We all know websites need a database to store data. That is called s RDBMS – relational database management system. These databases store data in tables and columns so that it can be accessed easily. Server side languages like PHP can interact with SQL database with proper authentication and has read/write permission. Most of the sensitive information are stored in these databases like login credential. Hackers first preference is to take down a database so that he can login to the admin panel with the credentials he retrieved.
Sql injection is a method of exploiting a vulnerability in a server side script. Scripts that do not filter special chars properly are vulnerable to this attack. If a non filtered string is allowed to be in the query the string get executed as a query. This way of injecting custom crafted queries into a script is called sql injection.
consider a scenario: a php script that accepts a get parameter “name” and the script searches a table in a databse (eg url : www.example.com/search.php?name=bill).
The query looks like this
SELECT * FROM ‘profiles’ WHERE name = ‘bill’;
If you add a single quote at the end of the url
the query get executed like this :
SELECT * FROM ‘profiles’ WHERE name = ‘bill ‘ ‘;
This will give you a syntax error, this means the target is vulnerable. instead of the single quote we inject our custom queries to fetch the sensitive data.
Finding a target
You can randomly choose a target by google dorks. In the google search bar try the keyword:
you will get plenty of results, choose a target and open the url by adding a quote at the end. If the website shows a syntax error or a blank page the site is most probably vulnerable. Copy the target url to the clipboard. There are plenty other dorks try that too.
Sqlmap is a python script exclusively designed for database attacks. Its very stable and have too many options. So lets start.
# sqlmap -u http://target.com/vuln.php?id=1 —-dbs
This is the first step. Sqlmap will scan the given parameter for all possible injection technique. Once you get a possible method sqlmap will ask whether you want to scan for more vulnerabilities. You can stop or continue, thats up to you. since we gave the “–dbs” option, sqlmap will retrieve the database names. Once you get the database name you can fetch tables and columns
This will help you to get the admin login details. You can access to the control panel and deface the whole website. I have designed a simple script to find admin panel of a website. Download cpsan.py from GitHub. click here .
This python script bruteforce all the possible directories of a server and detects control panel by http response codes. This can detect almost 85% of websites. Hope this helped you guys. Any doubts or questions please use the comment box below.
I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.
After the WannaCry ransomware attack, checkpoint researcher has found a Chinese based threat operation called “FIREBALL”. The FIREBALL malware has affected more than 250 million computers across the globe, India being the most affected... The post FIREBALL – Malware Alert! millions of systems infected again appeared first on Khromozome.
In the previous blog i have introduced what is a rubber ducky and how to use attiny85 as a rubber ducky. If you haven’t read that, you can check it out here. This is... The post How to get meterpreter shell with a Rubber ducky – attiny85 appeared first on Khromozome.
We all have seen the hacking scenario in movies where the hacker plugs a USB and the whole system gets pwned. That scene is now possible. Hack5 have released their specially customized USB hardware... The post 1$ Rubber Ducky – Hack any PC within seconds MR.Robot style using Attiny85 appeared first on Khromozome.
Backdoor factory (BDF) is a pre-installed application in Kali Linux, its used to inject shell-code to any windows application. BDF can inject custom shell-code to an existing binary by adding malicious code in between... The post Backdoor factory – How to inject shell-code into windows application appeared first on Khromozome.
Tor is one of the best freely available network to protect your identity. Its considered safe because of its highly cryptographic data transfer methods. I’m not going to explain working of tor in detail,... The post TorGhost – channel all traffic through tor network in kali linux appeared first on Khromozome.