• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Bi0X

  • Rank
  • Birthday 10/11/1990

Profile Information

  • Location
    England, London
  1. Is there a chance this method doesn't work any more? Is there any other way I can find out how many columns it has? Also, just because using the ' sign gave me the error message the tutorial says, is the site definately vulnerable to SQL Injection, and is there another way to test if a site is vulnerable. Thanks.
  2. Is there a chance I am doing something wrong, or the tutorial made a typo or something? Am I definately meant to enter order by 1/*?
  3. In case it helps, here is the full tutorial I'm following... I'm stuck on the beginning of Section Number 2) Find the number of columns.
  4. Yeah that's right. I'm not exaclty sure what I should be looking for, but I know the SQL Syntax error is NOT it.
  5. Hello. I know this may sound like I am looking for someone to help me break into a site, and I know even if I say I won't some people will not believe me, but I assure you, I want help with this only so I know I can identify and exploit an SQL Injection vulnerability. So here it is. I recently came to this site: and by following a tutorial on how to identify if a site is vulnerable to SQL Injection, I added an ' at the end of the URL. The tutorial said if it gave me an SQL error, similiar to the one the site is giving me, then the site is vulnerable. So I moved on to where the tutorial says: To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error. order by 1/* <-- no error order by 2/* <-- no error order by 3/* <-- no error order by 4/* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that) that means that the it has 3 columns, cause we got an error on 4. I tried making the URL look like this on the site: order by 1/* and I got an error. Here is my problem, if it gives me an error when entering the number 1 before the /* part, how many columns does it have. I have tried using the numbers 1-3 and they all give me errors, what does this mean? Thanks for any help, I don't quite fully understand it yet, but I would like to know as it would probably help me get a better job in the future, knowing about how to identify and prevent SQL Injections.
  6. I'm not sure what I want to do. Right now, I want to learn EVERYTHING I can, but since that is not possible, I want to learn as much of the essentials as I can. When I ask what the best subjects would be for a hacker, just give me the subjects YOU use the most. Most of this is about other peoples personal opinions, even if you miss something from the list, if it is an essential, I'm sure I'll encounter it eventually. P.S. I found some links at the top of the page. Can anyone agree that: HTML, CSS, XML, JAVASCRIPT, ASP, PHP, SQL Are the most used subjects on that whole list? If I'm careful, I may be able to squeeze all of these in within not too long a time.
  7. OK Thanks. Great answer. I'll just wait for 2-3 more replies until I make a final choice.
  8. Hello. I was recently on and found a rather long list of subjects you can learn. HTML Tutorials Learn HTML Learn XHTML Learn CSS Learn TCP/IP XML Tutorials Learn XML Learn DTD Learn XML DOM Learn XSLT Learn XSL-FO Learn XPath Learn XQuery Learn XLink Learn XPointer Learn Schema Learn XForms Learn SOAP Learn WSDL Learn RDF Learn RSS Learn WAP Learn Web Services Browser Scripting Learn JavaScript Learn HTML DOM Learn DHTML Learn VBScript Learn AJAX Learn E4X Learn WMLScript Server Scripting Learn SQL Learn ASP Learn ADO Learn PHP Learn ASP.NET Learn .NET Mobile Multimedia Learn Media Learn SMIL Learn SVG Learn Flash Web Building Web Building Web Browsers Web Certification Web Hosting Web W3C Web Quality Web Semantic Please (OUT OF THIS LIST) can someone pick the top 5 things I should learn first, which 5 of these things would a Hacker find most useful. E.g. I reckon HTML is far more important to a hacker then most other subjects in that list. Please rank as many of these subjects as you can accordingly. I only plan to learn 5 or 6, so I need to know my time is not going to be wasted. ALSO: It would help if you can give a quick description (a sentence or so) on what the subjects you pick are used for. Thank you.
  9. Could someone tell me, is this script likely to work if activated on a domain workstation: Dim objRoot, objDomain, objOU, objContainer Dim strName Dim intUser strName ="OneTwo" Set objRoot = GetObject("LDAP://rootDSE") Set objDomain = GetObject("LDAP://" & objRoot.Get("defaultNamingContext")) Set objRootDSE = GetObject("LDAP://rootDSE") Set objOU=objDomain.Create("organizationalUnit", "ou=OneTwo") objOU.Put "Description", "User" objOU.SetInfo Set objContainer = GetObject("LDAP://OU=OneTwo," & _ objRootDSE.Get("defaultNamingContext")) For account = 1 To 20 Set objLeaf = objContainer.Create("User", "cn=" & strName & account) objLeaf.Put "sAMAccountName", strName & account objLeaf.SetInfo intUser = intUser +1 Next WScript.Echo intUser & " Users created " WScript.quit And if so, what will I need to do, is there anything I might miss e.g. Does it have to be named a specific name or just anything.vbs
  10. Hi. Can anyone tell me if there is a way to either: 1: Add a user account to a domain and set to Administrator privileges. 2: Find out the current domain Administrators password. or 3: Anything else somewhat related to these tasks. Using a VBScript ONLY. BAT Files and CMD ect are NOT an option, I need to know if this is possible through creating a .VBS File. Any help is much appreciated. Thanks.
  11. Thanks, it did help Brilliant explanation.
  12. OK. By the way unsupported, when you said "Windows does not salt the passwords line Linux/UNIX can", what does that mean exactly? I've heard the term 'salted hashes' before but I don't think I've ever actually found out what they are Thanks.
  13. The BIOS does NOT have a password.
  14. Here is just a few links to some excellent networking books I found a few days ago. They are fairly easy to understand, and cover most of the key concepts of networking. EDIT: I would say the 3rd one from the top ( is the Overall best, as it goes in depth into many different subjects, all on networking, but may not be the best choice for beginners.
  15. Batch files do not work, well... the net user function does not. It has already been denied. The computers are only accessible to students when a member of staff is in the room, running Ranger RC enables the staff to view any users screen without their knowledge, it shows all screens at once, making it difficult to do anything. The computer rooms at our school are fairly small (20 per room max) so surveillance is high.