Friday, May 3, 2013

How To Hack A Website - Simple Demo | Kali Linux / BackTrack | Pranshu

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn


 I was testing for SQL vulnerabilities at random over the Internet and found a whole lot of websites that are still vulnerable to SQL injections. I refrained from any further testing due to lack of explicit permission by owners.However, here's a demonstration--from one of my penetration testing projects--of how these websites may be hacked if the SQL vulnerabilities are left unpatched.

Tip: Read up a little on SQL injection. For example, start with figuring out what this is trying to do:
SELECT * FROM users WHERE name = '' OR '1'='1';


The tool sqlmap comes preloaded with both Kali and Backtrack.

If the dynamic parameter in the php script is vulnerable then sqlmap will try to inject code into it.

I've blacked out the website's information for obvious reasons.

First, get the tool to list the available databases:



The 'information_schema' DB is where MySQL stores the schema, so I'm not interested in that one. The other one is my target.

I try to grab the 'tables' available in this other database:


There are a bunch of tables that get listed, among those the table 'members' looks interesting, grab the columns for that table:

 And I see a column with passwords, I'll get the hashes here (I've seen some web admins who are so careless that they store the passwords in plaintext which would require no password cracking):



Finally, I get my hands on the password hashes and the reverse engineering begins from there (use jtr):


Unless you actually know what sqlmap did for you in the background, it is not that interesting and makes you a perfect script kiddie.

Once you crack the password hashes, you can login to the website's control panel as 'admin' and then change html files (index.html for homepage). That would be website defacing.

Disclaimer: As stated in the beginning, this excerpt is from an authorized penetration test. If you notice an SQL weakness in a website, please refrain from engaging in illicit activities and inform the web administrator.
Posted by
Labels: , ,

47 comments:

  1. AnonymousMay 13, 2013 at 7:23 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. AnonymousMay 14, 2013 at 11:13 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  3. AnonymousMay 14, 2013 at 1:02 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  4. AnonymousMay 16, 2013 at 10:11 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  5. AnonymousMay 18, 2013 at 7:15 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  6. AnonymousMay 18, 2013 at 11:31 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  7. AnonymousMay 20, 2013 at 9:43 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  8. AnonymousMay 21, 2013 at 10:20 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  9. AnonymousMay 21, 2013 at 2:53 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  10. AnonymousMay 22, 2013 at 2:12 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  11. AnonymousMay 22, 2013 at 2:25 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  12. AnonymousMay 22, 2013 at 3:12 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  13. AnonymousMay 22, 2013 at 3:31 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  14. AnonymousMay 22, 2013 at 11:15 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  15. AnonymousMay 22, 2013 at 9:39 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  16. AnonymousMay 23, 2013 at 7:58 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  17. AnonymousMay 25, 2013 at 2:21 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  18. AnonymousMay 25, 2013 at 2:44 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  19. AnonymousMay 26, 2013 at 8:16 AM

    WONDERFUL Post.thanks for share..extra wait .. …

    Also visit my web site ... spain tourist board

    ReplyDelete
  20. AnonymousMay 26, 2013 at 10:08 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  21. AnonymousMay 26, 2013 at 6:45 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  22. AnonymousMay 26, 2013 at 6:45 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  23. AnonymousMay 26, 2013 at 6:49 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  24. AnonymousMay 26, 2013 at 7:35 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  25. AnonymousMay 27, 2013 at 12:24 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  26. AnonymousMay 27, 2013 at 10:16 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  27. AnonymousMay 29, 2013 at 12:42 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  28. AnonymousMay 29, 2013 at 7:50 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  29. AnonymousJune 3, 2013 at 12:33 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  30. AnonymousJune 4, 2013 at 8:35 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  31. AnonymousJune 5, 2013 at 4:47 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  32. AnonymousJune 6, 2013 at 12:16 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  33. AnonymousJune 6, 2013 at 5:44 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  34. AnonymousJune 7, 2013 at 9:31 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  35. AnonymousJune 8, 2013 at 5:19 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  36. Nilesh BhatiaAugust 22, 2013 at 12:51 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  37. AnonymousDecember 4, 2013 at 8:45 PM

    ">

    ReplyDelete
  38. AnonymousApril 3, 2014 at 11:17 AM

    hey your blog is infected with comment spams

    ReplyDelete
    Replies
    1. Pranshu BajpaiApril 6, 2014 at 5:06 AM

      Yes, that was before I turned on the Captcha. Now I manually approve each comment. I will remove these spam comments soon someday.

      Delete
  39. UnknownJune 15, 2014 at 5:45 PM

    hey what it d command for access table datas?

    ReplyDelete
  40. UnknownAugust 24, 2014 at 11:26 AM

    if the website not having sql vulnerability then how to hack..

    ReplyDelete
  41. AnonymousOctober 13, 2014 at 7:01 PM

    yeaah

    ReplyDelete
  42. AnonymousNovember 29, 2014 at 12:57 PM

    the bug is cosed :(

    ReplyDelete
  43. AnonymousApril 15, 2015 at 2:41 AM

    Which school did you go to for becoming a penetration tester? :)

    ReplyDelete
  44. AnonymousApril 12, 2016 at 12:43 AM

    hi Mr pranshu bajpai really you know about penetration

    ReplyDelete
  45. AnonymousApril 12, 2016 at 12:46 AM

    oh really pranshu you know about penetration

    ReplyDelete
  46. AnonymousNovember 29, 2016 at 12:55 PM

    sIR I AMA NOT HAVING VERNUBILITY OF THE WEBSITE THE HOW CAN I HACK THE DATA BAES

    ReplyDelete

Subscribe to: Post Comments (Atom)