Breaking

Google Ads

Saturday, April 20, 2019

7 STEPS TO HACK A WEBSITE VIA SQL INJECTION (ONLINE)


Hi, ever wondered how to hack a website? Or if it's doable. Maybe you wish to check how vulnerable your site is but don’t know how to go about it. Today is your lucky day because I’m about to break the steps into simplified pieces for you.

Why hack a website? Isn’t it illegal?  Before we get into the ‘HOW’, lets first look at why you or anyone would need to hack into a website.

There are different known classifications of hackers which include; white-hat, black-hat etc. White-hat hacking which is widely encouraged is an Internet slang according to Wikipedia refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. That being said, we can say the reason behind hacking a site would be to retrieve lost information about your site, checking how vulnerable your website is. In some cases, to hack into and bringing down a site dealing with stuff like child pornography.

Ok! lastly! you need to know that the information on this page or any page associated with this website is strictly for educational purposes. If your objective is to use them for illegal activities, then read no further. Spyhood takes no responsibility for any activity done with the knowledge it shares. Read our Disclaimer for more info.


NOTE: The below steps are like the basic of the basics. I use them because advanced hacking methods always tend to be too complicated for most people.

Let's get to business. Get a pen if you ain't with your Computer.

You'd be needing some hacking tools to grow as a hacker

 3 Methods to hack a website

I’ll be showing you with images different ways to hack a website and get successful results. Two of these methods is further broken into 7 easy steps. They include;
  • 1      Hacking via SQL injection(online)
  • 2      Hacking via SQL injection(with a software)
  • 3      Hacking with basic HTML coding


How to hack a website using online SQL injection in 7 steps

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

STEP 1

Use your system's firefox to open google.com and type in inurl:.php?id=  as it is in the above picture. You’ll see a list of websites with dork php. Click on any of them.

STEP 2

I choose this site. The address should start with .php

Put apostrophe i.e ' at the end of the url to check if the website is vulnerable. If it says “you have an error in your SQL syntax” like it says in the above picture, then it means the website is most likely to be vulnerable. So proceed.

STEP 3

Remove the apostrophe and add order by 2-- .This is to see how many columns the website has and probably the most important stuff you have to do here. So read carefully. 


Keep testing with 3--, 4--, 5-- until you get a message like “unknown column”. In mine, 11 is the farthest the site has as seen in the above picture, meaning there are 10 columns.

STEP 4

how to
Delete the ‘12 order by‘ and replace with null union all select 1,2,3,4,5,6,7,8,9,10--  .Mine is 10 because the site has only 10 columns. Your’s might be below or above 10. After the page loads, you’ll see a few numbers. Pick the top one. Mine is 7.

visit spyhood.com

Replace 7 in the url with @@Version  .It shows 5.092 community which is great meaning the database version is over 5(basically meaning it can be hacked).

STEP 5


hack

Now replace @@version withgroup_concat(table_name) and after the last number, add from information_schema.tables where table_schema=database()--

STEP 6


how to

Replace both tables in the url with column



visit spyhood.com



You’ll get all the information the website has. Get those interesting to you e.g full name, pass, username etc. I’ll go with username and pass.



steps in hacking a website via sql injection

 Replace column_name with username,0x3a,passand replace all the information tags with users--   



tutorial sql injection

You’ll get all the usernames and passwords associated with the site. In case it says ‘unknown username and blank list’. It means you have the wrong table, and you’ll have to go back and look for a different table. Or you can select another stuff to hack, like the product.


Here, the usernames are shown first because it comes before the pass in the url. i.e username:pass,username:pass,username:pass just like it is in the above image.


STEP 7


online hacking

To log in, google admin page finder and click on the first link. Then follow the instructions and get your own admin page finder login. I’ve already done this so I’ll login with mine.
steps
My admin page finder login is evt-me.com/login.php  .Then login with any of the logins you’ve secured. I’ll go withhacked:Karica1982  .Click on profile after it logs in and you’ll find all his stuff. 

steps in hacking a website via sql injection

steps in hacking a website via sql injection



This particular method shows you how to hack a website, and how actually easy and scary it is.

No comments:

Post a Comment