Professional Documents
Culture Documents
com
Copy to : Everyone Ebook By DonXirus
Copy to : Everyone Ebook By DonXirus
5- Tabs appear as shown below, then we enter the dorks that we will use for our Target. My
advice is to use only 15k so that the Sqli dumper will not crash,
6- Now connect your choosing vpn, i preffer zenmate, express vpn with Mouse and Keyboard
Recorder for auto ip switch every 1 min. then we click the Start Scanner in the top right corner.
A- Scanning Dorks
Copy to : Everyone Ebook By DonXirus
7- Wait until you get at least 50K+ urls as result like on the creen bellow.
8- After the Start Dorks Scanner process is complete, then we open the Exploitables tab. After
entering the Exploitables tab, click the Start Exploiter again as shown in the following picture.
B- Scanning forExploitables
Copy to : Everyone Ebook By DonXirus
9- After the start exploiter process is complete we will get a result like this as on the screen
bellow.
I did stop scanning to give you just an example. But you need to keep scanning until all URLs
are done.
10- Now enter the next tab, the Injectables tab. Almost the same as in the tab before, we
only need to click Start Analizer in the upper right corner of the tab. as in the following picture.
Copy to : Everyone Ebook By DonXirus
12- Now select all those injectable urls then follow the screen bellow
Copy to : Everyone Ebook By DonXirus
D- Dumping Phase
13- Then a small table will apear and start giving you every Urls Content, Email, Pass, User
like on the screen bellow.
Copy to : Everyone Ebook By DonXirus
14- Now it’s time to check all those urls one by one,
1- For Combos ( email :pass , User, pass) Check Rows as on the screen bekllow
2- 6708 is our target combo with the same count of (6708 email = 6708 user = 6708 pass)
3- Now click on the url then go to Dumper & click on New dumper instance.
Copy to : Everyone Ebook By DonXirus
8- Now Before you start dumping, follow the options as on the screen bellow. When all is set up
as well click on Dump Data and wait untill the dumping procces is 100% done.
10- You will get a small table like this, now click on Custom, then put ( : ) as separator then click
start and choose where to save your combo.
12- At this time the password of our e-mail can still be HASH. Next we change the next hash to the
original password.
13- But now i need to tell you one thing that you need to know before starting the first Dorks
scanning phase.
--------------------------------------------
A- Mysql Warning Dorks method
1- Mysql Warning Dorks method Getting mysql database
Keep the form & just replace the Warnning with your diserved target Keyword
"id=" & intext:"Warnning: mysql_fetch_array()
"id=" & intext:"Warnning: getimagesize()
"id=" & intext:"Warnning: session_start()
"id=" & intext:"Warnning: mysql_num_rows()
"id=" & intext:"Warnning: mysql_query()
"id=" & intext:"Warnning: array_merge()
"id=" & intext:"Warnning: preg_match()
"id=" & intext:"Warnning: ilesize()
"id=" & intext:"Warnning: filesize()
Copy to : Everyone Ebook By DonXirus
Keep the form & just replace the +site: (X domain) to your diserved country
like +site:Fr, +site:Pl, +site:Com ...
intext:"error in your SQL syntax" +site: (X domain)
intext:"mysql_num_rows()" +site: (X domain)
intext:"mysql_fetch_array()" +site: (X domain)
intext:"Error Occurred While Processing Request" +site: (X domain)
intext:"Server Error in '/' Application" +site: (X domain)
intext:"Microsoft OLE DB Provider for ODBC Drivers error" +site: (X domain)
intext:"Invalid Querystring" +site: (X domain)
intext:"OLE DB Provider for ODBC" +site: (X domain)
intext:"VBScript Runtime" +site: (X domain)
intext:"ADODB.Field" +site: (X domain)
intext:"BOF or EOF" +site: (X domain)
intext:"ADODB.Command" +site: (X domain)
intext:"JET Database" +site: (X domain)
intext:"mysql_fetch_row()" +site: (X domain)
intext:"Syntax error" +site: (X domain)
intext:"include()" +site: (X domain)
intext:"mysql_fetch_assoc()" +site: (X domain)
intext:"mysql_fetch_object()" +site: (X domain)
intext:"mysql_numrows()" +site: (X domain)
intext:"GetArray()" +site: (X domain)
intext:"FetchRow()" +site: (X domain)
intext:"Input string was not in a correct format" +site: (X domain)
Keep the form & just replace the "keywords" to your diserved target & you
can change Country domain +site:. (X domain) but this time use (+site:.)
inurl:".php?cat="+intext:"Paypal"+site:.(X domain)
inurl:".php?cat="+intext:"/Buy Now/"+site:. (X domain)
inurl:".php?cid="+intext:"online+betting"
inurl:".php?id=" intext:"View cart"
inurl:".php?id=" intext:"Buy Now"
inurl:".php?id=" intext:"add to cart"
inurl:".php?id=" intext:"shopping"
inurl:".php?id=" intext:"boutique"
inurl:".php?id=" intext:"/store/"
inurl:".php?id=" intext:"/shop/"
inurl:".php?id=" intext:"toys"
inurl:".php?cid="
inurl:".php?cid=" intext:"shopping"
inurl:".php?cid=" intext:"add to cart"
Copy to : Everyone Ebook By DonXirus
Happy Cracking
&
Have A Nice Day