MySql injection

Hey everyone. Here i have been trying to do a mysql injection and have been successful half way. Im a newbee in hacking so need some help here :P.

ok what i have tried is

http://***.******.***/v2/news.php?news=0 UNION ALL SELECT 0,news_id,details,0,0,0 from news/*

works and looks lovely. but wat is not working and i cant make it work is

http://***.******.***/v2/news.php?news=2997; UPDATE news SET details='essential security'/*

tried many things but still kant get it work. i know the basic of php and mysql but still cant make it work though.. :(

You're mixing MySQL injections with MS-SQL injections. Look more into some whitepapers on MySQL injections. Or later today I'll upload my old visual guides for anyone else also interested.

:o never thought so i would be doing something so dumb.. btw all i know is MySql so i never thought i will be using MsSql.. thanks for the quick reply. cant wait to see the article

Sorry for the time it took to post here, had to do something. http://rapidshare.com/files/179256157/blindsql.swf.html If anyone downloads it, please reply. Gay rapidshare only allows me to let 10 people download it and I want to make sure DC has a copy. If it's down, I'll host it somewhere else (suggestions welcome).

You're not making a dumb mistake, don't worry. Issue an @@version if you have any kind of output from your injection. Then you can make sure what kind of SQL db you are attacking. However, you have tried to end the sql query and then create your own. This kind of injection is only possible in MS-SQL. That is what you are mixing up.

The version of MySql is 4.1.7. Dont know the reason but i have to use unhex(hex(@@version)) to get the version ?

it seems that i cant run a 2nd query with mysql_query of php.. so i got the user and password.. user is admin and password is 534a94c87b96391f0ae349e9b2e19d14 i have tried the online crackers but no luck so trying many methods now. how is it possible to find the login page ? i have tried many guesses but no luck :(

You could try blindly guessing, that shouldn't be too hard. Or you could try using a program like Intellitamper to just list all the files and directories on the site. Yeah, try Intellitamper out and you should be good.

Thanks Bro.. im progressing further more. they have a HTTP Authentication setup.. now im trying to crack the password with rainbow crack…

Thanks you guys thanks alot:happy:

:( i cant get the password cracked … anyone can tell me how this can be done ?

lol you could try the rainbow table method or you could try a hash cracking program. Maybe you can get Cain to do it.

Brute force it. JTR or Cain will do.

Rainbow tables. Get a portable HDD, fill her up with those tables and get cracking.

Don't bother creating charlengths 1 to 5. 6-12 is what you're probably after.

using cain at the moment and it says 15 years… something like that :wow:

using rainbowcrack also… having a little problem here.. i don't fully understand the rtgen wat should i actualy try ? is the following command ok ?

rtgen md5 alpha-numeric-symbol14-space 6 16 0 2400 97505489 all``` 

i can understand
6 is the minimum characters
16 is the maximum.
0 - no idea
2400 - no idea
97505489 - no idea
all - no idea

and why dont people upload this stuff ?

DCs wrote: and why dont people upload this stuff ? … They do. Guess you just haven't gone looking for it yet. If I wanted to download rainbow tables containing md5 hashes, I'd probably go look at a search engine.

Zephyr's right, you're going to have to search for one. Actually, now that I think about it, hak5.org has community rainbow tables. I've never used them but I used to hear about them on that site a lot, maybe you should go check it out.

The problem with good rainbow tables is that they're BIG. Huge. The best way of getting them is either generating yourself, or buy sets of DVDs/portable HDD.

There are a few rainbow sellers out there. Not sure about the price.

sorry for talking dumb before googling stuff. i want to generate and store it in dvds.. but i dont know what is the best command i have to use to generate them. i think i can generate them very fast as i have full access to abt 100 pc's of which 20% i can use non stop and 10 servers which i can use to generate them :D

BTW thanks everyone.. never got so much help in trying to hack in to something.. U guys are the best !

DCs wrote: sorry for talking dumb before googling stuff. i want to generate and store it in dvds.. but i dont know what is the best command i have to use to generate them. i think i can generate them very fast as i have full access to abt 100 pc's of which 20% i can use non stop and 10 servers which i can use to generate them :D

BTW thanks everyone.. never got so much help in trying to hack in to something.. U guys are the best !

First, Cain & Able is pretty slow and I would consider looking into different programs. Second, if you have a fast download rate without a bandwidth cap I would just start downloading certain charsets with your computers and then using those. This being that others who have maximized the potential of certain GPU's are going to be able to offer incredible rainbow tables to you. Although, if you wanted to maximize the potential of your computers, learn how to use a cluster to generate your rainbow tables. It might be a bit hard, but it would be the best in the end. Especially if you have Nvidia graphics card and you are able to maximize the power of those GPU's.

so it means by encrypting something they are adding a strong security feature right :D..

I was wondering if there is a way i could find a table in 4.1.7 ? i tried mysqlbf.exe and seems it cant do the trick :( i have been guessing a table in a second website and couldn't get it through.

Also is there a way i could find all directories in a website ?

just asking if life is easy :P

DCs wrote: so it means by encrypting something they are adding a strong security feature right :D..

Encrypting data obscures it. It's only a "strong security feature" if it's AES or higher, since everything below that has been pretty well demolished by now.

DCs wrote: I was wondering if there is a way i could find a table in 4.1.7 ? i tried mysqlbf.exe and seems it cant do the trick :( i have been guessing a table in a second website and couldn't get it through.

http://www.hellboundhackers.org/forum/xss_help-15-14237_0.html Scroll down some. Read.

DCs wrote: Also is there a way i could find all directories in a website ?

Skunkfoot wrote: Or you could try using a program like Intellitamper to just list all the files and directories on the site.

DCs wrote: just asking if life is easy :P No, it's not. It's educational, though.

I just recently picked up a DB fuzzer from darkc0de. It basically just scans the site and lists whatever DB info you tell it to. It's a really handy tool, but I don't really think you should rely on it, or any other programs for that matter.

You need to be patient and learn why the things that you're trying aren't working and learn other methods so that you can try those as well. Try thinking as if you're the guy who coded that page…try to predict how he coded it so that you can have a better understanding of it. Once you understand it, and understand how to exploit the vulnerability (whether it be SQL Injection or whatever), you should be fine. :)

You guys are loadz of help.. dont know what i would do without u :P

BTW without taking your advice i tried the fuzzer stuff and in my view how it works is like a brute force tool ? rather it has a world list ? correct me if im wrong. anyways the best tool i got was GUESSING :P till now

i found the tables and fields of the second website and was even able to crack it :D the only problem is i cant find the login page :( tried teh intelliTamper but it searched upto and http authentication page and got stuck there :O. also i tried it with my own websites and coudnt find the login page. What am i doing wrong with the thing ?

ATM i tried GUESSING.. SiteMap Tools and tring to find tools but .. no luck