How to hack a website using SQL Injection.?

How to hack a website using SQL Injection.?


Want to hack a website but dont know the steps..??
Dont worry, today we are posting this SQL injection tutorial to let you know how to hack a website.
Picture
WHAT YOU WILL NEED
1. Havij SQL injection Tool, download it from here
(Run as Administrator) 

2.A site which is SQL vulnerable.


HOW TO CHECK THAT A WEBSITE IS SQL VULNERABLE OR NOT
For example if the website url is this:
www.victimsite.com/index.php
Then Attach ( ' )
like this http://www.victimsite.com/index.php'

And If You get this Error then it is vulnerable.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

It means that site is vulnerable to sql injection.

HOW TO EXPLOIT VULNERABLE WEBSITE


1. Open Havij and paste site url in target field and hit enter.

2. Now wait for Havij to get all the databases of the website.

3. Now click on available databse of site and click on Get Tables.

4. By clicking Get Tables Havij will look after the tables available in the database.

5. Now after the scanning Havij will get all tables, now you have to check it there table available named as admin, users and something similar to these words and select it and click on Get Columns.

6. Now after clicking Get Columns havij will get all the columns available in users table.

7. Different columns like id, login, pass an many more.

8. Now select the columns and click on Get Data.

9. Now havij will look after the data available in columns login and password i.e admin username and passowrd like i get 
username  admin
password-2184522f297a57a523dbr43894a0e4a801fc3 (in encrypted form)

10. Now after i get username and password there is a problem that passowrd i s encrypted in mdm language , so we have to crack it .

11. To crack encrypted password just copy password click on MD5 tab in havij and paste the encrypted password in MD5 hash field and hit start.
Now havij will try to crack the password.

12. Now i get Password cracked as admin.

13. Now we will check for admin panel where we gonna login with username and passoword.

14. To find admin panel click Find Admin tab in Havij and click start. 
Now havij  will check the admin panel of website.

LIKE
http://www.victimsite.com/admin/ as admin panel, now open it in a web browser and login with username and password and now you are in admin panel.



**NOTE :Consider this post educational, or a proof of concept intellectual exercise. The more you know, the better you can protect yourself**
1. Website hacking is illegal
2. Use proxy, tor, vpn for your security.
3. This is for only educational purpose.

ENJOY.