Skip to main content

Hack Websites steps

By RoCk StAr DeViL

Hacking website using Havij enjoy!!!!!

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.One of the popular tools is Havij, Havij isan advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very

effective.Warning – This article is only for education purposes, By reading this article you agree that Hacky Shacky is not responsible in any way for any kind of damage caused by the information provided in this article.Supported

Databases With Havij

*.MsSQL 2000/2005 with error.

*.MsSQL 2000/2005 no error union based*.MySQL union based

*.MySQL Blind

*.MySQL error based*.MySQL time based

*.Oracle union based*.MsAccess union based*.Sybase (ASE)DemonstrationNow i will Show you step by step the process of SQL injection.

Step1:FindSQLinjectionVulnerabilityintour site and insert the string of it in Havij.

Step2: Now click on the Analyse button.

Now if the your Server is Vulnerable the information about the target will appear and the columns will appear.

Step4:Now click on the Tables button and then click Get Tables button.

Step5:Now select the Tables with sensitive information and clickGet Columnsbutton.After that select the Username and Password Column to get the Username and Password and click on theGet Tablebutton.

Countermeasures:

Here are some of the countermeasures you can take to reduce the risk of SQL Injection1.Renaming the admin page will make it difficult for a hacker to locate it2.Use a Intrusion detection system and compose the signatures for popular SQL injection strings3.

One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.
  Enjoys !! And comment ur problem!!
If u want any hack plz hack plz comment we will add !!

Comments

Post a Comment

plz add ur comment here

Popular posts from this blog

Wordpress hacking - How to install / run wpscan on windows xp / windows 7 / windows 10

By RoCk StAr DeViL
HOW TO RUN WPSCAN ON WINDOWS Byrockstardevil Requirements: rubyinstaller Development Kit for rubyinstaller curl DLL for windows : libcurl.dll 1 - install rubyinstaller you must have Ruby 2.2.3 version . download links here : http://rubyinstaller.org/downloads/ for more info : https://github.com/oneclick/rubyinstaller/wiki 2 - install Development Kit for rubyinstaller download link : http://rubyinstaller.org/downloads/ how to install : https://github.com/oneclick/rubyinstaller/wiki/Development-Kit if you face that problem  "unknown encoding name -  (ArgumentError)" just type "chcp 1252" in cmd and hit enter 3 - install libcurl.dll A - Download libcurl.dll from : http://www.confusedbycode.com/curl/ B - copy libcurl.dll copy  libcurl.dll into ruby bin folder or wpscan folder and make sure to add it to your PATH. I also added .DLL to PATHEXT ex : C:\Ruby21-x64\bin\ you can visit : http://www.computerhope.com/issues/ch000549.htm to know to set the p
2 comments
Read more

How To Generate Random IP Address Using JAVA ?

By
Today I'll Show You How To Generate Random IP Address... But First Why I Want This...Right...? Ans : If You Want Test Your Code That Whether It Is Recognizing The Machine By It’s IP Address Then You Had To Use This Code To Generate Random IP Address. So Here We Goooo.... private String generateIPAddress ( int p1 , int p2 , int p3 ) { StringBuilder sb = null ; Random r1 = new Random (); Random r2 = new Random (); Random r3 = new Random (); Random r4 = new Random (); String ip1 = Integer . toString ( b1 ); String ip2 = Integer . toString ( b2 ); String ip3 = Integer . toString ( b3 ); String ip4 = Integer . toString ( b4 ); String b1 = IpConverter . longToIp ( r1 . nextLong ()); String b2 = IpConverter . longToIp ( r2 . nextLong ()); String b3 = IpConverter . longToIp ( r3 . nextLong ()); String b4 = IpConverter . longToIp ( r4 . nextLong ()); //Now the I
3 comments
Read more

3 Ways to Root Android 7.0 Nougat on Nexus Running Official AOSP [Update: Root Android 7.1]

By RoCk StAr DeViL
3 Ways to Root Android 7.0 Nougat on Nexus Running Official AOSP [Update: Root Android 7.1] If you own a Nexus phone then chances are you have already updated your device with the latest official Android 7.0 Nougat firmware. This brings the newer firmware build number NRD90M to the Nexus range including the Nexus 5X, 6P, 9, 6, Nexus Player, and the Pixel C. Unfortunately, Nexus 5 and 7 were left behind. This has been a game-changing week for the Android community as you can now expect the new software for your Android device soon enough. It may either come officially from a manufacturer or unofficially from developers like CyanogenMod. Just like we saw the unofficial support for the  Nexus 5 and the Nexus 7  today. As the new AOSP source code is now available to developers, soon you may find Cyanogen 14 based custom ROMS releasing for several devices. Hence, to be ready, you may need to be rooted and also setup a custom recovery like TWRP on your device. So that once the CM 14 bas
2 comments
Read more