The best scanner SQL injection

While the adoption of web application for running an online business has enabled companies to connect seamlessly with their customers, it also exposed a number of security problems arising from incorrect code. Vulnerabilities in Web applications that allow hackers to gain direct and public access to sensitive information (eg personal data, login credentials).

Web applications allow visitors to send and retrieve data to / from the database via the Internet. Databases are the heart of most web applications. They store data required for web applications to deliver specific content to visitors and provide information to customers, suppliers and others

SQL Injection is perhaps the web applications-the most common hacking techniques that try to pass SQL commands through a web application for execution by the back-end database. vulnerability is presented when user input is not properly cleaned and thus executed.

Checking for SQL Injection vulnerabilities involves auditing your web applications and the best way to do this is by using automated SQL Injection Scanners. We've compiled a list of free SQL Injection Scanners we believe will be a value to both web application developers and professional security auditors.

SQLIer - SQLIer taking vulnerable URL and attempts to determine all the necessary information to exploit the weaknesses of SQL Injection by itself, does not require user interaction at all. Get SQLIer.

SQLbftools - SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL injection attacks. Get SQLbftools.

-SQL Injection Brute Forcer - SQLibf is a tool to detect and exploit the work automatizing SQL Injection vulnerabilities. SQLibf can work in the visible and Blind SQL Injection. It works by doing a simple SQL logic operations to determine the level of exposure of the vulnerable application. Get SQLLibf.

SQLBrute - SQLBrute is a tool to force the crude data from databases using blind SQL injection vulnerabilities. Supports time-based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and does not require non-standard libraries. Get SQLBrute.

Bobcat - Bobcat is a tool to assist the auditor in taking full advantage of SQL injection vulnerabilities. This is based on research AppSecInc. This can be a list of related severs, database schema, and allows retrieval of data from the table that the application of the current user has access to. Get Bobcat.

SqlMap - SqlMap is an automatic blind SQL injection tool, developed in python, capable to perform database management system fingerprint active, enumerate entire remote databases and much more. SqlMap purpose is to implement a database management tool that fully functional system that takes advantage of web application programming security vulnerabilities that lead to SQL injection vulnerabilities. Get SqlMap.

Absinthe - absinthe is a GUI-based tool that automates the downloading process and content of the database scheme is vulnerable to Blind SQL Injection. Get absinthe.

SQL Injection Pen-testing Tool - SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in Web applications. Get SQL Injection Pen-testing tools.

SQID - SQL Injection digger (SQLID) is a command line program for SQL injections and common errors in websites. This can be done follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities. Get SQID.

Blind SQL Injection Perl Tool - bsqlbf is a Perl script that lets auditors retrieve information from websites that are vulnerable to SQL Injection. Get Blind SQL Injection Perl Tool.

SQL Power Injection Injector - SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It's main strength is its ability to automate tedious blind SQL injection with several threads. Get SQL Power Injection.

FJ-Injector Framwork - FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities on web applications. This includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation. Get FJ-Injector Framework.

SQLNinja - SQLNinja is a tool to exploit SQL Injection weakness in a web application that uses Microsoft SQL Server as its back-end database. Get SQLNinja.

Automagic SQL Injector - The Automagic SQL Injector is an automatic SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where the error is returned. Get Automagic SQL Injector.

NGSS SQL Injector - NGSS SQL Injector exploit vulnerabilities in SQL injection on different database servers to gain access to stored data. Currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. Get NGSS SQL Injector.


