I use TOR and armyproxy for my hacking. :)

Dear Everyone, dont bother trying to hack facebook or msn or any other huge websites with this method, it wont work. BUT, i found this method is very effective with school websites! ^_^

awww what do i do they havent got me yet does that mean in in the clear

I got a warning and forgot to use a proxy Is that bad

@smiley32142 dude cops are gonna find you

ahh... i see so many kids here eheh.

I'm sorry to disapoint you all but.... you wont be able to do anything relevant, you won't hack into anything with 13,14,15,16. Wait until you go to a university.

Notice this, the way this video does it, makes it look easy but WHO IN THE HELL STORES THE PASSWORDS NOT EVEN USING MD5??? A lazy ass.

if ur scary about "OMFG POLICE" get a proxy lawlzzzz zzzzzlwal

I recommend using TOR, for anonymous browsing and... editing.

I have reached to the stage where you fetch the data but when I hit enter I get this Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/mobil0/public_html/cwm/n­eff/main.php on line 45, any tips?

guys use a proxy lol u might get done

Bleach FTW! :D

what sites are you kids trying to hack and what is your reason??

@josiahmahar Depends what you want to do, if you just want to practice then it doesnt matter what the site is (obviously not like a law firm or big names, and if they're nice non deserving people just help them secure their site) but usually i go onto google (all different countries)...type "inurl:php?id=" and then a space and whatever i hate most so like "psychic" or "crystal healing" because they scam idiots....and quite frankly deserve their sites ruining, plus its funny.

@josiahmahar "electricretard",com reason: its fucking sick.

I already have basic-intermediate hacking skills though, just not in SQL

I gained access to a website last night through a VPN, emailed the webmaster about the flaws in his website, helped him fix them..and was given permission to look for any other things that need patching up, nice guy really. much more rewarding than defacing :) unless the site you gain entry to deserves it anyway.

If You See A Website

Buyayearbook (DOT) COM /Adminlogin.asp You'll Get Arrested

If You Try It You'll Get This Violaton

Security Warning

An attempted security violation by the following address has been detected.

All information on this attempted security violation has been referred to our Information Security Department for further investigation and prosecutions.

Security Violator: 208.54.87.179 (This IP Address Belongs To T-Mobile DNS Severs) & Is Not Mines & Is Traceable To Diffrent States

@MarkIMcclam i did it to this site before i saw this, am i safe?

@MarkIMcclam ...except mine is my actual ip

Den Benjamin right??



@TheGuitarplayer12345 Are you using a proxy server and you wont have a problem of getting caught and try to find free proxy servers on the internet the one you should try is proXPN its a good proxy and I use it when I hack so look for free downloads for that on youtube or google

intro song?

DEff. Fullscreen, 720p

WTF? this is how magnets works?

it cant be html

???

@adofri Potentially, if said HTML is then parsed by PHP or ASP... Just remember this works because we input data, that is passed to a database... HTML doesn't have that capability.

awwww mannnnnnn... i was using your ASCII converter in ur info for years.. .now its discontinued.. :( i cant find any other can someone help me convert ASCII to text ?

@AnnaMicrosoft ASCII to text... *sigh* what you want is ASCII to char codes, google it :)

i hate this accent! you cannot understand his english if you are a beginner!:(

@Descentofremoved Good thing my aim is not to teach english then huh.

@bizcuitzrcool yours aim who? cause it`s not your video...

@Descentofremoved Erm yes it is...

dude why dont disable comments ? :P

@extazy666 What purpose would that server? :D

r u russian?

@xGodsHereticx hes clearly austrlian lol the .au webpage

@vraj11590 an australian web page doesnt mean u cant be russian or any other race

@xGodsHereticx Exactly, I'm not auzzie, or russian... I'm english.

@xGodsHereticx I can't tell if your trolling or being serious.

Brazilian Hacking

Tha tag says l33t? LOLOLOLOL. Its 1337 n00b.

