Sunday, August 30, 2009

Hacking websites : How to hack websites By using SQL Injection


DISCLAIMER: THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY . IF ANY ONE MISUSED IT I AM NOT RESPONSIBLE FOR THAT.
SQLI Helper to hack website
Today i am GOing to Describe What the SQL Injection IS and How It will Going to help in Hacking the Websites..
I was Asked By Warious Users To Write A Turotial About
HOW TO HACK THE WEBSITES?
Today I am Going to Discuss the Easiest Way to hack the Websites i.e SQL Injection Techniques.
We Will Use The Software SQLI Helper to Perform This. I have provided link for software download... just read on.



How to hack website using SQLI Helper:

SQLI Helper is handy software to hack website. You don't need to have any knowledge of SQL to hack website using SQLI Helper. Just follow the guidelines below:

1. Free DownLoad SQLI Helper to hack website.



Password: techotips.blogspot.com

2. Unzip the file to obtain SQLI Helper to hack website.

3. Now, when you have website hacking software, you need to find website with potential vulnerability. There are some websites that are unhackable. While finding hackable websites, it is better to search for sites with format "article.php?id=[number]" in url.

Lets consider one example which I will use in this article:

http://encycl.anthropology.ru/article.php?id=1

Check whether your searched victim site can be hacked by entering:

http://encycl.anthropology.ru/article.php?id='1

in address bar and hit enter. You will get error message like:

Query failed.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname

If you get such error message, it is confirmed that you can hack website using this method and now you can move forward to hack website.
4. Run SQLI Helper on your Computer.
SQLI Helper to hack website
5. In target field, enter http://encycl.anthropology.ru/article.php?id=1 (the website url you just discovered as hackable) and hit on "Inject".

6. SQLI Helper will search for columns and you will have something like this:
Website hacking software
7. Hit on "Get Database" to get:
Hacking website down
8. Select any element from "Database Name" and click on "Get Tables".
Hack website using software
9. Now, select element from table and hit on "Get Columns". I have selected "user" to get userid and password required for login.
Hacking website software
10. Now, when you know "user" table has columns "usr_login" and "usr_pass", select them and hit on "Dump Now".
How to hack website
11. You will get values like these:
password hashes cracked
12. The values achieved are actually in hash and hence you have to crack these hashes to get userlogin and password to hack website. For this, go tohttp://www.md5crack.com/ and crack the hash using "Crack that hash baby" button. Thus, you are now able to hack website as you have got website user id and password. Once, you get admin password, you can easily hack website.
Thus friends, now, I hope you know how to hack website using SQL Helper. Note that using this method you cannot hack every website. SQL Helper will help you to hack website in easy way. If you have any problem in usingSQL Helper to hack website,please mention it in comments.

Enjoy SQL Helper to hack website...
DON'T FORGET TO SAY THANKS !

27 comments:

  1. Really Nice Tutorial... I love You site.. Keep..

    ReplyDelete
  2. Damn Good... i visited your blogspot todafor the 1st time. i m impressed by the way you teach and share your knowledge. i request you to conti this sharing. :) all the best.

    ReplyDelete
  3. awesome .. really a good tutor...

    ReplyDelete
  4. U rock Man.. Now i am hacker..

    ReplyDelete
  5. your blog is Unique yaar...

    ReplyDelete
  6. u r really rocking dude. but i need one small help, i am trying for premium accounts but i am unable to acheive those. could u pls tel me the rapidshare preimium account andd password to my mail ravellavarun@gmail.com
    u knw since tree days i learned a lot by this blog

    ReplyDelete
  7. Yaa that's Beacause of Rapidsahre's New Policy ..
    If the One Premium account is being sahred by 3 Ip's a the Same time Its password will be reseted or Even the account will be banned..
    My 7 accounts are banned and 2 still working but their password changes daily..

    ReplyDelete
  8. dude the sftwre u askd to dwnload is asking for passwrd to unzip ply give me the psswrd

    ReplyDelete
  9. hey dude what if they have removed the page with article.php?id=1 and the new pages are like node/1,node/2,....etc...

    ReplyDelete
  10. the setup is not working,it says "failed to initialize"
    does it need any other software to run it such as .net

    ReplyDelete
  11. why are you not replying....

    ReplyDelete
  12. yeah it need .net framework to run..

    ReplyDelete
  13. @Vivek
    itz the limitation of software..

    ReplyDelete
  14. step s sayin error......... its nt workn at all.... same u did in hackforum.. also not workin try to be perfect befor u postin somthn

    ReplyDelete
  15. which step showing error tell Me.. I will help you.

    ReplyDelete
  16. For the first time i had seen a real hacking website........awesome man.....

    ReplyDelete
  17. how will i find the id number i mean u wrote php?id=1 wat s this i dont understand

    ReplyDelete
  18. I don't mind leeching my posts but at lest give me credits for my work

    ReplyDelete
  19. noob check the time when its get posted .... Its Auguest 2009 post... i.e This post was so old when u havn't even started hacking...
    Rofl I am ur Dad in Hacking... I never leeched any article from any website.... I write my articles based on my experience and practicals not just by listening noobs....

    ReplyDelete
  20. "Object reference not set to an instance of an object." whts this means ?

    ReplyDelete
  21. i can download the sql injection pls help me

    ReplyDelete
  22. pls help me here is my e mail address kup7502003@yahoo.com pls i want to know how to hack for credit card?

    ReplyDelete
  23. Sir when i unzip sqli helper,Antivirus install in my pc take it as an infected file and i hv to delete it...
    I cant use it????

    Plz tell me solution.....
    Gaurav

    ReplyDelete
  24. what is the passwords??? coz de blog is empty n i can't find de password...

    ReplyDelete
  25. I AM GETTING TILL COLUMN USER LOGIN AND USER PASSWORD BUT WHEN I DUMP I CAN'T GET THE DATA INTHAT

    ReplyDelete

Please do not spam.

Designed by Hackingloops.