Friday, May 3, 2013

How To Hack A Website - Simple Demo | Kali Linux / BackTrack | Pranshu

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn


I was testing for SQL vulnerabilities at random over the Internet and found a whole lot of websites that are still vulnerable to SQL injections. I refrained from any further testing due to lack of explicit permission by owners.However, here's a demonstration--from one of my penetration testing projects--of how these websites may be hacked if the SQL vulnerabilities are left unpatched.

Tip: Read up a little on SQL injection. For example, start with figuring out what this is trying to do:
SELECT * FROM users WHERE name = '' OR '1'='1';


The tool sqlmap comes preloaded with both Kali and Backtrack.

If the dynamic parameter in the php script is vulnerable then sqlmap will try to inject code into it.

I've blacked out the website's information for obvious reasons.

First, get the tool to list the available databases:



The 'information_schema' DB is where MySQL stores the schema, so I'm not interested in that one. The other one is my target.

I try to grab the 'tables' available in this other database:


There are a bunch of tables that get listed, among those the table 'members' looks interesting, grab the columns for that table:

 And I see a column with passwords, I'll get the hashes here (I've seen some web admins who are so careless that they store the passwords in plaintext which would require no password cracking):



Finally, I get my hands on the password hashes and the reverse engineering begins from there (use jtr):


Unless you actually know what sqlmap did for you in the background, it is not that interesting and makes you a perfect script kiddie.

Once you crack the password hashes, you can login to the website's control panel as 'admin' and then change html files (index.html for homepage). That would be website defacing.

Disclaimer: As stated in the beginning, this excerpt is from an authorized penetration test. If you notice an SQL weakness in a website, please refrain from engaging in illicit activities and inform the web administrator.

47 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. This comment has been removed by a blog administrator.

    ReplyDelete
  7. This comment has been removed by a blog administrator.

    ReplyDelete
  8. This comment has been removed by a blog administrator.

    ReplyDelete
  9. This comment has been removed by a blog administrator.

    ReplyDelete
  10. This comment has been removed by a blog administrator.

    ReplyDelete
  11. This comment has been removed by a blog administrator.

    ReplyDelete
  12. This comment has been removed by a blog administrator.

    ReplyDelete
  13. This comment has been removed by a blog administrator.

    ReplyDelete
  14. This comment has been removed by a blog administrator.

    ReplyDelete
  15. This comment has been removed by a blog administrator.

    ReplyDelete
  16. This comment has been removed by a blog administrator.

    ReplyDelete
  17. This comment has been removed by a blog administrator.

    ReplyDelete
  18. This comment has been removed by a blog administrator.

    ReplyDelete
  19. WONDERFUL Post.thanks for share..extra wait .. …

    Also visit my web site ... spain tourist board

    ReplyDelete
  20. This comment has been removed by a blog administrator.

    ReplyDelete
  21. This comment has been removed by a blog administrator.

    ReplyDelete
  22. This comment has been removed by a blog administrator.

    ReplyDelete
  23. This comment has been removed by a blog administrator.

    ReplyDelete
  24. This comment has been removed by a blog administrator.

    ReplyDelete
  25. This comment has been removed by a blog administrator.

    ReplyDelete
  26. This comment has been removed by a blog administrator.

    ReplyDelete
  27. This comment has been removed by a blog administrator.

    ReplyDelete
  28. This comment has been removed by a blog administrator.

    ReplyDelete
  29. This comment has been removed by a blog administrator.

    ReplyDelete
  30. This comment has been removed by a blog administrator.

    ReplyDelete
  31. This comment has been removed by a blog administrator.

    ReplyDelete
  32. This comment has been removed by a blog administrator.

    ReplyDelete
  33. This comment has been removed by a blog administrator.

    ReplyDelete
  34. This comment has been removed by a blog administrator.

    ReplyDelete
  35. This comment has been removed by a blog administrator.

    ReplyDelete
  36. This comment has been removed by a blog administrator.

    ReplyDelete
  37. hey your blog is infected with comment spams

    ReplyDelete
    Replies
    1. Yes, that was before I turned on the Captcha. Now I manually approve each comment. I will remove these spam comments soon someday.

      Delete
  38. hey what it d command for access table datas?

    ReplyDelete
  39. if the website not having sql vulnerability then how to hack..

    ReplyDelete
  40. the bug is cosed :(

    ReplyDelete
  41. Which school did you go to for becoming a penetration tester? :)

    ReplyDelete
  42. hi Mr pranshu bajpai really you know about penetration

    ReplyDelete
  43. oh really pranshu you know about penetration

    ReplyDelete
  44. sIR I AMA NOT HAVING VERNUBILITY OF THE WEBSITE THE HOW CAN I HACK THE DATA BAES

    ReplyDelete