Sunday, August 23, 2009

Hacking PHP 4.4 sites in 20 seconds

Now here is  a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.
Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first -
Google Search Tips for Hacking
Google Secrets – Some Cool Google Dorks
Basics of SQL Injection
SQL injection by example
Simple Nmap Scanning

In the mean time,here is how you can start -
Step 1 – Search for them
Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.
Step 2 – Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -
http://www.website.com:2000
and you will be comfortably login into admin page like this -
You will login with port 2000 into website - rdhacker.blogspot.com
Step 3 – Hack them
Now in the fields,you have to type -
username – admin
password – a’ or 1=1 or ‘b
domain - a’ or 1=1 or ‘b
Inject the fields qith these values - rdhacker.blogspot.com
and press go,you will login into admin
and you have hacked into admin - rdhacker.blospot.com
voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.

This tutorial is not created by me.....added this tut so tht many of blog readers can learn new stuffs... :) 
THE COMPLETE CREDITS TO THIS TUTORIAL GOES TO 
http://rdhacker.blogspot.com/  :)
Posted by at
Labels:

2 comments:

  1. AnonymousSeptember 12, 2009 at 11:52 AM

    k bro i've added ...and thnks to visit ma blog ...

    ReplyDelete
  2. AnonymousSeptember 12, 2009 at 2:08 PM

    Thnk u X.E.R.O... :)

    ReplyDelete

Subscribe to: Post Comments (Atom)

DISCLAIMER

DISCLAIMER:None of the files shown here are actually hosted by the blogger. The links are taken from other sites. The administrator of this blog cannot be held responsible for what links were containing. You may not use this blog to distribute or download any material when you do not have the legal rights to do so. It is your own responsibility to adhere to these terms. This blog and files are here for display purposes only and SHOULD NOT BE DOWNLOADED OR VIEWED WHATSOEVER! If you are affiliated with any government, or ANTI-Piracy group or any other related group or were formally a worker of one you CANNOT enter this , or cannot access any of the files linked on it. If you enter this blog you are not agreeing to these terms and you are violating code 431.322.12 of the Internet Privacy Act signed by Bill Clinton in 1995 and that means that you cannot + threaten our ISP(s) or any person(s) or company storing these files, cannot prosecute any person(s) affiliated with this blog which includes family, friends or individuals who run or enter this blog.