Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 14
Members Online: 4

Registered Members: 82877
Newest Member: MWiki
Latest Articles

SQL Injection

Arrow Image SQL Injection good for beginners



So let's start with, how to find vulnerable scripts/sites. GOOGLE. Google is the best place for an attack like SQL injection. Google can find anything that wants to be found and things that shouldn't be found. There are all kinds of specially crafted search criteria you can use with google.
Like intitle: allintitle: inurl: allinurl: allintext: allinlinks: "index of" filetype:
So in other words typing some thing like: "robots.txt" "Disallow:" filetype:txt into google will give you a treasure chest of information. To help you find Pages containing login portals you could try typing some thing like allinurl:"exchange/logon.asp" or inurl:/admin/login.asp and inurl:login filetype:swf swf
For more information on how to get google to help you hack check out. http://johnny.ihackstuff.com/index.php?module=prodreviews

So with google we will target logins. When looking for a login script to attack. You can just type something like login.asp or login.php or use some of the google api inurl:/admin/login.asp. Its pretty easy to find many many many sites with logins nowadays.

An Introduction to Sql Injection

SQL is short for Structured Query Language and is a Language that is used to communicate with an SQL Database. SQL
communicates with a relational database, the most commonly used database out there. SQL uses queries to get information from tables within the database.

Find the login page for that website and test it. the greatest test string, and most simple is the ' so find the login and see if entering the ' (the apostraphe) into the username and password field. does it generate an error? nope. must be a failed site with no sql injections? think again. i normally would move to a different method if i were you, but i will tell you another string that can sometimes log you into the account without verification! try this 'OR'1=1. try that string in the username & password inputs.

You need to knwo what this statement 'OR'1=1 means. So let's break it down. ' OR ' 1 = 1.

Due to shitty coding, putting an apostrophe will close the last string passed to the script that gets passed also to the database to check the username & password sequence.you should never allow things like apostrophe's, spaces, or other wildcard character to be passed to a database entry or to any script in php or asp for that matter. the same thing could be said about cold fusion as well.

The OR statement is a sql syntax statement that means just what it says OR. So what it is saying when you enter the or statement is... check this username/password OR check the next statement.

This is the statement we passed to the script to pass to the database. 1=1. In any programming langauge this is sure to be a state that equals true. because 1 equals 1.

so now altogether. 'OR'1=1. When you enter this into a login form to get passwd as a variable to the script then to the database, it is basically saying username=true&password=true. You can try different combinations.

For the examples below lets say the table name is HellBound with columns named: username, pass, year, with this info
username nighthawk pass letmein year 2005
SELECT - The SELECT statement is used to select data from a table.
To select all columns from say the "HellBound" table, use a * symbol instead of column names, like this: SELECT * FROM HellBound
To select the columns named "username" and "passe", use a SELECT statement like this: SELECT username,pass FROM HellBound
FROM - This query selects the table name eg. 'HellBound'
WHERE - This allows you to specify specific conditions that are to be met like: SELECT * FROM HellBound WHERE pass='night'
Note that I have used single quotes around the conditional values in the examples. SQL uses single quotes around text values(most database systems will also accept double quotes). Numeric values should not be enclosed in quotes like this example SELECT * FROM HellBound WHERE Year>2003 see that I used Greater than with the WHERE clause, the following operators can be used:
= Equal
<> Not equal
> Greater than
< Less than
>= Greater than or equal
<= Less than or equal
BETWEEN Between an inclusive range
LIKE Search for a pattern
Note: In some versions of SQL the <> operator may be written as !=
SELECT * FROM HellBound WHERE pass LIKE 'O%' That SQL statement will return passes that start with an 'O'
A % sign can be used to define wildcards (missing letters in the pattern) both before and after the pattern.
SELECT * FROM HellBound WHERE username LIKE '%a' The following SQL statement will return usernames that end with an a
The AND and OR join two or more conditions in a WHERE clause
Use AND to display each user with the username equal to "nighthawk", and pass to "letmein" example:SELECT * FROM HellBound WHERE username='nighthawk' AND pass='letmein'
Use OR to display each person with the username equal to "nighthawk", or the pass equal to "letmein" example:SELECT * FROM HellBound WHERE username='nighthawk' OR pass='letmein'
The BETWEEN AND operator selects a range of data between two values Example :SELECT * FROM HellBound WHERE username
BETWEEN 'nighthawk' AND 'Mr_Cheese' This statement would return all users Hellbound rows between nighthawk and Mr_Cheese
The INSERT INTO statement is used to insert new rows into a table like: INSERT INTO HellBound
VALUES ('nighthawk', 'letmein', 2005)So this will insert nighthawk into the username and letmein into the pass and 2005 into the year.
To Insert Data in Specified Columns here is an example :INSERT INTO HellBound (username, pass) VALUES ('nighthawk', 'letmein')
The UPDATE statement is used to modify the data in a table example: UPDATE HellBound SET pass = cracker
WHERE username = nighthawk
So that example will change nighthawks password from letmein to cracked
The DELETE statement is used to delete rows in a table example : DELETE FROM HellBound WHERE Username = nighthawk
So this will delete all rows from the nighthawk (username,pass,year)
The SELECT INTO statement is most often used to create backup copies of tables or for archiving records.
The following example makes a backup copy of the "HellBound" table : SELECT * INTO HellBound_backup FROM HellBound

The ALTER TABLE statement is used to add or drop columns in an existing table
To add a column named Age in the HellBound table:ALTER TABLE HellBound ADD Age varchar(10)
To drop the Age column in the HellBound table :ALTER TABLE HellBound DROP COLUMN Age
Rember that Some database systems don't allow the dropping of a column in a table
You can use ALTER TABLE To renane a table like : ALTER TABLE HellBound RENAME Hell_Bound
To delete a table use : DROP TABLE HellBound Rember this will also delete the table structure, attributes, and indexes
What if we only want to get rid of the data inside a table, and not the table itself well you can use :
TRUNCATE TABLE HellBound

This example shows how you can create a table named HellBound, with four columns. The column names will be UserName, Password, EMail, and Age:CREATE TABLE HellBound (UserName varchar,Password varchar,EMail varchar,Age int)
you can specify a maximum length for columns like :
CREATE TABLE HellBound (UserName varchar(30),Password varchar(30),EMail varchar(30),Age int(3))

Comments

Cerealon September 03 2005 - 00:09:44
Nice man, i had to use update recently and didnt know the syntax, to bad i bugged psychomarine to tell me before i found this XD
HAckerXon September 06 2005 - 02:41:27
Awasome article.ShockB)SmileWink
Nubzzzon December 22 2005 - 18:34:33
awesome article
ranmaon May 12 2006 - 16:38:00
Sweet! thanks a lot!
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.