Warning – This article is only for education purposes, By reading this article you agree that More-tech is not responsible in any way for any kind of damage caused by the information provided in this article.
Hey Everyone
todays we have an intresting subject because this post on Website Hack,spam and its is usful for cheking your website security (realy realy important step)
this is very good and interesting line for all but for a newbie how to know about?this post gives you a complete introduction on SQL Injection. and how to preform it
DOWNLOAD & CRACK havij from here
SQL (Structured Query Language)Injection is the first step of hacking any site.By use of SQL injection we hack any site which vulnerable.SQL Injection is a technique in which hacker insert a SQL code into web pages to get Information like User or Admin Name and Passwords of site for access the site and even hack it.
SQl injection is dangerous Loophole to penetrate websites
Today there are many tools Like Havij available to find a vulnerable website and by this any newbie can hack a website so easily but there is a manual methodethat will help you better and also increase your knowledge for future.
first of all you must know how to make a dorck :
1)$_ a dorck consites of some words that tell the search engine to look for a specifc thing in a certain or Evrey website can be found
I- key words for making a dorck :
inurl:"your text goes here"
this tells your search enging to look for a certain text in the url
intext:"your text goes here"
this will tell your searche engine to look for a certain webpages that have those line of text in them
intitle:"you text goes here"
this will tell your searche engine to look for a certain webpages that have this title in them
....
2) At first we check if this website is vulnerable or not, i am going to use some pictures to help you to understand better,i am going to try to access this website's DB ; not to hack it because i am a white Hacker and do everything only for knowledge and dont forget this post is only for education purposes. well we foucs on our topic,here we test if this website is vulnerable or not.For this i am adding only a '
so the code will be like this
before:
http://www.sitename.com/newsdetail.php?id=10
after:
http://www.sitename.com/newsdetail.php?id=10'
and if this website is vulnerable we should get an error that says there was a Syntaxe error or an sql_fetch or any type of error that have a relation to datta base
and that means that this website is vulnerable to sql injection.. Copy That link in Havij as shown below
Step2: Now click on the Analyse button as shown below.
Step3: Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:
Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:
Step5: Now select the Tables with sensitive information and click Get Columns button.
Step6: Now after clicking Get Columns havij will get all the columns available in users table.
Step7: In my case i found different columns like id, login, pass an many more.
Step8: Now select the columns and click on Get Data like in pic given below.
Step9: Now havij will look after the data available in columns login and password i.e admin username and password like i get
username --> adminpassword--> 21232f297a57a5a743894a0e4a801fc3 (in encrypted form)Like in image below
Step10: Now after i get username and password there is a problem that password
is encrypted in mdm language , so we have to crack it .
Step11: To crack encrypted password just copy password click on MD5 tab in havij and paste the encrypted password in MD5 hash field and hit start.Now havij will try to crack the password. Like i cracked in image given below.
Step12: Now i get Password cracked as admin.
Step13: Now we will check for admin panel where we gonna login with username and passoword.
Step14:. To find admin panel click Find Admin tab in Havij and click start. Now havij will check the admin panel of website.
In my case i found http://target.com.co/admin/ as admin panel, now open it in a web browser and login with username and password and now you are in admin panel.
Thats It!!!