Deremiblog: Hack website login using google dork and sql database

NB: This is for educational purposes only, this tutorial is intended to educate student and internautes in general that websites are not secured by default, so they know how to.

1. Code to type in google :

You can type many dorks, but here we are going just to use a specific one.

First, this is for educational purpose, when accessing to the website dashboard, do not delete things, do not remove or add anything.

We're going to look for vulnerable websites logins and passwords, and specifically those admin passwords, in other meaning :

Password : admin

Pratically all passwords on the web are crypted so the password that we'll look for will not be saved as "admin" but in an encrypted mode like MD5, SHA1 SHA-256..., here we're going to look for passwords encrypted in MD5,

"admin" encrypted in MD5 gives this : 21232f297a57a5a743894a0e4a801fc3
you can encrypt anything on this website : link md5 generator

Type this code in google :
ext:sql intext:21232f297a57a5a743894a0e4a801fc3

2. Let's go to that page :

Link to the page

type Ctrl+F to look for "21232f297a57a5a743894a0e4a801fc3", and we got it.
as we looked for this 21232f297a57a5a743894a0e4a801fc3, this is the password and it is "admin"
Now we got :
username = midfar@qq.com
password = admin

If you didn't find that username and password, then probably the webmaster (the website manager) has changed some security parameters and changed the password, so you can try another website here :

Hack another website login tutorial

If that username and password worked then continue the tutorial :
username = midfar@qq.com
password = admin

3. Database :

Now look at the name of the database

4. Looking for the URL (Address) to login :
You see here the url : link to the page

Let's try something where the word cturk is there, let's try http://camdial.org/~ping/cturk-task4/
We got it.