Cách Hack Pass Admin Website

We hear the same terms bandied about whenever a popular site gets hacked. You know... SQL Injection, cross site scripting, that kind of thing. But what bởi these things mean? Is hacking really as inaccessible as many of us imagine -- a nefarious, impossibly technical twilight world forever beyond our ken?

Not really.

Bạn đang xem: Cách hack pass admin website

When you consider that you can go lớn Google right now và enter a search string which will return you thousands of usernames và passwords khổng lồ websites, you realize that this dark science is really no mystery at all. You"ll react similarly when you see just how simple a concept SQL Injection is, và how it can be automated with simple tools. Read on, khổng lồ learn the basics of how sites and web content management systems are most often hacked, và what you can do to lớn reduce the risk of it happening khổng lồ you.


Squốc lộ Injection

Squốc lộ Injection involves entering SQL code inlớn website forms, eg. login fields, or into lớn the browser address field, lớn access và manipulate the database behind the site, system or application.

When you enter text in the Username & Password fields of a login screen, the data you input is typically inserted inlớn an SQL comm&. This comm& checks the data you"ve sầu entered against the relevant table in the database. If your đầu vào matches table/row data, you"re granted access (in the case of a login screen). If not, you"re knocked baông xã out.

The Simple SQL Injection Hack

In its simplest size, this is how the Squốc lộ Injection works. It"s impossible khổng lồ explain this without reverting lớn code for just a moment. Don"t worry, it will all be over soon.

Suppose we enter the following string in a Username field:" OR 1=1

*

The authorization SQL query that is run by the VPS, the comm& which must be satisfied to allow access, will be something along the lines of:

SELECT * FROM users WHERE username = ?USRTEXT " AND password = ?PASSTEXT?

...where USRTEXTPASSTEXT are what the user enters in the login fields of the website form.

So entering `OR 1=1 -- as your username, could result in the following actually being run:

SELECT * FROM users WHERE username = ?" OR 1=1 -- "AND password = "?

Two things you need to know about this:<"> closes the text field.

"

*
" is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:

SELECT * FROM users WHERE username = "" OR 1=1

1 is always equal to lớn 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door lớn wrechồng havoc.

Let"s hope you got the gist of that, và move sầu briskly on.

Brilliant! I"m gonna go hack me a Bank! Slow down, cowboy. This half-cooked method won"t beat the systems they have sầu in place up at Citingân hàng, evidently.

*

But the process does serve lớn illustrate just what Squốc lộ Injection is all about -- injecting code lớn manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old " OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the website for login strings which can gain access to weak systems. Here are a couple more comtháng strings which are used to lớn dupe Squốc lộ validation routines:

username field examples:

admin"-- ") or ("a"="a") or ("a"="ahi" or "a"="a

... và so on.

Backdoor Injection- Modules, Forums, Search etc.Hacking website forms is by no means limited exclusively to login screens. A humble search size, for instance, is necessarily tied to lớn a database, & can potentially be used to amover database details. Using Squốc lộ commands in search forms can potentially vì chưng some extremely powerful things, like calling up usernames & passwords, searching the database field phối & field names, & amending same. Do people really get hacked through their search forms? You better believe it. And through forums, và anywhere else a user can input text into lớn a field which interacts with the database. If security is low enough, the hacker can probe the database to lớn get names of fields, then use commands like INSERT INTO, UNION, và so forth khổng lồ get user information, change product prices, change account settings/balances, and just about anything else... depending on the security measures in place, database architecture và so on.

So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd tiệc nhỏ modules for Web CMS products which incorporate forms, and for CMS products these 3rd buổi tiệc ngọt modules are often the weakest link which allows hackers access to your database.

Automated InjectionThere are tools lớn automate the process of Squốc lộ Injection into login và other fields. One hacker process, using a specific tool, will be khổng lồ seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (lượt thích those listed above, culled from innumerable Injection cheat-sheets on the Web), add a danh sách of proxies lớn cover his movements, and go play XBox while the program automates the whole injection process.

Remote InjectionThis involves uploading malicious files to inject SQL and exploit other vulnerabilities. It"s a topic which was deemed beyond the scope of this report, but you can view this PDF if you"d lượt thích khổng lồ learn more.

Squốc lộ Injection in the Browser Address BarInjections can also be performed via the browser address bar. I don"t mean to have a pop at Microsoft, but when it comes to lớn such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to lớn be vulnerable:

http://somesite.com/index.asp?id=10

Try adding an SQL command to the over of a URL string like this, just for kicks:http://somesite.com/index.asp?id=10 AND id=11

See if both articles come up. Don"t shoot your webmaster just yet if it"s your own site & you get two articles popping up: this is real low-level access khổng lồ the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the kết thúc of URLs from your own site, to lớn see what happens.

As we saw above sầu, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages -- this is called database footprinting -- và then this knowledge of table names and so forth can be used lớn gain access to lớn additional data. Revealing error messages are manmãng cầu - they can carry invaluable table name và structural details.

