Skip to main content

How exactly do you hack a website/database? Is it just a matter of stealing an administrator’s password?

I can think of a few methods one could use to gain access to an account or a database without having authorization to do so (and these are all illegal to attempt without proof of prior permission; so if you plan on trying these out then do so on your own server running on your own hardware).
SQL Injection
This is the most popular option because it’s a direct way into the database. The simplest explanation for why SQL Injections work is that the SQL server isn’t good at differentiating between query code and user input. So if you’re not preparing your statements (parameterized queries) or if you’re not filtering user inputs to prevent someone from escaping the query and then executing SQL code from the frontend of the site (forms and URI arguments) then you’re opening yourself to a potential database breech.
There are various types of SQL Injections such as boolean-based injections that simply send the SQL server a true-or-false scenario and these are often used to verify the vulnerable nature of a website but they can also show up in login forms to gain access to an account without knowing the password (essentially sending the SQL server a “1=1” instead of the password so that it is tricked into believing that you sent all the right information to let you continue).
The way you gather passwords (and other personal information) from a database using SQL injection is to find a page whose contents is retrieved from the database (such as search results thrown into a table or into a JSON file) and then determine the structure of the database (this is all retrievable from the SQL server itself such as the case of INFORMATION_SCHEMA in MySQL).
From there you can use UNION statements or JOIN statements to fit all the data you want to on the page given any constraints (for instance if you’re dealing with a table that limits 3 columns of information at a time, then you could throw all the columns you want to gather data from into a JOIN statement and then just grab junk data for the other 2 columns to avoid throwing any errors).
Cross-Site Scripting (XSS)
This is another popular option because there’s a lot of sites out there which allows users to put Javascript into their inputs and outputs the unfiltered user inputs on the page which allows the Javascript code to be executed.
There are a couple of types of XSS attacks such as the Reflected XSS attack. If you’re not filtering GET-based inputs on the site (unfiltered URI arguments) then you run the risk of having someone throw in some Javascript code into the URL which grabs the victim’s browser cookie data for your site and then passes that information through another website (usually owned by the attacker) that simply stores the information in a document or in a database to be collected by the attacker. These malicious URLs are blocked by Google’s URL shortener but there are tons of URL shorteners out there that will still mask the malicious URL and it’ll be too late by the time the victim(s) see what has happened.
Now the important bits found in the browser cookie information is usually PHPSESSID and other authentication cookies that are used so that members of your site don’t have to log back in every time they revisit the page. If you’re storing other sensitive information (I’ve seen sites store the actual password hashes in their cookies to authenticate users) in the cookies then those will also get captured by an XSS attack.
Remote Code Execution (RCE)
This isn’t as popular an option but it is what I’d consider one of the most detrimental vulnerabilities to have on a website. An RCE attack is essentially when the site code allows for user input to be evaluated/executed on the server and that opens the door for an attacker to deploy other known attacks.
If you have an RCE vulnerability on your site an attacker could potentially run malicious code on your server that could expose the database login information from the backend code on your site or even make use of a Man-in-the-Middle (MitM) attacks where they can intercept passwords being sent from users logging in to the site.
Most of these vulnerabilities involve unfiltered user inputs. Never trust user inputs and always filter them out at all costs.
Web Shell (Unrestricted File Uploads)
A Web Shell is typically a PHP file that is designed to allow a remote user to access files on the server and any databases that are accessible from your webserver. These types of scripts can be uploaded through file upload scripts on the site that don’t block filetypes and mimetypes that are associated with backend languages such as PHP, ASP, or HHVM.
The best way to protect against these sorts of vulnerabilities is to whitelist what types of files can be uploaded to your system. And even then you still have to check for the existence of certain sequences of characters that may signify any backend language (such as blocking any images that have “<?php” or “<?=” anywhere within them, here’s an example of such an attack being used against 4chan from images that were uploaded to Imgur: Hackers are using Imgur to launch attacks on 4chan)
Cross-Site Request Forgery (CSRF)
CSRF attacks occur when you allow another website to pass queries to your website (such as through a vulnerable API or through an unfiltered URI argument). There are many ways this can be exploited but the most common way this is used is to pass form data that can be used to change the victim’s account settings such as their authentication email which could allow the hacker to simply request a password reset and your site will send the email to reset the account’s password to an email address that the hacker has access to.
You can protect against this by using a CSRF token that verifies if the form data is being sent from your website and not from any external sites that can be used to trick an unsuspecting visitor into executing queries that could cause this damage in the first place. There are a number of resources online that goes further in-depth about creating, implementing, and securing these CSRF tokens and would do a better job explaining this than I could.
SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker “injects” SQL code through a web form or manipulate the URL’s based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed
In some cases, contacting a certified and ethical hacker is the best option as they get the task done in few hours ,i recommend zidex hacker , they are one of the hacker for hire online that provide 100% refunds if their client is not satisfied with the job delivered .Learn a programming language or two. If you want to really learn how to hack websites, you’ll need to understand how computers and other technologies work. Learn to use programming languages like Python or SQL, so that you can gain better control of computers and identify vulnerabilities in systems.
Have basic HTML literacy. You will also need to have a really good understanding of html and javascript if you want to hack websites in particular. This can take time to learn but there are lots of free ways to learn on the internet, so you will certainly have the opportunity if you want to take it.
Consult with whitehats. Whitehats are hackers who use their powers for good, exposing security vulnerabilities and making the internet a better place for everyone. If you’re wanting to learn to hack and use your powers for good or if you want to help protect your own website, you might want to contact some current whitehats for advice.
Research hacking. If you’re wanting to learn to hack or if you just want to protect yourself, you’ll need to do a lot of research. There are so many different ways that websites can be vulnerable and the list is ever-changing, so you will need to be constantly learning.
Zidex hacker is also a certified hacker that have both whitehat and blackhat hacker , they are hacker agency that you can contact to assign a hacker to handle and deliver any hacking related jobs[1]
A short while back, I began a new series on database hacking, and now it's time to continue and extend your education in that field. As you know, the database contains all of the most valuable info for the hacker, including personally identifiable information, credit card numbers, intellectual property, etc. So, it's the ultimate goal of cybercrime and the APT hacker.
Start Metasploit
First, we need to start Metasploit. Once we have the metasploit command prompt, we need to define which module we want to use. In past Metasploit tutorials, we've always used exploits, but this one is a bit different. Instead, we will use a scanner among the auxiliary modules that enables us to brute force the sa password. Let's load up mssql_login:
Set Your Options
In order to run this MS SQL login module, we will need:
  1. A password file,
  2. Set the RHOSTS, and
  3. Determine the number of THREADS we want to run.
BackTrack has a wordlist specially built for MS SQL password hacking with over 57,000 commonly used SQL passwords at /pentest/exploits/fasttrack/bin/wordlist.txt. In this case, our target is at 192.168.1.103, and we will set our THREADS to 20.
Brute Force the Database Passwords
Now, we simply need to type exploit and it runs through password list until it finds the password for the sa account.
In some cases, hiring a hacker from a hacker for hire company is the effective way to get the task done in a due time as they will deliver the job without been caught or any traces from the adminstrator 
It is not necessary that all the time administrator password is required to get the database. If you find any sql injection successfully runs than it is easy to get the database tables with the particular sql vulnerability.
before your break the rule , master them first. Well my friend its not question of hacking or having the admin password or doing a brute force or using any kind of software that can return against you. all this is wrong and wrong. A professional hacker have different approach on any job they perform and of course the job should should deserve their skills as they know what they are going to do is not ethical and they are breaking the law. but to give you a simple steps and an idea:1- reconnaissance including several steps2- social Engineering 3 - digging and understanding their infrastructure sometime they dig in the rubbish tank of the company for info.4- collecting as much as information about the organization as much as possible.then they will start they showbut if he forget to protect himself he is the most stupid person that the earth saw
Labels:

