how to hack websites using Auto SQL I Helper V.2.7
First you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply un-hackable.
So start by downloading the EXPLOIT SCANNER to find the vulnerable websites. And at the end once you find the admin username and the password use Admin finder to help you finding the admin login page but remember that you can't find all login pages. After you find your website ( better to end with "article.php?id=[number]" ) For this tutorial, i am going to use a Legitimate site. [Note: Please note that i haven't hacked the site. i have just used it for the purpose of the tutorial] After a while of Googling, i found this site http://encycl.anthropology.ru (which i am going to use in this Tutorial)
Notice: http://encycl.anthropology.ru/article.php?id='
After you click on the link above you should have somewhat an error like
Query failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
This mean that this website can be hacked because you get an error. Now open your SQL I Helper V.2.7 and write the link : http://encycl.anthropology.ru/article.php?id=1 <---- without the ' here and it should look like the one in the image below:
and press the Inject button. Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website. So now you should have this:
Make sure that the website support union otherwise the injection won't work. Then select "Get database" and you get this:
Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":
Then select any element from the "table name" box and press the "Get columns" button , I will select "user": Then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"
After clicking "Dump Now" , you should see this new window
Now copy the hash on a peace of paper and go to this website: http://www.md5crack.com/ enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash. hash:21232f297a57a5a743894a0e4a801fc3 username: admin hash:202cb962ac59075b964b07152d234b70 pass: 123 [[ NOTE: AS USUAL DONT FORGET, THIS INFORMATION IS ONLY FOR E PURPOSES. ANY MISUSE OF THE INFORMATION FROM THIS BLOG OR THE TUTORIALS PROVIDED HERE, THE ADMINS AND MEMBERS OF TEAM IHA SHALL AND WILL NOT BE HELD RESPONSIBLE. YOU ARE RESPONSIBLE FOR THE MISUSE OF THE INFORMATION PROVIDED HERE ]]