Xem thêm: Tổng Đài Vinaphone Nghệ An, Tổng Đài Chăm Sóc Khách Hàng Vnpt Nghệ An

The following illustrative sầu string is from Imperva.

http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS

There are vast swathes of information on SQL Injection available, here are a couple of good sources:

Cross Site Scripting (XSS)

XSS or Cross Site Scripting is the other major vulnerability which dominates the website hacking landscape, và is an exceptionally tricky customer which seems particularly difficult to lớn stop. Microsoft, MySpace, Google... all the big cahunas have sầu had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, và we"ll just have a quichồng look to lớn get a feel for it.

XSS is about malicious (usually) JavaScript routines embedded in hyperlink, which are used khổng lồ hijack sessions, hijachồng ads in applications và steal personal information.

Picture the scene: you"re there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you lớn get in touch. "Me nice gurl", she says. You"ve sầu always wondered where those link actually go, so you say what the hell. You hover over the links, it looks lượt thích this in the information bar:

<%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7...>

Hmmm...what the hell, let"s give it a bash, you say. The one thing I really need right now is lớn see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you cliông xã the links, at any rate, và the long day wears on.

When a links in an IM, gmail, forums or message board is hexed lượt thích the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to lớn hijaông chồng a session in a web application, or even to access user tài khoản details.

*

Stealing cookies is just the tip of the iceberg though -- XSS attacks through liên kết and through embedded code on a page or even a bb post can vày a whole lot more, with a little imagination.

XSS is mostly of concern lớn consumers & khổng lồ developers of web applications. It"s the family of security nightmares which keeps people lượt thích MySpace Tom và Mark Zuckerberg awake at night. So they"re not all bad then, I suppose...

For additional resources on this topic, here"s a great overview of XSS (PDF) & just what can be accomplished with sneaky liên kết. And here"s an in-depth XSS đoạn Clip.

Authorization Bypass

Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or nội dung management frameworks. You know how it is... you run a small university and you want khổng lồ give the undergraduate students something to do. So they build a content management framework for the Mickey Bags retìm kiếm department. Trouble is that this local portal is connected to lớn other more important campus databases. Next thing you know, there goes the farm

Authorization bypass, lớn gain access khổng lồ the Admin backend, can be as simple as this:

Find weak target login page.View source. Copy to notepad.Delete the authorization javascript, amkết thúc a links or two.Save sầu khổng lồ desktop.mở cửa on desktop. Enter anything inlớn login fields, press enter.Hey Presto.

Here"s a great đoạn Clip of a White Hat going through the authorization-bypass process on YouTube. This was done against a small university"s trang web. It"s a two-minute process. cảnh báo that he gets inlớn the User 1 account, which is not the Admin tài khoản in this case. Is Admin User 1 on your User table?

Google Hacking

This is by far the easiest haông chồng of all. It really is extraordinary what you can find in Google"s index. And here"s Newsflash #1: you can find a wealth of actual usernames và passwords using search strings.

Copy and paste these inlớn Google:

inurl:passcác mục.txtinurl:passwd.txt...và this one is just priceless..."login: *" "password= *" filetype:xls

Such strings return very random results, và are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, Squốc lộ Server 2000 has certain exploits, và he knows a quality string pushed out by that version in results, you can hone in on vulnerable websites.

For specific targets Google can return some exceptionally useful information: full VPS configurations, database details (so a good hacker knows what kind of injections might work), và so forth. You can find any amount of SQL database dumps as well (fooling around with a Google haông xã while preparing this article, I stumbled across a dump for a top-tier CMS developer"s website). And a vast amount more besides.

johnny.ihackstuff.com is the man lớn go to for Google hacks. One interesting one I toyed with invited me lớn the Joomla! install page for dozens of sites... people who had uploaded Joomla!, decided against installing it, & subsequently had either left the domain name khổng lồ rot, or else phối a redirect on the page lớn, say, their Flickr trương mục (in one case). Allowing anytoàn thân khổng lồ walk in and run through the installer. Other query strings target unprotected email/IM archives, và all sorts of very sensitive information. What fun we can have!

Password Cracking

Hashed strings can often be deciphered through "brute forcing". Bad news, eh? Yes, và particularly if your encrypted passwords/usernames are floating around in an unprotected tệp tin somewhere, and some Google hacker comes across it.

You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can"t be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed và similarly encoded passwords.

A Few Defensive sầu Measures

If you utilize a web content management system, subscribe lớn the development blog. Update to new versions soon as possible.Update all 3rd party modules as a matter of course -- any modules incorporating website forms or enabling member tệp tin uploads are a potential threat. Module vulnerabilities can offer access to your full database.If you have sầu an admin login page for your custom built CMS, why not Gọi it "Flowers.php" or something, instead of "AdminLogin.php" etc.?Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the hệ thống. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.Do a few Google hacks on your name and your trang web. Just in case...When in doubt, pull the yellow cable out! It won"t vì you any good, but hey, it rhymes.

UPDATEI had posted a liên kết here to lớn a hacking bulletin board containing specific sql injections strings etc. The link pointed to a page which listed numerous hacks targeting various CMS platforms, but containing a disproportionate number of hacks for one platform in particular. In retrospect, and following a specific complaint, I have sầu pulled down this link. Apologies to the complainant & to lớn anyone else who found this liên kết to lớn be inappropriate.