Sunday, December 6, 2009

Premium Accounts(16 Download Sites )

Following are the list of usernames and passwords of the premium accounts for Best downloads sites.
…!! ENJOY !!…
!!…100% Working Accounts…!!

1.) www.divxcrawler.com {download movies fastly}

Username : divx273
Password : 8342729

2.) www.butterflydownloadnetwork.com {movies, music, Pc Games, Tv shows}

Username : cinemanetwork20
Password : butterfly20

3.) www.downloadprofessional.com {movies,Pc softwares, Pc Games, Tv shows}

Username : lo886Ees
Password : zAgt88er

4.) www.sharingzone.net {movies, Pc softwares, Pc Games}

Username : LODMQYHX
Password : 375021402
Receipt : 4T5W89RD

5.) www.unlimitedgamedownloads.com {movies, Pc Games, psp softwares}

Username : ga20me
Password : ke01feb

6.) www.watchdirect.tv {movies, music, Pc Games, online Tv}

Username : cinemanetwork20
Password : butterfly20

7.) www.fullreleasez.com {Greatly Every thing}

Username : Af872HskL
Password : XjsdH28N

8.) www.fulldownloads.us {Greatly Every thing}

Username : Af872HskL
Password : XjsdH28N

9.) www.pirateaccess.com {Every thing}

Username : yourfrienddalat@gmail.com
Password : CHh5LKPI

Username : xxx_heel_xxx@yahoo.com
Password : MJY0BUY

Username : i_l0ve_u_786@yahoo.com
Password : rYvLgPrt

Username : mubashar_siddique@yahoo.com
Password : F9Gzgwb5

10.) www.warezquality.com {Every thing}

Username : ageg2020
Password : z8fsDfg3

11.) wwww.warezreleases.com {All Stuff}

Username : HnRPxKQz
Password : a59KBV7

Username : a25bipZP
Password : 1TeVnoJb

Username : SHYyJfWU
Password : P4K20uO

12.) www.fulldownloadaccess.com {All Stuff}

Username : mpuv3y
Password : umvpy3x

13.) www.alphaload.com {All Stuff}

Username : AL3429352
Password : ykbcKTNS

Username : AL3429355
Password : RCHAbhKM

Username : AL3429350
Password : gMZNFcyS

Username : AL3429351
Password : cTAkWAxc

Username : AL3429352
Password : ykbcKTNS

14) www.gamedownloadnow.com {All Stuff}

Username : ga20me
Password : ke01feb

15.) www.unlimiteddownloadcenter.com {All Stuff}

Username : cu20me
Password : ke01feb

16.) www.tvadvanced.com {online Tv}

Username : mv03dl
Password : frmvdl

List of all the SQL Injection Strings

One of the major problems with SQL is its poor security issues surrounding is the login and url strings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .

First SEARCH the following Keywords in Google or any Search Engine:

admin\login.asp
login.asp

with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable

INJECTION STRINGS: How to use it?

This is the easiest part…very simple

On the login page just enter something like

user:admin (you dont even have to put this.)
pass:’ or 1=1–

or

user:’ or 1=1–
admin:’ or 1=1–

Some sites will have just a password so

password:’ or 1=1–

In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.

The one I am interested in are quick access to targets

PROGRAM

i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string

combo example:

admin:’ or a=a–
admin:’ or 1=1–

And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string

Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever

inurl:login.asp
index of:/admin/login.asp

like this: index of login.asp

result:

http://www3.google.com/search?hl=en&ie=ISO…G=Google+Search

17,000 possible targets trying various searches spews out plent more

Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so

http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp

and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter

1) A Proxy list
2) My Target IP list
3) My Combo list
4) Start.

Now I dont want to go into problems with users using Ares..thing is i know it works for me…

Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.

There you go you should have access to your vulnerable target by now

Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes

user=’ or 1=1– just as quick as login process