Now we will Discuss on an exciting topic " How to Deface Websites using the SQL injection and PHP shell code Scripting".. Today I will show you the 100% working method for Hacking Websites and then Defacing them...
FIRST OF ALL YOU SHOULD KNOW WHAT IS DEFACEMENT??
Defacing a website simply means that we replace the index.html file of a site by our file. Now all the Users that open it will see our Page(i.e being uploaded by us).
For Defacing a website, three things that you need Most are:
1. SQL Injection(For analyzing website loops)
2. Admin Password
3. Shell Script (for getting Admin Controls)
Now I'll explain what is SQL Injection :
SQL Injection is a Type of security exploit in which the attacker "injects" Structured Query Language through (SQL) code through a web form input box, to gain access to resources or make changes to data
Its a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database backend
Programmers use sequential commands with user input, making it easier for attackers to inject commands
Attackers can execute arbitary SQL commands through the web application.
Now Lets Start the Tutorial:
You must lookup to one of the famous SQL injection a site http://www.milw0rm.com/ If you have any doubts I will clear them....
What Should You Look For
Try to look for pages that allow a user to submit data, for example : a log in page,search page,feedback,etc
Look for HTML pages that use POST or GET commands
If POST is used you cannot see the parameters in the URL
Check the source code of the HTML to get information
For example, to check whether it is using POST or GET, look for the <Form> tag in the source code
<Form action =search.asp method=post >
<input type = hidden name=X value=Z>
</Form>
Here Now You Can Perform Your Penetration Testing Using The Following Tools & Instructions :
1) Exploit scanner (this will find vulnerable websites)
Code:
Code:
http://rapidshare.com/files/24802790...oitscanner.zip
2) SQLi helpper (this tool will do all the injecting job and get you the pass or hash)
Code:
2) SQLi helpper (this tool will do all the injecting job and get you the pass or hash)
Code:
To crack the password there are three ways
1) Check the net whether this hash is cracked before:
Download:
http://www.md5decrypter.co.uk
2) Crack the password with the help of a site:
Download::
2) Crack the password with the help of a site:
Download::
3) Use a MD5 cracking software:
Download:
Password = OwlsNest
2) DEFACING THE WEBSITE
After getting the password you can login as the admin of the site. But first you have to find the admin login page for the site. there r three methods to find the admin panel.
1) You can use an admin finder website:
Code:
http://4dm1n.houbysoft.com/
2) You can use an admin finder software:
2) You can use an admin finder software:
Code:
http://rapidshare.com/files/248020485/adminfinder.rar
After logging in as the admin you can upload photos to the site. so now you are going to upload a shell into the site using this upload facility.
Dowload the shell here:
http://rapidshare.com/files/248023722/c99.rar After logging in as the admin you can upload photos to the site. so now you are going to upload a shell into the site using this upload facility.
Dowload the shell here:
Extract it you will get a c99.php upload it.
Some sites wont allow you to upload a php file. so rename it as c99.php.gif
Then upload it.
After that go to http://www.site.com/images (in most sites images are saved in this dir but if you cant find c99 there then you have to guess the dir)
find the c99.php.gif and click it..
Now you can see a big control pannel....
Now you can do what ever you want to do...
Search for the index.html file and replace it with your own file.
So if any one goes to that site they will see your page....
THERE IS ONE MORE METHOD TO FIND THE VULNERABILITY AND EXPLOIT IT :
One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective
Supported Databases With Havij
- MsSQL 2000/2005 with error.
- MsSQL 2000/2005 no error union based
- MySQL union based
- MySQL Blind
- MySQL error based
- MySQL time based
- Oracle union based
- MsAccess union based
- Sybase (ASE)
Demonstration :
Now i will Show you step by step the process of SQL injection.
Step1: Find SQL injection Vulnerability in tour site and insert the string (like http://www.target.com/index.asp?id=123) of it in Havij as show below.
Step3: Now click on the Analyse button as shown below.
Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:
Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:
Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.
Countermeasures:
Here are some of the countermeasures you can take to reduce the risk of SQL Injection
1.Renaming the admin page will make it difficult for a hacker to locate it
3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings
4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.
0 comments:
Post a Comment