Sie sind auf Seite 1von 5

sAiQ1fxZ ______ ___ `.

_____ |_ | | | | _ _| _____ |_ | | | | _|

2. .' ____ \ .'

3. | (___ \_|/ .-. \ 4. _.____`. | | | |

5. | \____) |\ `-' \_ _| |__/ | _| |_ 6. \______.' `.___.\__||________||_____| 7. --------------------------------------8. Defacement for Lazy People 9. --------------------------------------10. PREFACE aka Legal Shit 11. 12. So you want to deface a website but have no idea how to do it? Now I'm n ot telling you that you should deface websites that would be illegal. But to par aphrase OJ Simpson If you want to do it, this is how you would. First off your goi ng to need some basic under standing of what SQL (Standard Query Language) is. I ts a way for websites to store data in tables similar to a spread sheet. Obvious ly there is no actual visual table but still yet the data is stored in tables, a nd columns. Now since your a skiddy bastard (we are all guilty) your going to ne ed some programs. There are several on the market but for this guide I'm going t o show you how to use SQLMap. Go get it http://sqlmap.sourceforge.net/ There you go. Isn't that nice. Its command line so you better no how to use that other wi se you need to go learn some basic computer shit. I do not have time to explain how to use command line, or terminal as its called on linux or mac to you. (In t ruth I do have the time, just not the patience :P) 13. 14. GOOGLE DORKS aka Finding a Target 15. 16.

Okay now we need to find some retards to fuck up. Where going to use Goo gle dorks to do this. Google dorks as they are called is a way to get Google to give you potentially vulnerable sites. In this example we will use 'inurl: php?id= jews this will return websites that have the word 'jew' in it and php?id= in the url. Php?id= specifies that the site is probably using some sort of sql. There a re other dorks out there I'll drop a list of them at the bottom of this guide. S o hopefully you find a site thats a fitting target with a url some thing like ht tp://www.jews.com/php?id=1337. To test and see if this site is vulnerable all we need to do is add a ' at the end of the url. So http://www.jews.com/php?id=133 7' if you get an error its probably vulnerable. 17. 18. Using SQLMap aka Seeing What Your Not Supposed To 19. 20. There are three categories of data in a SQL database. They are, database s, tables, and columns. Databases contain tables, tables contain columns, column s contain information. First we need to determine what databases are on the site . To do this run this command, 21. 22. sqlmap -u http://www.jews.com/php?id=1337 dbs 23. 24. Lets say this returns these databases, information_schema and jews_sql. You can ignore information__schema at first, its the database that tells the oth er databases information about formating, organization, rules, ect. Theres proba bly nothing good in it, but as a last resort check it out. 25. 26. Now that you have the databases you need to figure out the tables in it. Run this command. 27. Sqlmap -u http://www.jews.com/php?id=1337 -D jews_sql 28. 29. It'll enumerate the tables now and give you a nice pretty list of them. Look for ones labeled admin, email, and users. If your trying to get login crede ntials. This isn't the only kind of information you can get, you may be able to see restricted pages, emails, and other fun stuff. Lets say you get these tables . tables

30. 31. Users 32. Pictures 33. Videos 34. News 35. 36. Now you need to get the columns in users so run this command. 37. 38. Sqlmap -u http://www.jews.com/php?id=1337 -D jews_sql -T users 39. 40. Give it some time to figure every thing out and it will dump the columns for you. It'll probably look some thing like this. 41. 42. Id int(5) 43. username varchar(30) 44. email varchar(30) 45. password varchar(25) 46. 47. I think you know which ones you want :> so run this command. 48. 49.

columns

Sqlmap -u http://www.jews.com/php?id=1337 -D jews_sql -T users -C username,passw ord dump 50. 51. So it'll dump the information you want. Odds are the password will be ha shed its probably md5 so you'll need to crack that just Google md5 cracker. Now you'll have the unencrypted password and a user name. Now you need to find the a dmin page login, unless your just fucking with regular users. You can use this t ool. http://sc0rpion.ir/af/ 52. 53. Now log in and fuck shit up. You may not be able to login with the creds you got this is probably because of Ip Range Filtering. Which is when the websi te restricts logins to certain ip addresses, for example ones in the same countr y, or even a single certain IP. You can spoof this, but thats a story for a diff erent time. 54. 55. OTHER SHIT aka Extra Credit 56. 57. ______ 58. .' ____ \ .'

___ `.

_____ |_ | | | | _ _|

_____ |_ | | | | _|

59. | (___ \_|/ .-. \ 60. _.____`. | | | |

61. | \____) |\ `-' \_ _| |__/ | _| |_ 62. \______.' `.___.\__||________||_____| 63. --------------------------------------64. Defacement for Lazy People 65. --------------------------------------66.

67. So now you have this information and have logged into the site and defac ed it, dumped there emails, or done what ever you intend to do. We aren't done y et. If you can get there emails you may want to cross refrence the passwords wit h there email accounts to see if they used the same password. Then from that you can leverage other accounts, like twitter, linkedin, and face book. Be creative . 68. 69. 5000 SQLi Dorks 70. http://pastebin.com/gaNx8dai 71. 72. Havij 73. http://www.itsecteam.com/en/projects/project1.htm A GUI sqli tool for Windows. 74. 75. COMMING SOON! 76. Pyloris Tutorial Version 2, featuring TorsHammer 77. XSS Tutorial, stealing cookies for fun and profit. 78. Basics of SE. 79. 80. This is just for educational and entertainment purposes. 81. Of course education and entertainment are very relativie things :> 82. 83. PS: I'm drunk so if this doesn't make much sense let me know.