All great things are simple, and many can be expressed in single words: freedom, justice, honor, duty, mercy, hope

Saturday, September 1, 2012

Hacking website using SQL Injection -step by step guide

Before we see what  SQL Injection is. We should know what SQL and Database are.

Database:


Database is collection of data. In website point of view, database is used for storing user ids,passwords,web page details and more.

Some List of Database are:

* DB servers,

* MySQL(Open source),

* MSSQL,

* MS-ACCESS,

* Oracle,

* Postgre SQL(open source),

* SQLite,

SQL:


Structured Query Language is Known as SQL. In order to communicate with the Database ,we are using SQL query. We are querying the database so it is called as Query language.

Definition from Complete reference:


SQL is a tool for organizing, managing, and retrieving data stored by a computer database. The name "SQL" is an abbreviation for Structured Query Language.

For historical reasons, SQL is usually pronounced "sequel," but the alternate pronunciation "S.Q.L." is also used. As the name implies, SQL is a computer language that you use to interact with a database. In fact, SQL works with one specific type of database, called a relational database.

Simple Basic Queries for SQL:


Select * from table_name :

this statement is used for showing the content of tables including column name.

For eg:

select * from users;

Insert into table_name(column_names,...) values(corresponding values for columns):

For inserting data to table.

For eg:

insert into users(username,userid) values("TheSec","break");

What is SQL Injection?


SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.

What an attacker can do?

* ByPassing Logins

* Accessing secret data

* Modifying contents of website

* Shutting down the My SQL server

Now let's dive into the real procedure for the SQL Injection.
 

 Steps.


Finding Vulnerable Website:

Our best partner for SQL injection is Google. We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.

Some Examples:

inurl:index.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:pageid=

Here is the huge list of Google Dork

http://www.4shared.com/file/lzdEULnW/new_file.html

How to use?

Copy one of the above command and paste in the google search engine box.

Hit enter.

You can get list of web sites.

We have to visit the websites one by one for checking the vulnerability.

So Start from the first website.

- After finding the vulnerable website open Havij, lets say the vulnerable site has

URL:- “http://website.com/index.php?module=pages&id=85”

- If you get error then site is vulnerable to S.Q.L. injection attack .

-Download havij from here.

- After opening Havij paste the above URL like this i-e of vulnerable Site:-

- After that hit “Analyze” and thus it will scan site that whether sql injection is possible or not.

- It will tell you the type of server and also the type of OS running on the server and will give a message like :- Target Vulnerable  if the site is vulnerable.

Now go to “Tables” and “Get Database” and after getting data bases check all of them and hit “Get Tables” After getting tables of DB’s , select the admin table and hit “Get Columns” , after getting columns now a hacker can check the password and username column and can hit “Get Data”.

Now a You will get data in encrypted form , like mostly in “md5 hash” but we can decrypt it easily by using havij or other online tools present, After decrypting md5 , you have to find “admin page” using havij, find the buttons for decrypting md5 and finding admin page, Point the browser to the admin page, where you have to put the decrypted “password” and “username” of the admin to login into the website.

Thus after successful login into the website as admin the hacker can do whatever he wants.

No comments:

Post a Comment

UA-35960349-1