7 easy steps to hack a website in 2018 | Spyhood.com




Hi, ever wondered how to hack a website? Or if it's doable. Maybe you wish to check how vulnerable your site is but don’t know how to go about it. Today is your lucky day because I’m about to break the steps into simplified pieces for you.

Why hack a website? Isn’t it illegal?

Before we get into the ‘HOW’, lets first look at why you or anyone would need to hack into a website.

There are different known classifications of hackers which include; white-hat, black-hat etc. White-hat hacking which is widely encouraged is an Internet slang according to Wikipedia refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. That being said, we can say the reason behind hacking a site would be to retrieve lost information about your site, checking how vulnerable your website is. In some cases, to hack into and bringing down a site dealing with stuff like child pornography.


Ok! lastly! you need to know that the information on this page or any page associated with this website is strictly for educational purposes. If your objective is to use them for illegal activities, then read no further. Spyhood takes no responsibility for any activity done with the knowledge it shares. Read our Disclaimer for more info.


NOTE: The below steps are like the basic of the basics. I use them because advanced hacking methods always tend to be too complicated for most people.

Let's get to business. Get a pen if you ain't with your Computer.

You'd be needing some hacking tools to grow as a hacker

 3 Methods to hack a website

I’ll be showing you with images different ways to hack a website and get successful results. Two of these methods is further broken into 7 easy steps. They include;
  • 1      Hacking via SQL injection(online)
  • 2      Hacking via SQL injection(with a software)
  • 3      Hacking with basic HTML coding


How to hack a website using online SQL injection in 7 steps

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).


STEP 1

Use your system's firefox to open google.com and type in inurl:.php?idas it is in the above picture. You’ll see a list of websites with dork php. Click on any of them.

STEP 2

I choose this site. The address should start with .php

Put apostrophe i.e ' at the end of the url to check if the website is vulnerable. If it says “you have an error in your SQL syntax” like it says in the above picture, then it means the website is most likely to be vulnerable. So proceed.

STEP 3

Remove the apostrophe and add order by 2--  .This is to see how many columns the website has and probably the most important stuff you have to do here. So read carefully. 


Keep testing with 3--, 4--, 5-- until you get a message like “unknown column”. In mine, 11 is the farthest the site has as seen in the above picture, meaning there are 10 columns.

STEP 4

how to
Delete the ‘12 order by‘ and replace with null union all select 1,2,3,4,5,6,7,8,9,10--  .Mine is 10 because the site has only 10 columns. Your’s might be below or above 10. After the page loads, you’ll see a few numbers. Pick the top one. Mine is 7.

visit spyhood.com

Replace 7 in the url with @@Version  .It shows 5.092 community which is great meaning the database version is over 5(basically meaning it can be hacked).

STEP 5


hack

Now replace @@version with group_concat(table_name) and after the last number, add from information_schema.tables where table_schema=database()--

STEP 6


how to

Replace both tables in the url with column



visit spyhood.com



You’ll get all the information the website has. Get those interesting to you e.g full name, pass, username etc. I’ll go with username and pass.



steps in hacking a website via sql injection

 Replace column_name with username,0x3a,pass and replace all the information tags with users--   



tutorial sql injection

You’ll get all the usernames and passwords associated with the site. In case it says ‘unknown username and blank list’. It means you have the wrong table, and you’ll have to go back and look for a different table. Or you can select another stuff to hack, like the product.


Here, the usernames are shown first because it comes before the pass in the url. i.e username:pass,username:pass,username:pass just like it is in the above image.


STEP 7


online hacking

To log in, google admin page finder and click on the first link. Then follow the instructions and get your own admin page finder login. I’ve already done this so I’ll login with mine.
steps
My admin page finder login is evt-me.com/login.php  .Then login with any of the logins you’ve secured. I’ll go with hacked:Karica1982  .Click on profile after it logs in and you’ll find all his stuff. 

steps in hacking a website via sql injection

steps in hacking a website via sql injection



This particular method shows you how to hack a website, and how easy and scary it actually is.





You'd wanna know how to hack into a Computer




How to hack a website easily using an SQL software

Alternatively, if hacking online doesn’t suit your fancy. You can do so using some software, and fear not, you don’t need to understand a single line of SQL to carry out this attack. Thankfully another freely-available and easy-to-use software, originally developed in Iran, can be downloaded from the web saving you all the trouble of having to deal with any complex code.

I didn't analyze the steps in this method, but I hope the simplified description helps.


using an sql injection software



The program is called Havij. There are free and paid versions of Havij available with the paid-for version having more powerful functions. Again the web is your friend and cracked versions of the full Havij application are available online if you don’t wish to purchase it.

The Havij interface is like any other Windows program and all an amateur hacker needs to do is simply copy and paste the url of their target website and press a button.



Havij allows you to perform different types of hacks including one called a ‘Get’, which surprisingly gets all the information stored on the database on that particular site which can be usernames, passwords, email addresses, home addresses, phone numbers and bank details. And that's it!.

How to hack a website using basic HTML coding in 7 steps

If you have basic HTML and JavaScript knowledge, you might just be able to access password protected websites. This last method will show you easy steps on how to hack less secured websites of your choice simply through HTML.


Note: This method only works for websites with extremely low security details.

Credit: images gotten from Wikihow

STEP 1



hacking
Open the website you want to hack. Input wrong username and wrong password combination in its sign-in form. An error will popup saying wrong username and password. Now be ready because your experiment starts from here.

STEP 2

a website
Right-click anywhere on that error page> and go to view source.


STEP 3

Open and view the source code. There you’ll see the HTML coding with JavaScript.

·         There you find something like this....<_form action="...Login....">

·   Before this login information copy the URL of the site in which you are. (e.g. :"< _form..........action=http://www.targetwebsite.com/login.......>")

STEP 4


Delete the JavaScript from the above image that validates your information on the server. Do this very carefully. Hacking this site successfully depends on how efficiently you delete the javascript code validating your account information.

STEP 5

Go to file>save as>and save it anywhere on your hard disk with ext.html (e.g.: c:\chan.html)

STEP 6

Reopen your target web i.e 'chan.html' file that you saved in your hard disk earlier. You’ll see some changes in current page as compared to original One. Don't worry, that shows we’re on the right path.


STEP 7

Provide any username and password. And bravo! you just successfully cracked a website and entered into the account.


Some of the above steps on how to hack a website might not work for you, maybe due to the security of the target website or mistakes on your part. But surely, one will.




Let me know via the comment section if you encountered any problem while performing any of the hacks, or if you have any question and contributions on how to hack a website. I hope to tutor you again.

If you're a newbie hacker and finds it difficult to grab stuff. Worry not because i've done justice to it.





Subscribe to my mailing list

* indicates required