Do you ever use a computer in a computer lab or borrow a friend or even use a computer in a public place? Well, usually klo in the Lab (based on personal experience) computer would be if you want to enter a password and should be asked first to the owner. Well, now we can see the password of the computer that we use without restarting the computer or even without installing any program like Cain, L0pthCrack, etc.. It only takes a little 'trust' to borrow a computer (fancy term social engineering) and two fruits of the program, namely pwdump6 and john the ripper. But klo happened to be common with the type of administrator login, that's hockey! cape2 not need a: friend lending login again:-D.
Previously you may never get a tutorial on how to know the user's password to hack an existing Windows XP or NT using pwdump. Yup, maybe this tutorial will be similar to the know-how to hack Windows XP, especially Windows XP SP2. Then what is the difference with the other tutorials? Currently Windows XP SP2 (or maybe SP1, CMIIW), used to protect Syskey to hash (to store encrypted passwords) can not be read and didump use or samdump pwdump. For more details, the following description of the Syskey [1]
Syskey is a Windows feature that adds an additional encryption layer to the password hashes stored in the SAM database. The main purpose of this feature is to deter ‘offline’ attack. In fact one of the most common ways to gather passwords is to copy the system SAM database and then use one of the many good password crackers to “recover” the passwords; of course physical access is almost always required. So with syskey the attacker needs to remove the additional encryption layer to get the password hashes.
If the first possible in Windows NT or XP (before SP2), we can still use pwdump or even directly with KaHT, then for Windows XP SP2 can not be used this way again (perhaps more accurately, pwdump can not be used again). Well this is the difference with the previous tutorial. If we use our previous pwdump old version, it is now used pwdump6 developed by fizzgig and the Team. If you read the README from this pwdump6, then pwdump6 are:
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.

A significantly modified version of pwdump3e, this program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is turned on. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
so pwdumpd6 can run and get the hash files needed an account that has Administrator equivalent access. Now, therefore, we must run a little social engineering. Just say to our friend, klo access the workgroup, but can klo ga pake ordinary login. But calm, usually by default the people most mebuat user with administrator account type. Or use a variety of ways, resources, effort and persuasion so that we can be able to log in first.

If you already have access to the login type of administrators, the next way is to stay running pwdump6. If you have a flash, save it and take it wherever there continues pwdump6 go, who knows handy someday .. :-D. Ok, we run pwdump6 immediately wrote this. We recommend that you first copy to the hard disk pwdump6 (do not run from flashdik).
1. CMD Run (Run-> cmd)

2. Run pwdump6 as follows (eg PwDump6 located in the folder D: \ PwDump6)

D:\PwDump6>PwDump.exe -o pass.txt

pwdump6 Version 1.3.0 by fizzgig and the mighty group at
Copyright 2006

This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.

Using pipe {C411BDE9-594E-47F4-99B5-E94ADF194A45}
Key length is 16
3. After that we will get pass.txt file containing a list of user and password are still encrypted. An example would look like the following:
Guest:501:NO PASSWORD********************* :NO PASSWORD*********************:::
HelpAssistant:1000:B3D2AE56C93F27B43C4F8419B1A21E9B: DC3DBB258A10B0C7EA9D92133267B905:::
SUPPORT_388945a0:1002:NO PASSWORD*********************: DF1DB672DA1B5C045ECA2490CA753D3B:::
4. OK! password already in hands. The next task is pulled pass.txt crack file with the help of John The Ripper. We recommend that you first save the file to a USB pass.txt or upload them to a safe place, because this cracking process can be done anytime and anywhere. Based on experience, if not too difficult to guess password such as "adminkeren", "qwerty123", which does not usually take too long to mengecracknya by John The Ripper. But if the password using a combination of strange things like "P4ssW0rD", "S03S4h", etc., usually take longer, be left to sleep or maen aja first. Ok, now how ngecraknya gini nih.

Download John The Ripper for Windows. For computers that use AMD processor, we recommend using a "john-mmx.exe". Or for that use Intel or AMD, can use the "John-386.exe". Previously pass.txt copy files into the folder where the "John-mmx.exe" or "John-386.exe" is (John171w \ john1701 \ run). After that, run the following command to stay and wait patiently for:
D:\john171w\john1701\run>john-mmx.exe pass.txt
Loaded 8 password hashes with no different salts (NT LM DES [64/64 BS MMX])
REN123 (Administrator:2)
TEBAK (Try:2)
ADMINKE (Administrator:1)
OK! password is now invisible visible. So the password for user "Administrator" is "adminkeren123", derived from combining Administrators: 2 and Administrators: 2

Administrator:1+Administrator:2 = adminkeren123
while for the user "try" is "predictable"!

Easy is not it? The point still live capture file hash (password encrypted) using pwdump6 then crack the result with John The Ripper.

Now, if we want to use computers in the Lab friends, his people do not have to search again. Stay pake aja Admin user directly again, but do not get caught with him ... .. :-D Or if you forget the administrator password, do not need to reboot the computer, then reset your password. Staying involved STEP 2 above ONLY!

