+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: SQL injection tutorial (/Thread-SQL-injection-tutorial--40790)
Pages:
1
2
RE: SQL injection tutorial - A.W.H - 01-19-2013
Thank you for sharing. Nice and simple to comprehend; the best kind of tutorial.
RE: SQL injection tutorial - LEGITimacy™ - 01-21-2013
(04-22-2012, 10:52 AM)grouver08 Wrote: 1:admin:$P$BVn6ffoysMZIZWl..WeFguFFjfG8rX0:loschi@studioaltermedia.it
2:test:$P$B.pgSzrVT7AChwBS.hHc0x9nVSXvBF1:loschi@iuav.it
3:fabriziogalli:$P$BRozKUfxX/YlD5kwg6.soiU.aMTfLr/:fabriziogalli@infinito.it
7:giuseppe_ridolfi:$P$BDfYuVKqZUVDqCP4tcM1d8D5Agc9I3.:giuseppe.ridolfi@taed.unifi.it
6partaco paris:$P$BdrzsFGO/Kusq0ZNawghs98fhVggYM1
8:isidoro:$P$B0GTmpOKQwahKr8m4zICPg23cBQdFe0:antonio.lauria@taed.unifi.it
10:Walter Angelico:$P$BH2xBV6eY3K02emxhg8BzpzVvEDcbA0:walterangelico1@tin.it
11:Andrianq:$P$B4S.SWhJiD6CxLlV1mRywf7i3y48kn.:pulvillarrac@gmail.com
12:MikeWink:$P$B8dwPQu/ZVV62Xq256jIldy5z1HxrV/:bugbeemershonyhe@gmail.com
13:UlricheDmond:$P$BtQX0X44HnBZuPuzKaJrYdK/vO/Tjv1:ulrichedmondsuses@gmail.com
14:marco:$P$BYLPKdC3Fy8xmpfX2lW0HmlRRr/IGf/:marco@itrsystem.com
16IPERYJ27:$P$Bw8ZjwnIhIcCxh.ZCK5ZSgD1I/OSh4.
17:wpadmina:$P$BL3g7vYq3xxxMx5PAOxeuFlYaqkyvj0:makilovitalcamader@gmail.com
18:jos:$P$B/XfeEk/xuERa7OFYP2O9duY458Ihi1:john@chetkoe.tv
19:finoli 13
Is there a way to decrypt the password?
Yes there is a way to decrypt the hashes. They are Md5 wordpress hashes which tend to be rather tricky to crack. The algorithm is pretty hard to crack and takes a long time, also might want to make sure if they contain salts. Look into using hashcat if you want to crack them.
As for OP nice TUT, but you could have also explained WAF Bypassing. Sometimes Union Select and other commands are blocked by Windows Application Firewall (WAF) so you would have to trick the application into not detecting the union select command by either commenting or white spaces, like so /**UNION**/+/**SELECT**/+1,2,3...