Comments

Post a Comment

Popular posts from this blog

IMPORTANCE AND ADVANTAGES OF SIWES

STUDENTS INDUSTRIAL WORK EXPERIENCE SCHEME (SIWES) The Industrial Training/Students Industrial Work Experience Scheme, IT/SIWES is a new Directorate under the Vice-Chancellor’s Office.  It was established on 20th April, 2012 The Students Industrial Work Experience Scheme (SIWES) is a skills training programme designed to expose and prepare students of universities and other tertiary institutions for the Industrial Work situation they are likely to meet after graduation.  It is also a planned and structured programme based on stated and specific career objectives which are geared towards developing the occupational competencies of participants (Mafe, 2009).  Consequently, the SIWES programme is a compulsory graduation requirement for all Nigerian university students offering certain courses. The Students Industrial Work Experience Scheme (SIWES), is the accepted training programme, which
1 comment
Read more

How to Reset HP Elitebook 8460p BIOS/Administrator Password

Have you  forgotten HP Elitebook 8460p password , bios or administrator account password? How to do if both of them lost? It seems hard though there may be lots of ways that can solve it. But if we talk about it separately, such as in two parts,  HP elitebook password reset  would be not so difficult. Part 1: Reset HP Elitebook 8460p BIOS password Part 2: HP Elitebook 8460p Administrator password recovery Part 1: How to Reset Forgotten HP Elitebook BIOS Password? Generally, there are two ways to  reset forgotten BIOS password .  One  is forcing BIOS/CMOS to reset itself to its stored defaults by removing all power from it.  The other  is to use a program to either locate or identify the password, and reveal it to you or erasing the password clearly. And the most easiest and convenient method for erasing dynamic BIOS/CMOS settings is to remove battery directly from the motherboard. However, it applies to most motherboards besides HP Elitebook BIOS. Fortunately, HP Eliteb
Post a Comment
Read more

Ethical Hacking - TCP/IP Hijacking

TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session. In theory, a TCP/IP connection is established as shown below − To hijack this connection, there are two possibilities − Find the seq which is a number that increases by 1, but there is no chance to predict it. The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing . For sniffing, we use tools like Wireshark or Ethercap . Example An attacker monitors the data transmission over a network and discovers the IP’s of two devices that participate in a connection. When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS attack and then resume communication by spoofing the IP of the disconnected user. Shijack In practice, one of the best TCP/IP hijack too
Post a Comment
Read more