Skip to main content

Hacking a website using SQL injection:Full method

Now Lets start---->

Things you will need -->

1. Havij SQL injection Tool, download it from here(Run as Administrator)
2. A sql vunerable site, I am taking this site http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2 as an example.
3. A very important thing i.e mind.

Checking for sql vulnerability --->

Here i am taking http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2 as an example. 
Now to check is this site vulnerable to sql, I will simply add after the site url
like this http://toyonorte.com.co/catalogo_nuevos_detalle.php?id=2'
and i get this error on the site
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
It means that site is vulnerable to sql injection.

Exploiting the vulnerable site ---> 

1. Open Havij and paste site url in target field and hit enter
.
2. Now wait for Havij to get all the databases of the website.

3. Now click on available databse of site and click on Get Tables like i am gonna select 535480_toyonorte of my site like in image.


4. By clicking Get Tables Havij will look after the tables available in the database.

5. Now after the scanning Havij will get all tables, now the main work start , you have to check it there table available named as admin, users and something similar to these words like i get usuario in my website and select it and click onGet Columns. Like in pic given below.


6. Now after clicking Get Columns havij will get all the columns available in users table.

7. In my case i found diffrent columns like id, login, pass an many more.

8. Now select the columns and click on Get Data like in pic given below.


9. Now havij will look after the data available in columns login and password i.e admin username and passowrd like i get 
username --> adminpassword--> 21232f297a57a5a743894a0e4a801fc3 (in encrypted form)
Like in image below

10. Now after i get username and password there is a problem that passowrd i s encrypted in mdm language , so we have to crack it .

11. To crack encrypted password just copy password click on MD5 tab in havij and paste the encrypted password in MD5 hash field and hit start.Now havij will try to crack the password. Like i cracked in image given below.

mukeshtricks4u.blogspot.com
12. Now i get Password cracked as admin.

13. Now we will check for admin panel where we gonna login with username and passoword.

14. To find admin panel click Find Admin tab in Havij and click start. Now havij  will check the admin panel of website.
In my case i found http://toyonorte.com.co/admin/ as admin panel, now open it in a web browser and login with username and password and now you are in admin panel.

Notes--->

1. Website hacking is illegal
2. Use proxy, tor, vpn for your security.
3. This is for only educational purpose.

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play...
Post a Comment
Read more

Latest Notepad Tricks 2015 !!

By these  Latest Notepad Tricks 2015   you will be having great fun. You just need is to copy the code from here and paste in the notepad and save it with extension “ .bat ” .  1 Notepad trick to Test Antivirus :- By using these trick you can easily test your antivirus working perfectly or not. X5O!P%@AP[4PZX54(P^) 7CC)7}$EICAR-STANDARD- ANTIVIRUS-TEST-FILE!$H+H* save it as test.exe and run the file and check if your antivirus detects it then your antivirus working perfectly otherwise change your antivirus. 2 Make A Personal Log-Book or A Diary :- Copy the below code and paste it in notepad and save it as “ log.txt”. .LOG Now every time you open this log file you will have all the log details with date and time. 3 Constantly Repeat Any Messages :-  This is one of the  Latest Notepad tricks  that will repeat any of messages on computer screen repeatedly.Just copy the below code and paste in the notepad and save it as “ message.bat”. @ECHO off...
Post a Comment
Read more

Selecting a minister who is prime: The British Elections

 #10 Downing Street is the British equivalent, in London, of our White House. And there is a mad scramble among seven contenders to sit in it. n the United Kingdom, for the first time in five years, the people are going to the polls. It will happen two weeks from today, and the country with a population just shy of 70 million, a nation that has been out greatest ally almost since the day after we whipped them in our great Revolutionary War and sent them packing, except for the unpleasant time they burned down Washington DC of course, does things a bit differently than we do.  Current Prime Minister, David Cameron They have no president, and what they have, the prime minister, is not elected like our president is. In fact, in the House of Commons, their lower, popularly elected house of 650 members, the people cast the votes for the members of some seven to twelve different parties. The party that gets the most votes usually will then be asked by the Queen to form a government. And t...
Post a Comment
Read more