THREAD: How to find vulnerable websites (For beginners)
  1. 04-12-2011, 09:11 PM
    Curt's Avatar
    Curt
    Former Staff
    Curt's Avatar
    Curt
    Former Staff
    2,437
    Posts
    24,200
    Reputation
    Oct 2009
    NextGenUpdate
    I thought i'd post this because using a tool like this is much quicker than doing manual SQLI (unless you prefer doing it old school.:tongueSmile This tool is a little like havij but in my opinion better. I will only be showing you howto find vulnerable websites with this tutorial as their's plenty of tutorials on how to deface an sql vulnerable site.

    First off you need to download the actual tool itself (No this is not my own tool)
    Download (Survey free);

    You must login or register to view this content.

    Once you've downloaded the program itself from the above download link, you need to extract it to a place you will know where to find it. You can find a picture of the programme itself, once opened, below.

    Spoiler:
    You must login or register to view this content.


    NOTE- Make sure you don't extract the tool away from the folder because that's where the dorks are.

    Ok so now for the tutorial, this is a little long but who ever said hacking was easy? just simply follow these steps bellow and then you will be successful in "hacking" your opponent.

    Step 1 -First you will need to click the "Scanner" tab and then the little "+" icon on the "All dorks". Once done you will see a list like below.
    Spoiler:
    You must login or register to view this content.

    this is called a "dork" you can pick any dork you want via clicking the little "+" icon, again.

    Step 2 - Next you will need to pick a specific "dork" I'm going to be using ASP with dork ; ".asp?bookID=" you can (enter it into the search box the type of dork you're looking for. This tutorial doesn't require this specific dork, you can chose one to your own preference. So now our stage process should be as shown below.
    Spoiler:
    You must login or register to view this content.


    Step 3 - Now you will need to press the scan button, make sure to press "Remove duplicates". See the below picture.
    Spoiler:
    You must login or register to view this content.


    Step 4 - Once you've completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
    Spoiler:
    You must login or register to view this content.


    Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping. It should look like the following.
    Spoiler:
    You must login or register to view this content.


    Step 6 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject.

    I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.

    I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy to hide yourself, here's a few proxy's that I use.

    You must login or register to view this content.
    You must login or register to view this content.
    You must login or register to view this content. (best in my opinion)



    Remember all my tutorials I do myself from my own personal knowledge. Here's some other tutorials I made ;
    You must login or register to view this content.
    You must login or register to view this content.


    Virus scan.
    You must login or register to view this content.
    Last edited by Toxic ; 05-02-2016 at 01:25 PM. Reason: New pictures + virus scan + new text.

  2. The Following 79 Users Say Thank You to Curt For This Useful Post:

    , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

  3. 10-15-2015, 12:29 PM
    Devious's Avatar
    Devious
    Treasure hunter
    Devious's Avatar
    Devious
    Treasure hunter
    865
    Posts
    6,576
    Reputation
    Jul 2014
    NextGenUpdate
    Awesome Smile
  4. 10-22-2015, 06:18 PM
    Conduit's Avatar
    Conduit
    Keeper
    Conduit's Avatar
    Conduit
    Keeper
    10
    Posts
    30
    Reputation
    Oct 2015
    NextGenUpdate
    Just learn basic sql injection lolz and if you wanna deface learn basic html. You must login or register to view this content.
  5. 02-14-2016, 02:33 PM
    23
    Posts
    -17
    Reputation
    Oct 2015
    NextGenUpdate
    when i try open the tool i get "vshost.exe has stopped working" why?
  6. 07-30-2017, 12:36 PM
    MODZ4FUN420's Avatar
    MODZ4FUN420
    NextGenUpdate Elite
    MODZ4FUN420's Avatar
    MODZ4FUN420
    NextGenUpdate Elite
    2,172
    Posts
    450
    Reputation
    Mar 2013
    NextGenUpdate
    Originally Posted by Curt View Post
    I thought i'd post this because using a tool like this is much quicker than doing manual SQLI (unless you prefer doing it old school.:tongueSmile This tool is a little like havij but in my opinion better. I will only be showing you howto find vulnerable websites with this tutorial as their's plenty of tutorials on how to deface an sql vulnerable site.

    First off you need to download the actual tool itself (No this is not my own tool)
    Download (Survey free);

    You must login or register to view this content.

    Once you've downloaded the program itself from the above download link, you need to extract it to a place you will know where to find it. You can find a picture of the programme itself, once opened, below.

    Spoiler:
    You must login or register to view this content.


    NOTE- Make sure you don't extract the tool away from the folder because that's where the dorks are.

    Ok so now for the tutorial, this is a little long but who ever said hacking was easy? just simply follow these steps bellow and then you will be successful in "hacking" your opponent.

    Step 1 -First you will need to click the "Scanner" tab and then the little "+" icon on the "All dorks". Once done you will see a list like below.
    Spoiler:
    You must login or register to view this content.

    this is called a "dork" you can pick any dork you want via clicking the little "+" icon, again.

    Step 2 - Next you will need to pick a specific "dork" I'm going to be using ASP with dork ; ".asp?bookID=" you can (enter it into the search box the type of dork you're looking for. This tutorial doesn't require this specific dork, you can chose one to your own preference. So now our stage process should be as shown below.
    Spoiler:
    You must login or register to view this content.


    Step 3 - Now you will need to press the scan button, make sure to press "Remove duplicates". See the below picture.
    Spoiler:
    You must login or register to view this content.


    Step 4 - Once you've completed "Step 3" the next thing you will need to do is right click your list (the white part) and press "Send to SQLI Crawler" as so.
    Spoiler:
    You must login or register to view this content.


    Step 5 - Once in the SQLI Crawler you will need to press "Crawl" this will find you the vulnerable links from the ones you just just imported, this didn't work for me as good as I was hoping. It should look like the following.
    Spoiler:
    You must login or register to view this content.


    Step 6 - Once your list is populated you have now got yourself some vulnerable sites to SQL inject.

    I would of continued the tutorial into more depth of executing SQL injection with this tool but there's already tutorials around that you can use. If you need any help with SQL injecting/uploading a shell just PM me, I'll be more than happy to help. I know you might think this tutorial is well pointless but it's a simple way of finding vulnerable websites whilst using some of the best dorks. Oh and before you guys say isn't it better just using "Google" well in my opinion no, this method tells you if its vulnerable and gives you over +50 sites at a time which will keep you busy.

    I hope you liked this tutorial and remember whenever hacking/exploiting sites always use a proxy to hide yourself, here's a few proxy's that I use.

    You must login or register to view this content.
    You must login or register to view this content.
    You must login or register to view this content. (best in my opinion)



    Remember all my tutorials I do myself from my own personal knowledge. Here's some other tutorials I made ;
    You must login or register to view this content.
    You must login or register to view this content.


    Virus scan.
    You must login or register to view this content.


    I am real interested in how to execute sql injection. Any links you can link me to?
  7. 07-30-2017, 12:53 PM
    Kronos's Avatar
    Kronos
    Former Staff
    Kronos's Avatar
    Kronos
    Former Staff
    4,237
    Posts
    42,261
    Reputation
    Mar 2013
    NextGenUpdate
    Originally Posted by MODZ4FUN420 View Post
    I am real interested in how to execute sql injection. Any links you can link me to?


    You must login or register to view this content.



    ps dont bump 6 year old threads.