Author: Firefox Source: Firefox Speaking Technology Alliance streamer, Su snow, random knife, can be said to be famous no wonder known to everybody, these are small Yung brother works. Every time I mention the little girl, my worship is like a river, which is endless ~~~~ (coming again!) Let us admire the little girl's latest SQL injection tool, this looks like it. SQL injection into the black friend of the invasion website is blessed. Xiao Gong's tool is strong! I use it to get our local information port, from looking for injection vulnerabilities to injection attack, through accuracy, only 3 points are 40 seconds, huh, huh, the king style, is strong! Do not believe? Look at my invasion process. First, download the toolkit of the Kukago, this SQL injection attack kit is in the site http://www.netxeyes.com/main.html can be downloaded, but this tool is too hot, download people Too much, if you feel slow, you can search for some other black soft sites and absolutely can be found. There are always two small programs in this toolkit: "Wed.exe" and "Wis.exe", where "wis.exe" is used to scan for SQL injection vulnerabilities in a site; "WED. "is used to crack SQL injection username password. The use of the two tools is very simple. Combining, you can complete the entire process from looking for injection points to injection attacks. Second, find the format used by SQL injection point "Wis.exe" as follows: "Wis.exe URL", here is the author to detect local information port as an example: first open the command prompt window, enter the following command: "Wis.exe http: / / www.as. ***. cn / "(Figure 1). Tip: When entering the URL, the front "http: //"; and the last "/" are essential, otherwise it will be prompted to be scanned. Enter after entering it, you can start scanning. Soon scan results, you can see that there are many SQL injection vulnerabilities in this website (as shown in Figure 2), we will pick one of them to do test, pick "/RJZ/Sort.asp?classid=1". Open the browser, enter "http://www.as.**.cn/rjz/sort.asp? Classid = 1" in the address bar, open the website page, huh, it is a download page (as shown) 3). Now come to SQL injection, crack the administrator's account! Third, SQL Injection The Crack Administrator account is now entering the command window, using the "WED.EXE" program in the toolkit just downloaded, the command usage is: "WED.EXE URL" input: "Wed.exe http: //www.as.***.cn/rjz/sort.asp?classid=1 ". You can see the command operation (Figure 4) after entering the bus. Tip: When the URL is entered this time, don't add the "/", but the front "http: //"; head is still indispensable.
You can see that the program automatically opens several files in the toolkit, "c: /wed/wed/tablename.dic", "c: /wed/wed/Userfield.dic" and "C: / WED / WED / Passfield .dic, these files are dictionary files required to crack the list names, user names, and user passwords in the user database. Of course, we can also use other tools to generate dictionary files, but think about the "hacking dictionary" before the young brother, is so powerful, still use it? The string of "SQL Injection Detected." Can also be seen during the crack, indicating that the program will also detect the website that needs to be injected into the crack, see if there is SQL injection vulnerability, and then guess the username after success. Start waiting! Oh, soon I get the database table name "admin", then get the user's table name and the word length, "username" and "6"; then detect the password table name and the word length, "Password" and "8" (eg Figure 5). It seems that the user's password is still very long. If it is hand-breaking this user password, it must spend a lot of time! When you think about manual injection, you have more difficulties, the "WED.EXE" program has begun to crack the username and password. Soon, I got the username and password - "admina", "PBK & 7 * 8R" (Figure 6)! God, this is too easy! Less than one minute, four, search hidden management login page returned to the software download page just now, click on a software download link, oh? How can I download it casually! Unlike the previous toll sites, you can enter the username and password to download. It seems that this is a free download website, I guess the wrong attack object, but since it is coming, let's see if there is anything available? Get the administrator's account, now we seem to have only to find the entrance to the administrator login management. I haven't seen any administrator's entrance link on the webpage. It seems to have a buddy! Take the "Wis.exe" program again, this program can find hidden administrator login pages in addition to all SQL injection points existing in the website. Enter "wis.exe http:///www.as.**.cn/rjz/sort.asp? Classid = 1 / / A" (Figure 7). Note that a hidden parameter "/ a" is entered. How can I scan unsuccessful? Oh, it turns out that this is a scanning injection point. Of course, it cannot be successful. The administrator login page may only hide a path to the entire website. Then enter "Wis.exe http://www.as.***.cn/ / A", scanning the entire website. Pay attention to the format of the URL in the scan statement. The program starts scanning the login page in the website. During the scanning process, the hidden login page found will be displayed on the screen. Find out soon, in the last list in the command window. You can see that there are multiple login page updates starting with "/ rjz /", including "/RJZ/gL/Manage.asp"" "" ",", ",", ",", ",", " .asp ", etc.. Let's pick "/RJZ/gL/Admin1.asp", anyway, these are what the administrator logs in is what you want to use.