(Deep UnFreezer)

Create your cybercafe operators and the users who use Deepfreeze to protect and counteract the configuration changes on your PC from viruses and users are ignorant of, so from now on be careful because of Deepfreeze on your PC can be paralyzing and password used to unlock deepfreeze will not more useful with this Unfreezer Deep?
Deep UnFreezer is a tool that allows you to change the status of Deep Freeze without needing a password or in other words paralyze Deepfreeze.
Using Deep Unfreezer very quick and easy, you simply just pay attention to the position of the radio buttons to select a running process, and ending with the save status> Exit> Restart / shutdown the PC. So change will happen after the restart / shutdown.

Follow the step below (see picture above) as a guide to use Deep Unfreezer:

Deep Unfreezer 1.Ketika run, make sure Deep Freeze detected / detected on the columns of the log, click the button to check the status of load status of Deep Freeze.
2.Apabila terdeksi the Deep Freeze does not automatically, then the user / files you have to find a position in the Deep Freeze.
3.Fungsi from the selection process of radio buttons:
A. Boot Froozen: a process that will enable Deepfreeze when the status of Deep Freeze thawed / Off.
B. Thawed on next boot: The process to disable / thawed Deep freeze over and counted (line number that is set up) to do restart. For example we set the number 2, then the non-active Deep freeze will be done two times during the restart and on restart the three automatic switches (Frozen).
C. Thawed Boot: The process to disable Deep Freeze, when the status of active Deepfreeze / Frozen.
4. Status last click the Save button> Exit> Restart / Shutdown your PC.


Hi all, here I share a variety of (hopefully until
1001 ways) to get administrator rights in Windows
(Especially Win Xp) includes various software.
When you try on your own computer make sure backup your hard drive. Sincerely for all members who
more tau. Those who want to share / discussion too please

1. Want to know the username and password only:
a. Click on START and select RUN and type in CMD and hold ENTER
(Go to command promt) and type
"Net user" (without quotation marks)
username appearing there.

2. Hack windows administrator account
(Note: not all systems are windows there)

a. Sign In as guest / limited account
b. Click START, RUN and type REGEDIT and ENTER
c. Open this directory:
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows
NT \ CurrentVersion \ Winlogon]
d. Search "" AutoAdminLogon. ", Right click and select
Modify and change the Value Data to "1"
e. Exit and restart, immediately deh / automatic login to

3. Change Account Password without OLD PASSWORD
a. Click on START and select RUN and type in CMD and hold ENTER
(Go to command promt) and type
net users administrator * (typed with signs
stars) or if its already know the username type:
net users "Pigs" * (The pig is the instance name of the username)
b. Continue to have questions for the new password, type deh
and confirm the new password again. After
the new password that you use for login.

4. Auto Configuration - Logon
a. Click START / RUN / type "control userpasswords2"
(Without the quotation marks)
b. Unchek (remove the check in writing) 'User must
Enter a user name and password to use this computer "
Choose one of the existing username and click OK
(The function each time you log directly into
administrator or the username is selected)
c. Want more, the option "password for
administrator "select Gaza" RESET PASSWORD "change tuh
according to your wishes.

5. Want to know more to hacking win xp, download

6. Active Password Changer is a solution-based DOS
Designed for resetting local user passwords in case
of the administrator's password is Forgotten or lost.
Forgotten password recovery software is useful if you
lost the administrator password and Can not access the
system operation. Other Windows login security
restrictions like 'Account is disabled', 'Password
never expires ',' Account is locked out ',' User Must
Change Password at Next Logon 'and' Logon Hours' cans
changed or reset. Supported platforms: Windows XP,
2000, NT, Windows Server 2003 and Windows Vista.
Active Password Changer Professional version now
contains Windows application and Active @ Boot Disk
Lite - Windows Vista based bootable CD / DVD ISO image.

Download: 2.80 MB



7. Password software Windows Key (recomended)
Download here:
(Name: Passware Windows Key Enterprise Edition v7.9.2141.rar
Size: 10MB
Description: Windows Password Recovery)

good luck

My Blog List


guest book

ShoutMix chat widget