Hack A Php Login Form

admin
Login

Now here is a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.

Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first -

In the mean time,here is how you can start -

Step 1 – Search for them

Hack
  • Hacking an Insecure Login Form To demonstrate the vulnerabilities that can be exploited on an insecure login landing page, I stood up a Microsoft Azure site SSLGotchas.com. On this site, the login landing page below is loaded insecurely over HTTP.
  • How to hack the form? SQL Injection. This method was really effective before frameworks become so trendy in PHP world. But might be still dangerous if the application doesn’t use ORMs or other data objects extensions. The code doesn’t check the data against some threats or wrong characters. Values are passed from the login form.

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.

Step 2 – Scan them

In this tutorial we will learn how a hacker can manipulate the input and inject it in such a manner that without username or password he can login. Login Bypass Using SQL Injection. What we can see above is a PHP code which takes the user Input put the into the SQL Query and then check if any row is returned it allow you to get Log in.

Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie -

http://www.website.com:2000

and you will be comfortably login into admin page like this -

Step 3 – Hack them

Any additional drivers you may need can be found ------------------------------------------------------------------------------------------------------------------------------------------------ If in the future you wish to have the Recovery Partition back, you can order a replacement set of Recovery Discs using the link below - using these to reinstall Windows 7 will also re-create the Recovery Partition. Hp g60 laptop recovery disk download. If you don't, you can create an installation disc yourself - just download the correct Disc Image from the link below and use an application such as to burn the ISO correctly to a blank DVD. Use the disc to perform the installation, enter the Windows activation key found on the underside of your notebook when requested and when the installation has completed, use the 'Phone Method' detailed in the link below to activate the OS - this method supported by Microsoft and is popular with people who just want a clean installation of Windows 7 without the additional software load normally bundled with OEM installations. These Images are clean and from a well-respected source, however there are only limited versions available. Hi, There is n't an option to be able to download the Recovery Partition, but there is an easy work around if you have ( or can borrow ) a retail Windows 7 installation disc that is exactly the same version as your OEM installation - ie as your notebook came with Windows 7 Home Premium 64bit this is the exact retail version you would need - this may well be the version you already have via MSDN.

Creating A Php Login Form

Now in the fields,you have to type -

username – admin

password – a’ or 1=1 or ‘b

domain - a’ or 1=1 or ‘b

and press go,you will login into admin

Hack Php Website

voila.you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.

Download the latest driver, firmware, and software for your HP Compaq d220 Microtower Desktop PC.This is HP's official website to download drivers free of cost for your HP Computing and Printing products for Windows and Mac operating system. Hp compaq d230mt drivers.

I hope that was informative :P go learn something.

Cheers

How To Hack A Login Form Using Php

POSTED BY XERO.ALL RIGHTS RESERVED.

Php Login Form Code

Technorati Tags: hacking,how to,security,tutorials,rdhacker,prohack,php injection,sql injection