You just earned yourself a subscriber my good man.

@GordanMFreeman Sub too my new channel dude :P H4ckingHQ :)

@bizcuitzrcool done

so if you do this on someones facebook page you get their passwords just like that? and how can you do this safely? and annonymously

great video helped alot thank you

What is the need to explain how easy it is to become a bastard?

this technique in the wrong hands can put people in danger.

prove that you are a talented programmer and do create masterpieces instead of showing how to destroy others work

@monseigneur16 I understand this, I mean the website is now gone... most likely thanks to idiots defacing it, but I was young at the time of making the video and never really considered the consequences. As to your programming comment, I am currently working on a few projects, and fuzzing a couple of things ;)

holyshit a scot!

@Afroxec He isnt from scotland, Probably Manchester, or Liverpool, More than likely, Manchester.

@guyphawkes mancunian eh? just like oasis and all uk drug dealers

@guyphawkes Still nope but better.

@Afroxec Nope.

@H4ckingHQ i didnt say "fag" so y did YOU speak up? rofl

@Afroxec Cause you were guessing my accent wrong.

@H4ckingHQ no im right its a scot accent.

i dont know what the fuck coments want me to judge

I did this, and the website gave me some warning.

I'm only 13. I don't want to go to jail/juvenile...

I'm freaking out.

@TheGuitarplayer12345 fail

@TheGuitarplayer12345 you are a fucking clown

@TheGuitarplayer12345 Use a proxy. I'm twelve and trying this.

@TheBubaSqua

Proxy's don't do shit. You are still EASILY traceable since 99% of proxy's log entrys and exits.

@iGeckoGaming unless if your using thor....

@glitchhunter96 Lol noob proxies. Use VPNs... Unlogged ones.

@XxENovaxX TOR is suitable as well. VPN is easier though, as long as you have guest access to one.

@TheGuitarplayer12345 calm down bro.

@TheGuitarplayer12345 how can they notice that you are using exploits?

@elitotaku Erm, Server Logs... IDS... MySQL Logs... there are many ways :D

@TheGuitarplayer12345 Erm, your not going to jail XD Do you remember if it was a CloudFlare message?

Oh and before anyone spurts shit, yes this is my video and yes this is a different account.... clearly :)

@TheGuitarplayer12345 hahahaha seriously u r very funny

@TheGuitarplayer12345 Don't worry it's an automated message when the website detects SQL. Your best bet is to make your own password and username script and try to hack that. :)

@TheGuitarplayer12345

I getted it to and i'm 11

@drakola159753 l0l

@TheGuitarplayer12345 Dont worry It happen to me when i was 10 Automaticly close the page and Dont go there again !

@TheGuitarplayer12345 next time use a vps lmao or vpn

@TheGuitarplayer12345 Use a proxy, they think i am from germany :-)

@TheGuitarplayer12345 l0l0l0l

@TheGuitarplayer12345

Don't freak out. Thousands of these injections happen every second. To the cops its not even considered a crime. Unless you tampered with the website severely

@TheGuitarplayer12345 LOL are you fucking joking?

@TheGuitarplayer12345 Should've used a proxy or SecurityKiss!

Great video! One thing, name of song at the end of video? :P

thx

That was nice :)

anyone got proxee? i need one and tor dont work for crap

@Ksernx try SuperHideIP

@Ksernx check hide my ass.com its awesome

But isnt it illegal to hack random sites??? or is it legal to hack russian sites?

@HACKER71000 It is illegal to perform an attack on a site with malicious intent, try being a whitehat instead >_>

@daeheadshot Im not blackhat, but if there were no blackhats there wouldnt be any whitehats either.

Ah I love this tutorial keep making more, Ive been hacking scince I was 13(Im 14 now) its fun, anyone who says hackers are evil.... there 50% wrong, most hackers are good.... who the hell do they think creates there AVs and there Friewalls? pah srew them, keep on!!!

