More Tips

Hack a Website using SQL Injection

SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.

When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
The Simple SQL Injection Hack

In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.

Suppose we enter the following string in a Username field:

' OR 1=1

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:

SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT’

…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.

So entering `OR 1=1 — as your username, could result in the following actually being run:

SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '’

Two things you need to know about this:
['] closes the [username] text field.

'' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:

SELECT * FROM users WHERE username = '' OR 1=1

1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.

Change password in windows-xp Using Command Prompt

To change the password of a user from the command prompt, go to Run –> cmd.
Command prompt will open. Use the following commands to change the password:
net user username password /domain

Rename the Recycle Bin

To change the name of the Recycle Bin desktop icon, open Regedit and go to:

HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}

and change the name "Recycle Bin" to whatever you want (don't type any quotes).

Remove the Recycle Bin from Desktop

If you don't use the Recycle Bin to store deleted files , you can get rid of its desktop icon all together.

Run Regedit and go to:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/explorer/Desktop/NameSpace

Click on the "Recycle Bin" string in the right hand pane. Hit Del, click OK.

Create a Password Reset Disk
If you’re running Windows XP Professional as a local user in a workgroup environment, you can create a password reset disk to log onto your computer when you forget your password. To create the disk:

1.Click Start, click Control Panel, and then click User Accounts.
2.Click your account name.
3.Under Related Tasks, click Prevent a forgotten password.
4.Follow the directions in the Forgotten Password Wizard to create a password reset disk.
5.Store the disk in a secure location, because anyone using it can access your local user account.