ElaKiri Community
Downloads
(#1)
Old
sajard's Avatar
sajard sajard is offline
Senior Member
sajard is an unknown quantity at this point
 
Posts: 480
Join Date: May 2007
Location: anywere
SQLi Helper 2.7 - 08-17-2009, 03:02 PM

At the beggining "SQLIHelperV.2.7" is a tool that will hack vulnarable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.
You can download it from here:

download:
File Info

Report generated: 31.7.2009 at 20.52.02 (GMT 1)
Filename: SQLHelper_ct.net.rar
File size: 961 KB
MD5 Hash: 02d4aa5cb36d00620b2a78587ca0af07
SHA1 Hash: 1C06B456A66C7431BD3AE5484550BD8C410D6B50
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 3 on 22

Detections

a-squared - Hacktool.VB!IK
Avira AntiVir - -
Avast - Hacktool:VB-MGT [INJ]
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
Ikarus T3 - Hacktool.C
Kaspersky - -
McAfee - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -

Scan report generated by

Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.
After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"

I will explain my tut on how to hack this website.

Check if your website can be hacked by trying to go this address:
<------ notice the ' before the number 1.

you should get this message:

Quote:
Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
This mean that this website can be hacked because you get an error.

Now open your SQL I Helper V.2.7
and write the link :

<---- without the '
here


and press the inject button.

Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.
So now you should have this:


then select "Get database" and you get this:

Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":


then select any element from the "table name" box and press the "Get columns" button , I will select "user":


then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"


After clicking "Dump Now" , you should see this new window


Now copy the hash on a peace of paper and go to this website:
enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
hash:21232f297a57a5a743894a0e4a801fc3
username: admin

hash:202cb962ac59075b964b07152d234b70
pass: 123

Tooks me some time discovering the tool and preparing this tutorial and.
I am sorry for the small pics but my i have a very limited connection and cannot upload big pics
I am interested to know your comments and [size=large]+rep[/size] me if you like it and think it is useful.


Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Copyright © 2006 - 2011 ElaKiri™ Beta2.Evo vBulletin, vBa iBproArcade Subdreamer I-Magic MKv
Optimisation plugin by DBtech

Page generated in 0.06191 seconds with 8 queries