hackerbrother

Learn Penetration Testing And Ethical Hacking Online.

facebook

  • Facebook
  • Popular Posts

    First of all you need to know about sql. sql stands for structured query language. Now like every language it has some keywords such as SELECT,FROM,WHERE etc. Than how these keywords work, suppose there is a database which contain tables of user's profile. This table has table name,fields,unique key etc. If we write the following code
    query =  SELECT * FROM user_data WHERE user_id = + geturlParameter("userid")
    this code means select all details from user_data table where unique id is which is taken from URL parameter.
    From above reading we have little bit knowledge of how SQL works so we can now move further.

    Injection 

    Injection flaws such as SQL,OS, and LDAP injection, occur when untrusted data is sent to an interpreter as a part of command query. The attacker's hostile data can trick the interpreter for executing or accessing unauthorized data.
    This injected data could be anything, however usually and commonly these attack uses any part of application that is passed on user-supplied data or poorly processed data to sql database.
    sql injection attacks are not the sole target of injection attacks, other interpreter such as LDAP, XPath etc can also be exposed in same way.

    How sql injection works 

    Imagine a web application that uses a database query supplied by user such a scenario is very common in fact it is the basis of dynamic website. Here suppose that your id is 32. So if you were looking at your own profile page on website, in the back end it would be constructing query such as:

    SELECT * FROM user_data WHERE user_id = + geturlParameter("userid")
    One might expect the below URL to get input parameter[geturlParameter("userid")] by user:
    http://www.somesite.com/profile.php?userid=32
    Now depending on how the query is constructed it may or may not be susceptible to injection. Of course we will examine case where it is.
    Here if we were to add sql code to the parameter "userid" in the request url, we could execute the website to that code. For example here we could do something like
    http://www.somesite.com/profile.php?uderid=32;DROP important_table
    DROP keyword means deleting in sql. Here in example DROP important_table means deleting table named important_table. With this small vulnerability whole database is lost.
    So through this method you can change,update,extract data and many more on database can be executed. 

    How sql injection can be useful in hacking

    In dynamic websites, database is created using MysSQl, where userid and passwords for particular user is stored in database and can be tricked using injecting sql commands. 
    For this you don't have to learn sql there are many software which can do this for you, some of which are Havij, Acunetix etc.
    For checking vulnerability of your website Acunetix can be useful for you but for hacking passwords for vulnerable website use havij.

    Hacking Website with havij

    Havij


    For sql injection, website url should be in below format so that havij can inject sql commands
    http://www.target.com/index.asp?id=123 
    Search for url and paste it in the field Target: and than click analyse button.
     After process of analysing target is complete, click on Tables button
     Than after checking the given keyword by clicking on it press Get Tables
     Now search for appropriate table name that should contain password such as its name can be login, admin etc.
    After finding this table, check the box for that table and press Get Columns. This will show you all columns present in that table. As for example login table in selected in below given image.
     Here again search for appropriate column name that should contain password and check it. Now press Get Data and on right side you will get data for your selected fields. In below image user_id and user_password is selected and on the right we got the password and id.  

    0 Comments