View Thread

HellBound Hackers | HellBound Hackers | Lessons

Author

Beginner & Intermediate Guide To Blind SQL Injection

Posts: 856
Location: /var/log/messages
Joined: 30.12.04
Rank: God

Posted on 22-06-07 19:25

Visual Beginner's Guide To Blind SQL Injection

*In this video, i cover the basics of blind sql injection. We find a vulnerable page, test it for vulnerability, and exploit them. I attack two sites and gain admin priveleges in two different ways.

http://4filehosting.com/file/23692/blindsql-swf.html

Visual Intermediate Guide To Blind SQL Injection

*In this video, i attack retrieve root mysql information and use load_file() to retrieve more information on the site.

[edit]Full version available now

[/edit]

http://4filehosting.com/file/32539/blindsqlint-swf.html

-->I forgot to do INSERT INTO VALUES() in the intermediate one, so expect another intermediate guide somewhat in the future, hopefully

http://turboborland.blogspot.com

Edited by nights_shadow on 03-07-07 19:43

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

nights_shadow
Member

Posts: 856
Location: /var/log/messages
Joined: 30.12.04
Rank: God

Posted on 03-07-07 19:42

I would like to express an apology to those who downloaded the intermediate video as it was cut off. The host only managed to up 6 megs, when the actual size is 18. So, here's the full version:

http://4filehosting.com/file/32539/blindsqlint-swf.html

http://turboborland.blogspot.com

Edited by nights_shadow on 03-07-07 19:42

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

lesserlightsofheaven
Member

Posts: 723
Location: EAX
Joined: 02.11.06
Rank: God
Warn Level: 30

Posted on 03-07-07 21:26

just finished watching, very clever work.
I enjoy your videos.

"'Following a telephone line north, I have come upon some wonderful places,' continued the repairman. 'Swamps where cedars grow and turtles wait on logs but not for anything in particular; fields bordered by crooked fences broken by years of standing still; orchards so old they have forgotten where the farmhouse is. In the north I have eaten my lunch in pastures rank with ferns and junipers, all under fair skies with a wind blowing. My business has taken me into spruce woods on winter nights where the snow lay deep and soft, a perfect place for a carnival of rabbits. I have sat at peace on the freight platforms of railroad junctions in the north, in the warm hours and with the warm smells. I know fresh lakes in the north, undisturbed except by fish and hawk and, of course, by the Telephone Company, which has to follow its nose. I know all these places well. They are a long way from here--don't forget that. And a person who is looking for something doesn't travel very fast.'"

If you know it, you know it. Public no longer.

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

DigitalFire
Member

Posts: 274
Location: Or perhaps just
Joined: 02.12.06
Rank: HBH Guru

Posted on 06-07-07 04:55

i feel like an idiot but i couldn't find a download button... nor did http://4filehosting.com/file/23692/blindsql.swf get me anywhere. nights_shadow you should put those on rapidshare that worked a lot better.

I'll be in it all to watch it burn so carelessly

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

lesserlightsofheaven
Member

Posts: 723
Location: EAX
Joined: 02.11.06
Rank: God
Warn Level: 30

Posted on 06-07-07 04:59

DigitalFire wrote:
i feel like an idiot but i couldn't find a download button... nor did http://4filehosting.com/file/23692/blindsql.swf get me anywhere. nights_shadow you should put those on rapidshare that worked a lot better.

it's very light yellow text about halfway down the page.

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

DigitalFire
Member

Posts: 274
Location: Or perhaps just
Joined: 02.12.06
Rank: HBH Guru

Posted on 06-07-07 06:41

omg i cant find it...

what does the text say?

I'll be in it all to watch it burn so carelessly

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

HackingForce
Member

Posts: 328
Location: -ⁿººƁ.land-
Joined: 24.11.06
Rank: Mad User

Posted on 06-07-07 11:44

DigitalFire wrote:
omg i cant find it...

what does the text say?

it says "Please wait 30 seconds.."

and after 30 seconds, it gets replaced with a blue "Download" link...

Nice Videos Nights_shadow

‮

- I hear and I forget. I see and I remember. I do and I understand. -

Edited by HackingForce on 06-07-07 14:38

Author

RE: Beginner & Intermediate Guide To Blind SQL Injection

mitz247
Member

Posts: 246
Location: far far away
Joined: 13.05.07
Rank: God
Warn Level: 5

Posted on 06-07-07 11:53

hey man just watched the vids,, very very good!!

u should do some more

thanks alot!

$/*\/*\$ $/*\/*\$

Author

RE: ...

summersgone
Member

Posts: 1
Location: Indonesia
Joined: 08.03.07
Rank: Newbie

Posted on 18-07-07 20:25

how to do INSERT/UPDATE just after i 've figured all of the tables name and the fields name ? i tried it once using UNION UPDATE , but it failed. any suggestion ?