1. You need to find website with potential vulnerability. There are some websites that are difficult to hack. While finding websites, it is better to search for sites with format “article.php?id=[number]” in url.
Let's consider one example which we will use in this article:
http://encycl.anthropology.ru/article.php?id=1
Check whether your searched victim site can be hacked by entering:
http://encycl.anthropology.ru/article.php?id=’1
in address bar and hit enter. You will get error message like:
Query failed.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”1 ORDER BY lastname’ at line 1 SELECT * FROM person_old WHERE id=’1 ORDER BY lastname
If you get such error message, it is confirmed that you can hack website using this method and now you can move forward to hack website.
3. Run SQLI Helper on your computer.
4. In target field, enter http://encycl.anthropology.ru/article.php?id=1 (the website url you just discovered as hackable) and hit on “Inject”.
5. SQLI Helper will search for columns and you will have something like this:
6. Hit on “Get Database” to get:
7. Select any element from “Database Name” and click on “Get Tables”.
8. Now, select element from table and hit on “Get Columns”. I have selected “user” to get userid and password required for login.
9. Now, when you know “user” table has columns “usr_login” and “usr_pass”, select them and hit on “Dump Now”.
10. You will get values
11.The values achieved are actually in hash and hence you have to crack these hashes to get userlogin and password to hack website. For this, you can use http://www.md5crack.com/ and crack the hash using “Crack that hash baby” button. Thus, you are now able to hack website as you have got website user id and password. Once, you get admin password, you can easily hack website.
Download [4.1MB]
Password : 123hackz.blogspot.in
