NB: This is for educational purposes only, this tutorial is intended to educate student and internautes in general that websites are not secured by default, so they know how to.
1. Code to type in google :
You can type many dorks, but here we are going just to use a specific one.
First, this is for educational purpose, when accessing to the website dashboard, do not delete things, do not remove or add anything.
We're going to look for vulnerable websites logins and passwords, and specifically those admin passwords, in other meaning :
Password : admin
Pratically all passwords on the web are crypted so the password that we'll look for will not be saved as "admin" but in an encrypted mode like MD5, SHA1 SHA-256..., here we're going to look for passwords encrypted in MD5,
"admin" encrypted in MD5 gives this : 21232f297a57a5a743894a0e4a801fc3
you can encrypt anything on this website : link md5 generator
Type this code in google :
ext:sql intext:21232f297a57a5a743894a0e4a801fc3
2. Let's go to that page :
Link to the page
type Ctrl+F to look for "21232f297a57a5a743894a0e4a801fc3", and we got it.
as we looked for this 21232f297a57a5a743894a0e4a801fc3, this is the password and it is "admin"
Now we got :
username = midfar@qq.com
password = admin
If you didn't find that username and password, then probably the
webmaster (the website manager) has changed some security parameters and
changed the password, so you can try another website here :
Hack another website login tutorial
If that username and password worked then continue the tutorial :
username = midfar@qq.com
password = admin
3. Database :Hack another website login tutorial
If that username and password worked then continue the tutorial :
username = midfar@qq.com
password = admin
Now look at the name of the database
4. Looking for the URL (Address) to login :
You see here the url : link to the page
Let's try something where the word cturk is there, let's try http://camdial.org/~ping/cturk-task4/
We got it.
Let's click and try this directory :
This is it, we got it.
Now we try to log in with the data we found :
username = midfar@qq.com
password = admin
Done !!
No comments:
Post a Comment