 8a0e0c3875ccadcfc18d25017c7c225f is HANNES Plaintext of 90bebd2f0dc248887ba9d779a95c78f3 is dresden Plaintext of 357179ebe4be8027bda42bf768908bf0 is erodng Plaintext of 634c9dd710ad795771b016526f6e54fd is freemail Plaintext of ddd0fd9d13148c7b5d0050539ff56662 is grtjna Plaintext of bfaa0a6a33cf9d2133e5b27161b73a44 is n63e0m Plaintext of 2523d1a88b5c1e20084a6d467cfdfeaf is pitty Plaintext of ae2b1fca515949e5d54fb22b8ed95575 is testing Plaintext of fd56976ff216b5ee673d9c60660077d9 is 0n37s8 Plaintext of 117776cff05b37a547e96b6f7054d746 is 288828 Plaintext of 237391cf8685346ec9124eac31cb77fd is helena Plaintext of 68b62823ed173ad3bed0ce700d556b2a is hurensohn Plaintext of 0c3f662d1271e66644edc298df79d4f6 is odin21 Plaintext of 6681624f00ba6fe03b4235a5fccb88ea is zouhair Plaintext of 19f0bd5f2a2c58ebdbbecb1a7a467a71 is fishin Plaintext of 6dca4fe9cc3dfa1e593e1a60462b55c4 is inspire Plaintext of 96917805fd060e3766a9a1b834639d35 is manuel Plaintext of a755bc3c9689ab5eaedd25afc4a79b9f is nak Plaintext of 326cc7f55dd97de8c92cfbee0ba9316a is nlu096 Plaintext of 05f049595e0951451f4c46203f531588 is pitbull88 Plaintext of 7cf2db5ec261a0fa27a502d3196a6f60 is pizza Plaintext of 0ff14a13b985917b6dfc452f8d8fbde0 is soldat Plaintext of 96e79218965eb72c92a549dd5a330112 is 111111 Plaintext of d05da626689962cd2a382fbbe3a7b2d0 is prizes00 Plaintext of f19fce3a531da41fc9a395741ffafa96 is ulc895 Plaintext of b05388749d7b6d399ffa3a7635d6197d is pov35 Plaintext of 84e576a38922e4459d15cdc16b83f337 is prins Plaintext of e723093f70ceeaa538ef8b1e336b0a77 is sbawhk Plaintext of bb2d2b57e4c203f08b920811c7e48b09 is sbawrdj Plaintext of e10adc3949ba59abbe56e057f20f883e is 123456 Plaintext of 9b85f9ccb164f6000a2f78fd426e62ea is fejes Plaintext of 0e0542a1c5f88143ec101caf95a57420 is igh4sn Plaintext of 5616db1cf10c2a47f9579eab8bcb2d7f is kimski82 Plaintext of 59e834ac1f25df3fc6cff8dd55f851b5 is 739o2n Plaintext of 6b34fe24ac2ff8103f6fce1f0da2ef57 is chris Plaintext of bcd655a38274d45edfb2dd2b55ea2443 is gringo99 Plaintext of 06d646dd9eb17234a70c7729328d5a64 is l25bul5 Plaintext of ff62c61a7d295f8ce9c714ec9f265a86 is 2812tr Plaintext of 21232f297a57a5a743894a0e4a801fc3 is admin Plaintext of 6577e4f707d5261cf9a018e6d1112cc9 is asgard Plaintext of e7ca50f9f34cea12dd70108d91ae140b is i6cghn Plaintext of 26f78e4fb10e8efc79a32016a8a7207c is lomperik Plaintext of cf05c1207bd09ebd7bc0904f211ec768 is tareco Plaintext of 5b1b68a9abf4d2cd155c81a9225fd158 is 555555 Plaintext of ee1611b61f5688e70c12b40684dbb395 is Berlin Plaintext of 35269133da639cf10840e20ae1737f47 is banaan12 Plaintext of 8f366c9d08c91c8cfa13eb580a831403 is beckum Plaintext of dcaa9fd4f23aaf0c29f540becf35b46f is crash Plaintext of abc719bf832d6675823aef7ae1d49a34 is ramm33 Plaintext of 7516c3b35580b3490248629cff5e498c is school Plaintext of 7bfd4d773bec1249bb691bbad9d968a8 is steiner Plaintext of f9ca3873fac8d32b652041c53c2d02a1 is wenzel Plaintext of edca573dcade047a3b1e55f5642a0d05 is 1nhs2k Plaintext of e76db848cc213a95233b483b265f68ca is frigga Plaintext of 852646de9e5887aabd149d597f73a67c is gj64sh Plaintext of c6983b366e2ff8a0ab159d6778cff745 is katana Plaintext of 36af0019e2abfe7d0c82d64d8feae21c is landser88 Plaintext of aee0581a27d9b761d59fa8cb386053a1 is soest88 Plaintext of 9bbf7382baad324c5a97e18387f932d7 is sucks Plaintext of 85c38b44d5782327db9f198630bc9809 is hess88 Plaintext of 5021319e8257efc0c1069966ec2b912a is spinner Plaintext of 682212114a61a27787535336eb6305a5 is 4ejgh2 Plaintext of a4b1b8153b3a20187fd6ae5736545b02 is frank23 Plaintext of 89e837da8dc2b299b592f4ad82c4667a is satanas Plaintext of a7833377f89f9bd467f50c3db43c725c is sibylle Plaintext of 5b321cd3c9184559653fe40915b71fb2 is stap3 Plaintext of f75be9dbbc5e7fdd0cbbab7f916a3561 is zwiebel
Thanks :)
0 comments:
Post a Comment