SQL injection ke bare mai apko pahle bhi bataya gaya hai. Aap Theory ko ek bar jarur padh le. Lekin vaha apko practically nahi btaya gaya tha. Is Article mai hum apke sabhi question ke answer denge. Jaise What is SQL injection attack, How to do SQL injection attack.
What is SQl Injection attack ?
SQL injection Ke bare mai apko pahle bhi bataya gaya hai. Yaha bhi apko btaya ja raha hai. SQL injection ek vulnerbility hai jo websites mai milti hai.
Yeh ek common vulnerbility hai jo websites mai milti hai. Hackers kisi bhi tarah se website hacking ko karne se pahle sabse pahle SQL injection attack ki vulnerbility ko hi check kiya jata hai.
Yeh vulnerbility find karne ke bahut se tarike hote hai. SQL injection attack manually bhi kiya ja sakta hai. Sath hi tools ki help se bhi aisa kiya ja sakta hai.
Hum apko SQL injection attack karne ke dono methods ke bare mai bata rahe hai. Aap iske bare mai detail mai ek bar jarur padh le.
Yeh ek bahut hi common Vulnerbility hai jo aaj ke time mai jada dekhne ko nahi milti hai. Yeh facebook , amazon jaisi websites mai nahi milti hai. Lekin phir bhi yeh hacker par depend karta hai veh SQL injection attack ko perform kaise karte hai.
Note- This Post only for educational purpose. Don’t miss use your knowledge and skills
Also Read
How to Hack Facebook using Batch File ?
Tab napping attack for Facebook hack ?
How to do Homograph attack for hack facebook ?
Manually SQL Injection attack
Sabse pahle hum apko yeh attack manually karna bata rahe hai. Lekin aap yeh attack kisi tarah ki live website par kabhi bhi mat karen.
SQL Injection attack ko without permission aise hi kisi bhi website par karna illegal hai. Hum apko yeh attack puri tarah se live nahi dikha sakte hai.
Lekin apko ache se bata diya jayga kaise vulnerable websites ko find kiya jata hai or kaise is attack ko perform kiya jata hai. Kuch links apko images mai hide milege aisa security reasons ki vajah se hai.
Yeh attack ko perform karne ke liye sabse pahle hacker SQL Injection attack se Vulnerable websites ko find kiya jata hai. Yeh kaam SQL Dorks ki help se kiya ja sakta hai.
inurl:index.php?id=
inurl:article.php?id=
inurl:event.php?id=
inurl:buy.php?category=
Yeh upar btaye gaye urls ki help se SQL Injection ki vulnerable websites ko find kiya ja sakta hai inurl mai website url ko diya jata hai.
Jaise http://www.example.com/index.php?id=1′ last mai single colon lgane par agar apko targeted website mysql ki error show karti hai tab aap samjh lijiye veh website SQL Injection attack se Vulnerable hai.
Yeh sab website ke link ko hide security reasons ki vajah se kiya gaya hai. Kyoki yeh ek live website hai jisme SQL Injection ki vulnerbility hai.
Is tarah se Vulnerable websites ko find kiya jata hai. Yeh kaam hacker manually bhi kar sakte hai. Hum apko manually or Tools ki help se yeh attack perform karke bata rahe hai.
Manually hum apko live kisi website par to karke nahi bata sakte hai. Aap is baat ko samajh sakte hai live kisi website par aise attacks karna illegal hota hai.
Hum apko DVWA par is attack ko perform karke bata rahe hai. Aap bhi iska practical DVWA ya Bwapp mai hi kare.
Practical of SQL Injection Attack?
Sabse pahle apko DVWA mai se ik link ko nikalna hota hai. Yeh link apko sql injection ki Vulnerability ke option mai apko mil jayga.
Yaha apko Sql injection show hota hai apko yaha click karna hota hai. Yeh karne ke baad apke pass user id ka option ata hai. Aap vaha kuch bhi numbers dal kar yeh check kar sakte hai ki kitne users exist karte hai database mai kuch is tarah.
Blind sql injection mai apko user name nahi show hote hai. Yaha apko bas itna hi show hota hai user id exists in the database. Yaha aap 5 se jada agar number dalte hai tab apko kuch bhi show nahi hota hai.
Apko yaha par url mai link mil jayga local host ka local host mai DVWA ko kaise install kiya jata hai yeh apko pahle hi bata diya gaya hai.
Yeh link milne ke baad aap ise copy karle. Yeh sab karne ke baad apko ek tool ki jarurt hogi jise aap kali linux mai bhi use kar sakte hai. Window mai bhi use kar sakte hai. Kali linux mai apko sqlmap tool inbuilt hi mil jata hai. Sqlmap tool ki help se SQL Injection attack ko perform kiya ja sakta hai.
