Subscribe & Don,t Miss A Free Hacking Course| Receive Daily Updates
How to hack websites using Auto SQL I Helper V.2.7 + with images
"SQL I Helper V.2.7" tool.
At the beggining "SQLIHelperV.2.7" is a tool that will hack vulnarable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.
You can download it from here:
Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.
After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"
how to hack this website.
Check if your website can be hacked by trying to go this address :
<------ notice the ' before the number 1.
When open site u will get this msg
This mean that this website can be hacked because you get an error.
Now open your SQL I Helper V.2.7
and write the link :
<---- without the '
here
and press the inject button.
Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.
So now you should have this:
then select "Get database" and you get this:
Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":
then select any element from the "table name" box and press the "Get columns" button , I will select "user":
then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"
After clicking "Dump Now" , you should see this new window
Now copy the hash on a peace of paper and go to this website:
http://www.md5crack.com/
enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
hash:21232f297a57a5a743894a0e4a801fc3
username: admin
hash:202cb962ac59075b964b07152d234b70
pass: 123
At the beggining "SQLIHelperV.2.7" is a tool that will hack vulnarable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.
You can download it from here:
Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.
After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"
how to hack this website.
Check if your website can be hacked by trying to go this address :
<------ notice the ' before the number 1.
When open site u will get this msg
HTML Code:
Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
Now open your SQL I Helper V.2.7
and write the link :
<---- without the '
here
and press the inject button.
Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.
So now you should have this:
then select "Get database" and you get this:
Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":
then select any element from the "table name" box and press the "Get columns" button , I will select "user":
then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"
After clicking "Dump Now" , you should see this new window
Now copy the hash on a peace of paper and go to this website:
http://www.md5crack.com/
enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
hash:21232f297a57a5a743894a0e4a801fc3
username: admin
hash:202cb962ac59075b964b07152d234b70
pass: 123
Some times hash's have salt to protect against sql injection and other tricks
But of course it can still be cracked but it may take lot of time
I use a tool called Passwords pro witch i think it's the best
It can crack almost any hash
You download the software Here
PasswordsPro v2.5
InsidePro PasswordsPro v2.5.1.1 | 2.67 MB
This program is designated to recover passwords for different types of hashes. The program currently supports about 30 types of hashes, and new ones can easily be added through writing own external hashing DLL-module. Actual list of modules available can be found on the forum of the program. Maximal number of hashes to work with at the same time is 64.
Types of hashes supported by:
• MySQL
• MySQL5
• DES (Unix)
• MD4
• MD4 (HMAC)
• MD4 (Base64)
• MD5
• MD5 (APR)
• MD5 (Unix)
• MD5 (HMAC)
• MD5 (Base64)
• MD5 (phpBB3)
• MD5 (Wordpress)
• MD5_HMAC ($ salt, MD5_HMAC ($ salt, $ pass))
• SHA-1
• SHA-1 (HMAC)
• SHA-1 (Base64)
• SHA-256
• SHA-384
• SHA-512
• SHA-256 (PasswordSafe)
• Haval-128
• Haval-160
• Haval-192
• Haval-224
• Haval-256
• Tiger-128
• Tiger-160
• Tiger-192
• Whirlpool
• RAdmin v2.x
• Domain Cached Credentials
• md5 ($ pass. $ Salt)
• md5 ($ salt. $ Pass)
• md5 (md5 ($ pass))
• md5 (md5 (md5 ($ pass)))
• md5 (md5 ($ pass). $ Salt)
• md5 (md5 ($ salt). $ Pass)
• md5 ($ salt.md5 ($ pass))
• md5 ($ salt. $ Pass. $ Salt)
• md5 (md5 ($ salt). Md5 ($ pass))
• md5 (md5 ($ pass). Md5 ($ salt))
• md5 ($ salt.md5 ($ salt. $ Pass))
• md5 ($ salt.md5 ($ pass. $ Salt))
• md5 ($ salt.md5 ($ pass). $ Salt)
• md5 (sha1 (md5 (sha1 ($ pass))))
• md5 ($ hex_salt. $ Pass. $ Hex_salt)
• md5 ($ username.md5 ($ pass). $ Salt)
• md5 (md5 ($ username. $ Pass). $ Salt)
• sha1 ($ salt. $ Pass)
• sha1 ($ username. $ Pass)
• sha1 ($ username. $ Pass. $ Salt)
• sha1 ($ salt.sha1 ($ salt.sha1 ($ pass)))
Type hashes, modules which are written by third-party developers and are available in the distribution of:
• MD2
• MS SQL
• Oracle DES
• Oracle SHA-1
• RipeMD-128
• RipeMD-160
• RipeMD-256
• etc.
Features:
- Recovery of passwords as follows:
• Pre-attack;
• Attack of the full bust (bust including distributed attack);
• The attack on the mask;
• A simple dictionary attack;
• The combined attack on dictionaries;
• Hybrid dictionary attack;
• The attack on the pre-calculated Rainbow-tables;
- Recovery of passwords of length up to 127 characters;
- Recovery of passwords for incomplete hashes of all kinds;
- Editing the hashes of users;
- Find the right information in the list of users with hashes;
- Quick add hash through a dialog box;
- Quick add hashes from the clipboard;
- Quick check of the current password for all users from the list;
- Using tables replace characters in a hybrid dictionary attack;
- Unlimited number of dictionaries used for dictionary attack;
- Unlimited number of tables used in the attack on the Rainbow-tables;
- Unlimited number of users with hashes loaded (in the licensed version);
Homepage - www.insidepro.com
Download: http://www.multiupload.com/P1O585O66M
Password:y-socks.net
Tip: Did you know that vbulletin use's Salt's too
This post was written by:
Adnan Anjum - who has written 1000+ posts on hackguide4u.
Adnan Anjum is a professional Geek. Follow him on Twitter or email him
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "How to hack websites using Auto SQL I Helper V.2.7 + with images"
Post a Comment