Hacking PHP 4.4 sites in 20 seconds

Now here is  a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP Hacking PHP 4.4 sites in 20 seconds - rdhacker.blogspot.com 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.

Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching,and if you don't then read these articles first -

Google Search Tips for Hacking

Google Secrets – Some Cool Google Dorks

Basics of SQL Injection

SQL injection by example

Simple Nmap Scanning

 

In the mean time,here is how you can start -

Step 1 – Search for them

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.

Step 2 – Scan them

Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie -

http://www.website.com:2000

and you will be comfortably login into admin page like this -

You will login with port 2000 into website - rdhacker.blogspot.com

Step 3 – Hack them

Now in the fields,you have to type -

username – admin

password – a’ or 1=1 or ‘b

domain - a’ or 1=1 or ‘b

Inject the fields qith these values - rdhacker.blogspot.com

and press go,you will login into admin

and you have hacked into admin - rdhacker.blospot.com

voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.

I hope that was informative :P go learn something.

 

Cheers

POSTED BY XERO.ALL RIGHTS RESERVED.

18 Responses to “Hacking PHP 4.4 sites in 20 seconds”

RUPESH VERMA said...
April 5, 2011 at 1:12 AM

great........good job.......


ashu said...
May 2, 2011 at 4:49 PM

hey how to find those sites which is running on php 4.4 and apache..


assdffsfsfsdf said...
May 2, 2011 at 4:49 PM

<style>body{display:none}</style>sdsadasddadasdasdadadddad


Evil Thinker said...
May 2, 2011 at 4:49 PM

Maaan , Php 4.4 is Too Old ,, i Guess Finding server Running This Version is The Harder Step in These Attacks ,, However Thanks for Sharing .


Duderaghavx said...
June 24, 2011 at 9:14 PM

can u hack travian website????

www.travian.com???


P6n33 said...
June 28, 2011 at 2:46 AM

sql injection basic
 


Rishabh Dangwal said...
June 28, 2011 at 10:47 AM

Yep it is.


Simon said...
July 31, 2011 at 10:24 AM

Can someone tell me how to find sites running php 4.4 because it doesnt explain it...


Dilan said...
November 24, 2011 at 1:07 PM

http://www.elitedepot.com/Twinlab_c_110.html


Dfnsdj said...
January 20, 2012 at 4:13 PM

hhe


Mehran Mesbahzadeh said...
March 1, 2012 at 11:32 PM

It dosn't work please help me see this site
http://82.115.27.75/gateway/PuyaAuthenticate.php?rand=942156796

if you find enything send it by mail.


Mai Phương Nguyễn said...
May 9, 2012 at 2:18 PM

gom su minh long


Aaron Jiang said...
June 28, 2012 at 6:17 AM

thx for sharing, but I still wondering how many sites are running php4.4 nowadays


Wes said...
July 31, 2012 at 2:12 PM

hey
i am tryin to retrieve username and password on a site using php.
can you guy tell me how to do this? am sooooo lost !

thx guys ;)


Rishabh Dangwal said...
July 21, 2013 at 6:55 PM

xdddd


Rishabh Dangwal said...
November 6, 2013 at 10:41 PM

it is really awesome man keep it up

http://techstranger.blogspot.in/


Rishabh Dangwal said...
August 7, 2014 at 11:33 AM

try this for 'or'0;


Rishabh Dangwal said...
September 3, 2014 at 3:33 PM

<button type="submit></button>


Post a Comment

Need to say something ? Spell it out :)

All Rights Reserved by Pro Hack . Copyright 2008 - 20011. Template by Bloggermint .