![]() |
SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - Printable Version +- 0Day Forums (https://zeroday.vip) +-- Forum: Hacking & Exploits (https://zeroday.vip/Forum-Hacking-Exploits) +--- Forum: Hacking Tutorials (https://zeroday.vip/Forum-Hacking-Tutorials) +--- Thread: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D (/Thread-SQL-Injection-Tutorial-100-NOOB-FRIENDLY-No-Previous-Hacking-Knowledge-Needed-D) |
SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - jurassic331 - 06-19-2011 SQL Injection
Hi, this thread covers all your basic SQL Injection needs. After reading this, you should be able to successfully retrieve Database information such as the username and password that are crucial for defacing sites. Bookmark this for future reference if you want. Lets start. What is SQL Injection?
Hidden Content Hidden Content If the page simply refreshes, the site is not vulnerable. But if an error of any kind pops up, the site is prone to SQLi. When you have successfully found a vulnerable site, proceed to Step 2.[/hide] Hidden Content Now here's where it gets tougher (not really). You have to look for errors as you enter new numbers. For example: Hidden Content The goal here is to find the least column the shows the error. As you can see in the example, the lowest column that we found an error on is column 6, therefore, column 6 doesn't exist and there are only 5 columns. Now we have to find which one of these five columns (it may be different in your case) is vulnerable, to do that, add this code to the end of the URL: Hidden Content Make sure to include the - in the beginning and the -- at the end, this is crucial. Remember that the code above may be different in your case regarding how many columns there are. Now, if you see numbers on the screen. You can proceed. The very first number is the number of the vulnerable column. If the number is "4" that means that the 4th column is the vulnerable column. Hidden Content If the version is 5 or above, proceed. If not, it will be harder to hack. There are other tutorials covering how to hack database versions 4 or lower. Now we must find the database name. To do this, replace the "@@version" from before with "concat(database())" like this: Hidden Content And BOOM! The database name should appear on your screen. Copy this somewhere safe, we will need this for later. Hidden Content Now, names appear. Look for obvious names hinting to tables where user information can be stored. You are looking for table names such as "Admin", "Users", "Members", "Admin_Id", Admin_pass", "User_id", etc.. The last character is chopped off? Don't worry. Count how many tables you can see, then add this code based on the tables that you can see. We will be assuming that the last table you can see is the 8th table. Hidden Content This code is to view the 9th table. Replace the 8 with a 9 to view the 10th table, and so on until you find the table that you think has the most crucial information. When you find the table, copy the name somewhere safe. We will need both the database and table names for the next step. For this tutorial, we will be using the table name of "admin". Hidden Content Didju get an error? OH NO! YOU FAIL. Choose another site. Just kidding. Go [To see links please register here] and type in your table name where is says "Say Hello to My Little Friend".In my case, this is the string that I got after I inputted "admin" to the input space: Hidden Content Now, replace the table name with hex as so: Hidden Content Notice how I added the "0x", that is to indicate that hex is being used. Remember to get rid of the quotes. Now after you enter this code, you should see where all the juicy information is contained. An example of what you should see is: Hidden Content Now say you want to view what is in the "Admin_Username" and the "Admin_pass", add this code (in this example we will be using "database" as the database name and "admin" for the table name): Hidden Content The "0x3a" will put a colon to where the information will be separated. You should get something like this: Hidden Content The username is "MyName" and the password is.. WAIT! That is MD5, crack this using Havij. Download Havij [To see links please register here] .Now as you can see. This is the login info: Hidden Content Now all you have to do is find the admin page, which is usually Hidden Content or something similar. There are tools online that will find you the admin page. Any questions? PM me. Well, that's it for this tutorial! Thanks for reading! :thumbs:
+rep for my work is appreciated.[/hide][/hide] [/hide] [/hide] [/hide] RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - magnetotransmitter334508 - 06-19-2011 as my thought ..,., It's Perfect.. RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - ruefullynpwpxwni - 06-20-2011 This tutorial is great!!! MORE TUTORIALS LIKE THIS !! :smile: RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - ease758 - 06-22-2011 nice tutotrial.... :biggrin: like it... keeep postt brotha RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - manado6 - 06-22-2011 Quote:(06-19-2011, 07:51 AM)Shining White Holmse Wrote: Quote:(06-20-2011, 05:29 PM)Nippax Wrote: Quote:(06-22-2011, 10:03 AM)mota Wrote: Thanks guys :biggrin: I'm glad you like it. RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - tadhguegdytofg - 06-23-2011 how to crack md5 hash of wordpress? RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - binervate847445 - 06-24-2011 Hey, thanks for tut. But its not working for me. [To see links please register here] post by 1--I tested i goes 10++ up, when im doing new step union select 1,2,3,4,5-- Then i get error, why? RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - renaissance336 - 06-25-2011 Very nice tutorial it will help begginers RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - Protatsuytrqjwrzb - 06-25-2011 how do i bypass the captcha google makes?? RE: SQL Injection Tutorial! 100% NOOB FRIENDLY!! No Previous Hacking Knowledge Needed :D - supereternity277061 - 06-26-2011 Thanks dude.. its help me to more understanding of SQLI :thumbs up: |