UrBAN haha wow sites these days

Thank you ;)

If any body can teach me how to do it over teamviewer I'll pay 5$ over paypal

I'm having a REALLY hard time finding vulnerable websites to test... :-( I'm putting

"x' or 1=1--" in the password field (a trick I learned from somewhere else) but its always wrong. :-(

can i can type in .php?id=8 order by 999999999999999999999999999999­999999999999999999999999999999­9999999999999-- and it still shows the website

it just turns out like this when i try this;

.php?id=8'%20order%20by%202--

Why? :(

@Jooltville its your browser %20 stands for space, try firefox

What happens if you get caught? Because i got caught..... ( i was just exploring different ways of breaching a website)

does this work on mysql 4.1.13 ?

@tictuga version 4 doesn't support information_schema.tables so you have to guess the table name. So for instance you have the column numbers and it shows you the string numbers. after the column numbers you put "from users" and if it returns the string numbers still that table exists if it doesn't you have to keep guessing it. Once you have type in group_concat("text in here") where the string number is, so for instance if you type password and loads of passwords come up then you know that

@tictuga exists, you can keep doing this until you get usernames, passwords emails etc. you just have to guess, remember to put 0x3a which is the hex value for : which will split the usernames from the passwords and cause less confusion. I hope this helped.

Hacking on MAC = fail

Thank you for your video , i have one question , i tryed it on this website

they said it was ok ( i know the owner ) but i can't make it work , i did the ' , and it worked iit is sql vulnerable but than when i do order by ... none of them work because it doesn't exist as a url... can you help me

jmef-serveur.exano.net

i think you should have used zoom more in this video, it is hard to see some stuff in this video, but yeah i liked the video anyways :P

one thing you nead to know the names of the tables that jou are attacking and than type query

>Thinks he's 1337 h4x0r - uses Mac..

@JACOBFLARSEN >Thinks he's 1337 h4x0r - watches youtube videos on how to hack..

@ZlapEx >Thinks I think I am 1337 h4x0r . realizes I never stated I was.

>yfw

@JACOBFLARSEN >Claims the video owner thinks that he's 1337 h4x0r, when he never stated he was. Yet defends himself when same logic was used on him.

@ZlapEx >Realizes I don't give a fuck, and have no idea of what we are discussing..

>yfw

anyone know what this website is called? :P or atleast a good website to do this to?

For me it just says:

An error ocurred while processing your request.

the error returned was: 404.2

with the following error message attached:

Invalid pagemark: 1 order by 2 --

Additionally, an error occured while logging the error.

i googled how to protect ur pc from sql injections and i  destroyed that site lol :P

unfortunatly i cant find it anymore -_-

thumbs up for sony got effed

@bozniankingx1 Sony got DDosed -.-

F-A-I-L

@PirateTHESteam1

i guess lulzsec when they leak thousands of accounts and voucher codes off sony pictures says otherwise

Does anyone know the name of the song in the beginning of the vid???

Login name : admin

Password : 'or''='

I'm not responsable for people who get in jail (works on alot of websites)

I did a few SQL Injection videos on my YouTube Channel as for 4.0 servers have not figured them out yet.

i find web site with 2700 users

i get user ids, usernames, emails and hashed password :)

@LudakLudi Police find you and you go to jail with 2700 users. Not to be cranky its a nice find dude just remember that what you are doing IS illegal.

@H4ckingHQ ooo nooo they are at my door , they are coming , what should i do ??? police is here !!!!! xD .... lololo NOOB !

@LudakLudi Noob? You watched my video to learn how to get those accounts. There may be confusion but H4ckingHQ is my new channel.

@LudakLudi  lolololol

wish you could do that for windows live

w00t

AMAZING!, how old are you?

xD

@Trunksinflames At the time of recording this I was 14/15.

