You might be interested if you can hack administrator passwords of websites! So here’s a way….
You can use this method for cracking admin passwords of websites written in ASP.
First, you type “asp admin login” in Google. Then select any of the websites.
1. Type admin in username field.
2. Type ‘or’1’=’1 in the password field. (You may use the same string in the username field also.)
Are you logged in now? Sometimes, you may not be. But you don’t worry. Try for webpages in the second and later pages of google results. Defenitely, you can crack!
Now do you want to know the anatomy of this hack? We have used the technique of SQL injection here. i.e, we have (mis)used the security vulnerability(Remember Deepa miss’s class) in the database layer of an application.
I think that you remember the basic SQL commands. Normally, we write the sql command for validation of input form in the following way.
SELECT * FROM ‘users’ WHERE ‘name’ = ‘ “+userName +” ‘ AND ‘password’ = ‘ “+password + ” ‘;
When we type as username and password as shown above, the query will become like
SELECT * FROM ‘users’ WHERE ‘name’ = ‘admin’ AND ‘password’ = ” OR ‘1’=’1′;
Look in the password validation carefully!
password=” or ‘1’=’1′
Either password is null or 1=1. String will be always validated!
Don’t misuse this trick! Think positively…………!
sql injection is an old method.Nowaydays there is no use with it.however there may be websites that cannot prevent sql injecttion.
Its very easy to prevent sql injection.In php we can use a function named addslashes() to add black slashes before any special chars in a string so that every special characters will be treated as normal characters so that reason sql injection is not possible here.
that is a good programming practice. But this method works for many login pages written in ASP. I have checked and verified it.
Guys,one more thing i want to point out is that we can avoid indexing our admin page by google or other search engines like this,
…
</head
so that our admin page wont appear when someone searching on search engines
Should we do it on the end of code or just as usual(i.e.before starting ) for not to be indexed?
Oh! Now I have found your reply in facebook. thnx..
<html>
<head>
<title>…</title>
<META NAME=”ROBOTS” CONTENT=”NOINDEX, NOFOLLOW”>
</head