Aap chahe ise kali linux mai use karte hai ya windows mai commands same hi rehti hai. Hum apko windows mai use karna bata rahe hai. Lekin dhyan rahe yeh tool ka use karne se pahle aap window mai python ko install jarur karle.
Python ko install karne ke baad apko sqlmap tool ki jarurt hai. Yeh tool apko google par easily mil jata hai or aap yaha se bhi download kar sakte hai. Aap is tarah se tool ko run karke dekh sakte hai.
How to use SQL Map
Sqlmap ko install karne ke baad apko Cookie ki bhi jarurt hoti hai. Yeh cookie apko dvwa mai XSS(reflected) ke option mai script run karne par mil jati hai.
<script>alert(document.cookie);</script>
Yeh script run karne ke baad apko cookie kuch is tarah se mil jayegi. Aap is cookie ko bhi save karle age apko iska use bhi karna hoga.
Cookie or DVWA link milne ke baad apko Sqlmap tool mai yeh command ko run karna hoga. Yeh command run hone ke baad apko sabhi database show ho jayege.
Apse kuch question bhi puche jayege first time jab aap iska use karte hai apko padh kar yes or no mai answer dena hota hai. Agar aap yes bhi dete hai tab bhi apko database show ho jate hai. Lekin phir bhi aap padh kar hi inka answer de taki apko sikh paye.
Command
sqlmap.py -u “http://localhost/DVWA/vulnerabilities/sqli_blind/?id=1&Submit=Submit#” –cookie=”security=low; PHPSESSID=47mqs7n0od03pqa32eum9qv4r5″ –dbs
Yeh command run karne ke baad apko sabhi database ke names show ho jayege. Kuch is tarah.
Aap dekh sakte hai is tarah se apko database show ho jate hai. Hum yaha apko dvwa ke database mai se hi password nikalna bata rahe hai. Database ke name find karne ke baad tables ko find karna hota hai.
Tables ko find karne ke baad Columns ko find karna hota hai. Yeh kaam first time aap dvwa mai hi kare. Kisi live website par kabhi mat karen. Sabse pahle aap practice kare.
Columns mai apko user or password ke column mil jate hai. Yeh sab karne ke baad users or password ko dump kiya ja sakta hai. Kuch is tarah
Isi tarah password ko dump kiya jata hai.
Jab aap yeh command ko run kar lete hai apse kuch questions puche jate hai. Apko sabhi mai yes ans dena hai. Apko password mil jayege.
How to Bypass Admin panel ?
Admin panel ko bhi sql strings ki help se bypass kiya ja sakta hai. Lekin aisa tabhi hota hai jab SQL Injection attack ko perform karne ke liye vulnerable website apko milti hai.
Hum apko jis website ke admin panel ko bypass karke bata rahe hai, Yeh testing purpose ke liye hai. Aap bhi iska use kar sakte hai. Apko pahle bhi btaya gaya hai Database mai jab value true hoti hai tab Login access mil pata hai. Aap ek bar SQL Injection ke theory ke article ko jarur padh le.
Aap jab is website ko open karte hai apko kuch is tarah se show hoti hai. Yeh website mai admin panel ko sql strings ki help se bypass kiya ja sakta hai.
Apko online bank login par click karna hai apke samne login page open ho jata hai kuch is tarah.
Apko yeh string ko username mai fill karke or password aap koi bhi fill kar sakte hai. Yeh fill karne ke baad jab aap enter press karte hai. Aap dekh payege aap login ho gaye hai. Aisa kyo hota hai iske bare mai apko pahle bhi bata diya gaya hai.
Aap dekh sakte hai is tarah se kisi SQL Injection attack se vulnerable website ke admin panel ko bypass kiya ja sakta hai. Yeh sql Strings bahut tarah ke hote hai. Apko download link mil jayga.
The Conclusion
Main umeed karta hu ki apko SQL Injection attack ko kaise kiya jata hai iske bare mai pata chal gaya hoga. SQL Injection attack ki vulnerbility apko badi websites mai aaj ke time mai dekhne ko nahi milti hai.
Lekin phir bhi SQL Injection attack ki vulnerbility bahut websites mai apko mil jati hai. Lekin aap iska miss use kabhi mat karen. Kyoki aisa karna illegal ho sakta hai.
Agar aap apna practical karna chahte hai tab aap testing purpose ke liye bnaye gaye platform par hi inki practice ko kare. Agar apko Yeh attack karne mai kisi bhi tarah ki koi error ya problem ati hai. Aap comment kar sakte hai.
Aap ek bar Theory ko jarur padh le. Apni problems ko humse contact karke bhi share kar sakte hai. Humari taraf se apki puri help ki jayegi. Apko humare articles pasand a rahe hai tab inhe share jarur karen. Aap chahe to donate bhi kar sakte hai.
Thankyou
Leave a Reply