step2:run the software
4. In "Website and Search Engine Dork", select any dork you want. I have selected "article.php?id=".(basically we trying to obtain google dork for more info. consider prvious blog article "sql injection".
5. Now, hit on "Go" and you will see list of websites that are found vulnerable. Thus, you can hack websites mentioned in the list. Hit on "Clean Bad URL's" and then "Exploit URL".
6. SQL Scanner software will then display final list of exploited urls which are found vulnerable. Simply click on any url. I have used
http://www.michaelpollan.com/article.php?id=80%27
and you can see the results.
Thus, since the website is mentioning this error, this website is vulnerable and you can try and hack website.
http://www.michaelpollan.com/article.php?id=80%27
and you can see the results.
Click on image to see enlarged view
Thus, since the website is mentioning this error, this website is vulnerable and you can try and hack website.
7.now use above website for hacking by using following software.
download the software provided below:
3. Now, when you have website hacking software, you need to find website with potential vulnerability. There are some websites that are unhackable. While finding hackable websites, it is better to search for sites with format "article.php?id=[number]" in url.
Lets consider one example which I will use in this article:
http://encycl.anthropology.ru/article.php?id=1
Check whether your searched victim site can be hacked by entering:
http://encycl.anthropology.ru/article.php?id='1
in address bar and hit enter. You will get error message like:
Query failed.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
If you get such error message, it is confirmed that you can hack website using this method and now you can move forward to hack website.
4. Run SQLI Helper on your computer.
5. In target field, enter http://encycl.anthropology.ru/article.php?id=1 (the website url you just discovered as hackable) and hit on "Inject".
6. SQLI Helper will search for columns and you will have something like this:
7. Hit on "Get Database" to get:
8. Select any element from "Database Name" and click on "Get Tables".
9. Now, select element from table and hit on "Get Columns". I have selected "user" to get userid and password required for login.
10. Now, when you know "user" table has columns "usr_login" and "usr_pass", select them and hit on "Dump Now".
11. You will get values like these:
12. The values achieved are actually in hash and hence you have to crack these hashes to get userlogin and password to hack website. For this, go to http://www.md5crack.com/ and crack the hash using "Crack that hash baby" button. Thus, you are now able to hack website as you have got website user id and password. Once, you get admin password, you can easily hack website.
Lets consider one example which I will use in this article:
http://encycl.anthropology.ru/article.php?id=1
Check whether your searched victim site can be hacked by entering:
http://encycl.anthropology.ru/article.php?id='1
in address bar and hit enter. You will get error message like:
Query failed.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
If you get such error message, it is confirmed that you can hack website using this method and now you can move forward to hack website.
4. Run SQLI Helper on your computer.
5. In target field, enter http://encycl.anthropology.ru/article.php?id=1 (the website url you just discovered as hackable) and hit on "Inject".
6. SQLI Helper will search for columns and you will have something like this:
7. Hit on "Get Database" to get:
8. Select any element from "Database Name" and click on "Get Tables".
9. Now, select element from table and hit on "Get Columns". I have selected "user" to get userid and password required for login.
10. Now, when you know "user" table has columns "usr_login" and "usr_pass", select them and hit on "Dump Now".
11. You will get values like these:
12. The values achieved are actually in hash and hence you have to crack these hashes to get userlogin and password to hack website. For this, go to http://www.md5crack.com/ and crack the hash using "Crack that hash baby" button. Thus, you are now able to hack website as you have got website user id and password. Once, you get admin password, you can easily hack website.
ENJOY HACKING BUT NOT TO HARM OTHERS
No comments:
Post a Comment