sqli defacement

1. PREFACE aka Legal Shit
2.  
3. So you want to deface a website but have no idea how to do it? Now I'm not telling you that you should deface websites that would be illegal. But to paraphrase OJ Simpson “If you want to do it, this is how you would.” First off your going to need some basic under standing of what SQL (Standard Query Language) is. Its a way for websites to store data in tables similar to a spread sheet. Obviously there is no actual visual table but still yet the data is stored in tables, and columns. Now since your a skiddy bastard (we are all guilty) your going to need some programs. There are several on the market but for this guide I'm going to show you how to use SQLMap. Go get it http://sqlmap.sourceforge.net/ There you go. Isn't that nice. Its command line so you better no how to use that other wise you need to go learn some basic computer shit. I do not have time to explain how to use command line, or terminal as its called on linux or mac to you. (In truth I do have the time, just not the patience :P)
4.  
5. GOOGLE DORKS aka Finding a Target
6.  
7. Okay now we need to find some retards to fuck up. Where going to use Google dorks to do this. Google dorks as they are called is a way to get Google to give you potentially vulnerable sites. In this example we will use 'inurl:”php?id=” jews” this will return websites that have the word 'jew' in it and php?id= in the url. Php?id= specifies that the site is probably using some sort of sql. There are other dorks out there I'll drop a list of them at the bottom of this guide. So hopefully you find a site thats a fitting target with a url some thing like http://www.jews.com/php?id=1337. To test and see if this site is vulnerable all we need to do is add a ' at the end of the url. So http://www.jews.com/php?id=1337' if you get an error its probably vulnerable.
8.  
9. Using SQLMap aka Seeing What Your Not Supposed To
10.  
11. There are three categories of data in a SQL database. They are, databases, tables, and columns. Databases contain tables, tables contain columns, columns contain information. First we need to determine what databases are on the site. To do this run this command,
12.  
13. sqlmap -u http://www.jews.com/php?id=1337 –dbs
14.  
15. Lets say this returns these databases, information_schema and jews_sql. You can ignore information__schema at first, its the database that tells the other databases information about formating, organization, rules, ect. Theres probably nothing good in it, but as a last resort check it out.
16.  
17. Now that you have the databases you need to figure out the tables in it. Run this command.
18. Sqlmap -u http://www.jews.com/php?id=1337 -D jews_sql –tables
19.  
20. It'll enumerate the tables now and give you a nice pretty list of them. Look for ones labeled admin, email, and users. If your trying to get login credentials. This isn't the only kind of information you can get, you may be able to see restricted pages, emails, and other fun stuff. Lets say you get these tables.
21.  
22. Users
23. Pictures
24. Videos
25. News
26.  
27. Now you need to get the columns in users so run this command.
28.  
29. Sqlmap -u http://www.jews.com/php?id=1337 -D jews_sql -T users –columns
30.  
31. Give it some time to figure every thing out and it will dump the columns for you. It'll probably look some thing like this.
32.  
33. Id int(5)
34. username varchar(30)
35. email varchar(30)
36. password varchar(25)
37.  
38. I think you know which ones you want :> so run this command.
39.  
40. Sqlmap -u http://www.jews.com/php?id=1337 -D jews_sql -T users -C username,password –dump
41.  
42. So it'll dump the information you want. Odds are the password will be hashed its probably md5 so you'll need to crack that just Google md5 cracker. Now you'll have the unencrypted password and a user name. Now you need to find the admin page login, unless your just fucking with regular users. You can use this tool. http://sc0rpion.ir/af/
43.  
44. Now log in and fuck shit up. You may not be able to login with the creds you got this is probably because of Ip Range Filtering. Which is when the website restricts logins to certain ip addresses, for example ones in the same country, or even a single certain IP. You can spoof this, but thats a story for a different time.
45.  
46. OTHER SHIT aka Extra Credit
47.  
48. ______ ___ _____ _____
49. .' ____ \ .' `. |_ _| |_ _|
50. | (___ \_|/ .-. \ | | | |
51. _.____`. | | | | | | _ | |
52. | \____) |\ `-' \_ _| |__/ | _| |_
53. \______.' `.___.\__||________||_____|
54. ---------------------------------------
55. Defacement for Lazy People
56. ---------------------------------------
57.  
58. So now you have this information and have logged into the site and defaced it, dumped there emails, or done what ever you intend to do. We aren't done yet. If you can get there emails you may want to cross refrence the passwords with there email accounts to see if they used the same password. Then from that you can leverage other accounts, like twitter, linkedin, and face book. Be creative.
59.  
60. 5000 SQLi Dorks
61. http://pastebin.com/gaNx8dai
62.  
63. Havij
64. http://www.itsecteam.com/en/projects/project1.htm A GUI sqli tool for Windows.
65.  
66. COMMING SOON!
67. Pyloris Tutorial Version 2, featuring TorsHammer
68. XSS Tutorial, stealing cookies for fun and profit.
69. Basics of SE.
70.  
71. This is just for educational and entertainment purposes.
72. Of course education and entertainment are very relativie things :>