MySql injection
Hey everyone. Here i have been trying to do a mysql injection and have been successful half way. Im a newbee in hacking so need some help here :P.
ok what i have tried is
http://***.******.***/v2/news.php?news=0 UNION ALL SELECT 0,news_id,details,0,0,0 from news/*
works and looks lovely. but wat is not working and i cant make it work is
http://***.******.***/v2/news.php?news=2997; UPDATE news SET details='essential security'/*
tried many things but still kant get it work. i know the basic of php and mysql but still cant make it work though.. :(
Sorry for the time it took to post here, had to do something. http://rapidshare.com/files/179256157/blindsql.swf.html If anyone downloads it, please reply. Gay rapidshare only allows me to let 10 people download it and I want to make sure DC has a copy. If it's down, I'll host it somewhere else (suggestions welcome).
You're not making a dumb mistake, don't worry. Issue an @@version if you have any kind of output from your injection. Then you can make sure what kind of SQL db you are attacking. However, you have tried to end the sql query and then create your own. This kind of injection is only possible in MS-SQL. That is what you are mixing up.
The version of MySql is 4.1.7. Dont know the reason but i have to use unhex(hex(@@version)) to get the version ?
it seems that i cant run a 2nd query with mysql_query of php.. so i got the user and password.. user is admin and password is 534a94c87b96391f0ae349e9b2e19d14 i have tried the online crackers but no luck so trying many methods now. how is it possible to find the login page ? i have tried many guesses but no luck :(
using cain at the moment and it says 15 years… something like that :wow:
using rainbowcrack also… having a little problem here.. i don't fully understand the rtgen wat should i actualy try ? is the following command ok ?
rtgen md5 alpha-numeric-symbol14-space 6 16 0 2400 97505489 all```
i can understand
6 is the minimum characters
16 is the maximum.
0 - no idea
2400 - no idea
97505489 - no idea
all - no idea
and why dont people upload this stuff ?
DCs wrote: and why dont people upload this stuff ? … They do. Guess you just haven't gone looking for it yet. If I wanted to download rainbow tables containing md5 hashes, I'd probably go look at a search engine.
sorry for talking dumb before googling stuff. i want to generate and store it in dvds.. but i dont know what is the best command i have to use to generate them. i think i can generate them very fast as i have full access to abt 100 pc's of which 20% i can use non stop and 10 servers which i can use to generate them :D
BTW thanks everyone.. never got so much help in trying to hack in to something.. U guys are the best !
DCs wrote: sorry for talking dumb before googling stuff. i want to generate and store it in dvds.. but i dont know what is the best command i have to use to generate them. i think i can generate them very fast as i have full access to abt 100 pc's of which 20% i can use non stop and 10 servers which i can use to generate them :D
BTW thanks everyone.. never got so much help in trying to hack in to something.. U guys are the best !
First, Cain & Able is pretty slow and I would consider looking into different programs. Second, if you have a fast download rate without a bandwidth cap I would just start downloading certain charsets with your computers and then using those. This being that others who have maximized the potential of certain GPU's are going to be able to offer incredible rainbow tables to you. Although, if you wanted to maximize the potential of your computers, learn how to use a cluster to generate your rainbow tables. It might be a bit hard, but it would be the best in the end. Especially if you have Nvidia graphics card and you are able to maximize the power of those GPU's.
so it means by encrypting something they are adding a strong security feature right :D..
I was wondering if there is a way i could find a table in 4.1.7 ? i tried mysqlbf.exe and seems it cant do the trick :( i have been guessing a table in a second website and couldn't get it through.
Also is there a way i could find all directories in a website ?
just asking if life is easy :P
DCs wrote: so it means by encrypting something they are adding a strong security feature right :D..
Encrypting data obscures it. It's only a "strong security feature" if it's AES or higher, since everything below that has been pretty well demolished by now.
DCs wrote: I was wondering if there is a way i could find a table in 4.1.7 ? i tried mysqlbf.exe and seems it cant do the trick :( i have been guessing a table in a second website and couldn't get it through.
http://www.hellboundhackers.org/forum/xss_help-15-14237_0.html Scroll down some. Read.
DCs wrote: Also is there a way i could find all directories in a website ?
Skunkfoot wrote: Or you could try using a program like Intellitamper to just list all the files and directories on the site.
DCs wrote: just asking if life is easy :P No, it's not. It's educational, though.
I just recently picked up a DB fuzzer from darkc0de. It basically just scans the site and lists whatever DB info you tell it to. It's a really handy tool, but I don't really think you should rely on it, or any other programs for that matter.
You need to be patient and learn why the things that you're trying aren't working and learn other methods so that you can try those as well. Try thinking as if you're the guy who coded that page…try to predict how he coded it so that you can have a better understanding of it. Once you understand it, and understand how to exploit the vulnerability (whether it be SQL Injection or whatever), you should be fine. :)
You guys are loadz of help.. dont know what i would do without u :P
BTW without taking your advice i tried the fuzzer stuff and in my view how it works is like a brute force tool ? rather it has a world list ? correct me if im wrong. anyways the best tool i got was GUESSING :P till now
i found the tables and fields of the second website and was even able to crack it :D the only problem is i cant find the login page :( tried teh intelliTamper but it searched upto and http authentication page and got stuck there :O. also i tried it with my own websites and coudnt find the login page. What am i doing wrong with the thing ?
ATM i tried GUESSING.. SiteMap Tools and tring to find tools but .. no luck