SQL Injection Tutorial for Beginners


SQL Injection is one of the most widely used web hacking methods and it’s impact on the security in general is huge.

*SQL Injection attacks work with database, so having a basic knowledge of SQL would be a plus*

What is SQL Injection ?
“It is a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry field for execution
(e.g. to dump the database contents from the target site).”

If you are interested in reading more about SQL Injection concepts, and more detailed reasons behind all this, I suggest you by reading a brief intro at Wikipedia.


Finding and Removing web backdoors

This is one of the biggest problems for nowadays website owners, they are just to lazy to check their files for possible backdoors,new file uploads or they don’t know how to, which they should quite often. Checking your website files is very important and I’d suggest that to every website owner out there, of course if you don’t have any special software protecting you that you are 100% sure will stop malicious files(there’s none atm).


From symlink to root

This is not a new method, nor anything special, but still kind of not feeling that old. These kind of vulnerabilities you probabbly won’t encounter everyday, and if you do it’ll probabbly be some server with mostly custom softwares-programs, or I don’t know maybe people just won’t evolve and will keep writing commercial catastrophic buggy codes, anyway lets get on with.

A very small knowledge of would be a plus. The symlink on this tutorial will allow us to overwritte any file on the target system,there’s a SUID program which doesn’t properly check file writing.

#include <stdio.h>
main(int argc, char **argv[]) 
    FILE *sfile;
    sfile = fopen("sfile","a+");


What is Google Dorking?

I am going to give you a fast brief on what is “Google Dorking”, mostly referred as dorking  but also known as Google Hacking.

Dorking  can return information which is difficult to locate through a simple search, and is actually of the best friend to every whitehat/greyhat/blackhat hacker, depending on the search and vulnerability it can return usernames,passwords,emails and other sensivite informations.


Who is a real hacker?

Have you ever wondered what it’s like to be a real hacker, the skills required? you probabbly didn’t think hacking a website/server/computer would make you a hacker? well yes kind of a hacker as long as you manage to overcome what was not supposed to by the system.

But this hack can still be very complicated and requiring a shitload of things, that’s why I like to categorize hackers on a scale 1-10 no matter what, those guys who only hack with public exploits, or world wide available methods are called “skiddies” 1-3 scale, now let me show what a 8-10 hacker mad skillz should be.

1409452549_1386606662_1dbf9nr_a5wnmsc <—(*thats not me btw*)

Programming : C\C++,JAVA,Assembly,Python,Shell Scripting,System\kernel programming, socket programming
Networking : bugs&security (HTTP,SMTP,FTP,DNS,POP,IMAP,Routers,switches etc)
Exploitation : Buffer Overflow,Heap Overflow,Integer Overflow,Format String,Race Condition,Use after free techniques, ret-into-libc etc.
Web : Programming&security ; PHP,ASP,CGI,JSP,SQL (at least one of these), Browsers


Web App Penetration

Here’s a list of some tools with vulnerable web applications ready to penetrate for you, you can also find the answers to your questions on the documentation , and of course some PHP knowledge would be legit.

  • Hacme Bank v2.0 –  is designed to teach application developers, programmers, architects and security professionals how to create secure software.
  • Hacme Books –  is a learning platform for secure software development.
  • Hacme Casino –  is a learning platform for secure software development.
  • Hacme Shipping – is a web-based shipping application developed to demonstrate common web application hacking techniques.
  • Hacme Travel – is designed to create secure software.

You can find all these tools on the McAfee site, so am not going to provide a link for each.

This is just a common list for beginners, when you are ready to dive in deeper, surf the net there’s a ton of vulnerable-buggy code you can play with.