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'menu'

/gui/default/header.asp, line 106

@TH3L44R123 So think about it, there using ASP which is generally locked down to MS-SQL as its database, the above video is aimed toward MySQL injection attacks, go research MS-SQL and ASP injection methods.

i got error at 9 ?

Can you please tell me witch song was that? :D

unknown column name in information_schema i can't get past the ascii code on any website it always says the same thing i have tried and tried can someone please tell me what has happened?

song on the start?

brilliant, my site is now protected :)

dude what are you? Like dude accicents are beast mode :P so how many collums do u think runescape has?

@rstipsandhelp4u lol runescape isnt hackable through sql injections.... only unsecure sites are not big company game sites

When I'm entering "union all select 1,2,3,4,5,6--" it's giving me a SQL error...

Why?

That site is full of web shell.

Kids Stuff :) >:) I only want to know the song when the video beggins :)

Go to a website where the end of the URL looks like admin/login.asp , adminlogin.asp or anywhere along those lines, and put the username as admin and the password as 'or''='

Aha, I just visited the site after so long, what's with all the defacements? My suggestion grow up :) I was doing that shit when I was 13/14????

@dragonlover61 I wonder, does the owner of the site even know this? Serveral defacements here and there. Nice tutorial I learned something.

Isn't it easier to first use "group_concat(table_name") or (column_name) so you get it in a group, and use "from information_schema.tables/colu­mns where table_schema=database()--" ? :P

I like ur accent :D !!!!

i forgot to add that the website is hosted by drupal,com

the site i am trying to hack dosnt give me any errors when i use ' or 1 or 2 or 3... or eve 999999999

so i did the union all select 1,2,3,4,5]

but no box appeared and nothing. Whats wrong?

Btw very nice tutorial, clear and all :)

@CyphenPhsyX

This mostly means that the website which you are trying to hack isn´t vulnerable.

@mago1094

Ah ok, nvm then =P thanks for reply tho :)

@CyphenPhsyX remove the bracket

Great tutorial! Could you explain why you put the hex value after the column name? (5:45).

@klaboem0 I'm not 100% sure on this one but when I looked it up I think the hex is a ':' (colon) which suggests its just how SQL wants you to split up your selections.

What do you think?

Yes:No

@klaboem0

The keyword concat that he used is short for concatenate which means that it will chain everything together in one big lump, there is nothing there to separate the entities. So in this case, without the hex, it would look like this:

NatalieSachNatalie,KathrynJone­sgla....

You sound just like the guy that works for CCP

nicely done! ... I like the way you use the application against itself...

cool

rofl, someone edited one of the pages and inserted a file upload, shell tiem!!!!

HOW DO YOU EDIT THE INFO IN THE TABLES? E.G. THE BLOG`?

HAYY! I understood your accent just fine! so you other people shut up, you're just retarded ! thumbs up on the vid.

im getting error at the part where you write from information_schema-tables -.-

when issuing the union all select command I get an error.

I don't see the wrong with your accent, for me it's very easy to understand. And I'm swedish lol

@dragonlover61 When i type union all select 1,2,3,4...-- I can't see any numbers , Why is that ? I tried on many sites and I never see any numbers .

HELP PLS

gr8 dude gr8....

Thanks for the tutorial. I have been reading up on it all day but seeing you do it and hearing you explain why helped it click when all those hours of reading didn't. Thanks again, I hope you continue to upload these tutorials

sql is hard i hate this

@vis4r LOL sql is easy. Sits right beside VB XD

@nsahler Pretty much :D And i'm not being a douche but all the people asking questions I have gave you the basics now go away and read read read..... Its better to learn yourself in my opinion.

I understand you just fine, but yer music prior and post video is TERRIBLY loud. I think you made a great video though, props.

Hey dragonlover61...everything went fine until findin the desired columns...but the problem i face comes from displaying the column... i type exactly as u said

union all select 1,user,3,4,5 from user--

when i type enter i get a error....why is that...can you help me ??