1. Tools
We will need only 3 of the set. Moreover, even demo versions are suitable:
a) Xspider - scans the server and site for open ports based on its vulnerability database. The demo version doesn't say where exactly they were found, but it answers questions about what they are. That's enough for us.
b) Havij - since we will be hacking only through sql-inj, it is not better to find it. Here you need to search for a crack, because not all databases in the free version are supported, fortunately, quacks are Googled instantly.
c) WSO 2.5.1 (web shell). So that what you're doing looks like real hacking.
2. Ass Protection
This is for the taste and color, I have VPN+RDP and proxy is quite enough. If there are no defaces/deletions/other unpleasant / visible things to the admin, then you will most likely not even be noticed.
3. Let's go
Looking for a goal. Everything is simple here. Write any word in Google and click "search". Take the desired site and put it in Xspider, click "scan". Along the way, go to 2ip.ru for example, and you are looking for neighbor sites of your already almost hacked site with money. You grab them and throw them into the Xspider. We wait...
Let's assume that Xspider managed and found something. We open the asshole and see what we have there in 80 / tcp-HTTP. Hurray! There SQL-inj is written in red. We are lucky today, we continue.
Since he doesn't say where this whine was found, we'll ask Google. Writing a request:
We will see all links with parameters (this is when something is equal to something in the address bar). That's what we need. 33% done.
Launch Havij.
In target, enter the link as in the example. It should be similar to the one that the Honourable Googol shared with us.
You don't need to push anything else, just let those who don't give a shit do it. Click Analyze. It's working! The letters ran. For more effect, set the full-screen mode) If nothing worked out, then fuck it, this site is not worthy of our attention, go ahead. If it turned out and db found, then in the tables tab, click in turn from left to right the get db, get tables buttons (bad memory but something like that). Now we are looking for something similar to user, admin, etc. We open them, put ticks on something similar to login, pass, and then Get Data.
If you're lucky, you'll get both your username and password right away. But usually the password is encrypted and becomes like "1afa148eb41f2e7103f21410bf48346c" and we have to go to our friend Google and stupidly drive the hash into it. Here we will climb a little and look for it, in huge lists it will be faster to press Ctrl+F and put the password there already.
So. We have an admin username and password. What's next? Open Havij and click on the Find Admin button, there is only one column and one button, so you will figure it out.
4. Admin Panel
In principle, we can stop here. But achieving the goal does not stop us and we want more. Now there will be little specifics, because there are a lot of different types of admins. Look in the admin panel for any way to upload a file, or better yet, a file manager, and download our WSO shell. IMPORTANT. see which folder you are uploading it to or where you are uploading it to, whether the name changes, and so on. In general, we need its specific address, which we go to and write root in the password window.
You are amazing and you have the inside of the site in front of you, you can have fun, merge databases, climb and dig, etc.Optionally re-upload and rename the shell somewhere where it will not be particularly noticeable.
If something doesn't work out at any stage, then we just look for another victim and start again. It will definitely work out someday.
We will need only 3 of the set. Moreover, even demo versions are suitable:
a) Xspider - scans the server and site for open ports based on its vulnerability database. The demo version doesn't say where exactly they were found, but it answers questions about what they are. That's enough for us.
b) Havij - since we will be hacking only through sql-inj, it is not better to find it. Here you need to search for a crack, because not all databases in the free version are supported, fortunately, quacks are Googled instantly.
c) WSO 2.5.1 (web shell). So that what you're doing looks like real hacking.
2. Ass Protection
This is for the taste and color, I have VPN+RDP and proxy is quite enough. If there are no defaces/deletions/other unpleasant / visible things to the admin, then you will most likely not even be noticed.
3. Let's go
Looking for a goal. Everything is simple here. Write any word in Google and click "search". Take the desired site and put it in Xspider, click "scan". Along the way, go to 2ip.ru for example, and you are looking for neighbor sites of your already almost hacked site with money. You grab them and throw them into the Xspider. We wait...
Let's assume that Xspider managed and found something. We open the asshole and see what we have there in 80 / tcp-HTTP. Hurray! There SQL-inj is written in red. We are lucky today, we continue.
Since he doesn't say where this whine was found, we'll ask Google. Writing a request:
Code:
site:victim.<url> inurl:=We will see all links with parameters (this is when something is equal to something in the address bar). That's what we need. 33% done.
Launch Havij.
In target, enter the link as in the example. It should be similar to the one that the Honourable Googol shared with us.
You don't need to push anything else, just let those who don't give a shit do it. Click Analyze. It's working! The letters ran. For more effect, set the full-screen mode) If nothing worked out, then fuck it, this site is not worthy of our attention, go ahead. If it turned out and db found, then in the tables tab, click in turn from left to right the get db, get tables buttons (bad memory but something like that). Now we are looking for something similar to user, admin, etc. We open them, put ticks on something similar to login, pass, and then Get Data.
If you're lucky, you'll get both your username and password right away. But usually the password is encrypted and becomes like "1afa148eb41f2e7103f21410bf48346c" and we have to go to our friend Google and stupidly drive the hash into it. Here we will climb a little and look for it, in huge lists it will be faster to press Ctrl+F and put the password there already.
So. We have an admin username and password. What's next? Open Havij and click on the Find Admin button, there is only one column and one button, so you will figure it out.
4. Admin Panel
In principle, we can stop here. But achieving the goal does not stop us and we want more. Now there will be little specifics, because there are a lot of different types of admins. Look in the admin panel for any way to upload a file, or better yet, a file manager, and download our WSO shell. IMPORTANT. see which folder you are uploading it to or where you are uploading it to, whether the name changes, and so on. In general, we need its specific address, which we go to and write root in the password window.
You are amazing and you have the inside of the site in front of you, you can have fun, merge databases, climb and dig, etc.Optionally re-upload and rename the shell somewhere where it will not be particularly noticeable.
If something doesn't work out at any stage, then we just look for another victim and start again. It will definitely work out someday.
