You might be interested if you can hack administrator passwords of websites! So here’s a way….
You can use this method for cracking admin passwords of websites written in ASP.
First, you type “asp admin login” in Google. Then select any of the websites.
1. Type admin in username field.
2. Type ‘or’1’=’1 in the password field. (You may use the same string in the username field also.)
Are you logged in now? Sometimes, you may not be. But you don’t worry. Try for webpages in the second and later pages of google results. Defenitely, you can crack!
Now do you want to know the anatomy of this hack? We have used the technique of SQL injection here. i.e, we have (mis)used the security vulnerability(Remember Deepa miss’s class) in the database layer of an application.
I think that you remember the basic SQL commands. Normally, we write the sql command for validation of input form in the following way.
SELECT * FROM ‘users’ WHERE ‘name’ = ‘ “+userName +” ‘ AND ‘password’ = ‘ “+password + ” ‘;
When we type as username and password as shown above, the query will become like
SELECT * FROM ‘users’ WHERE ‘name’ = ‘admin’ AND ‘password’ = ” OR ‘1’=’1′;
Look in the password validation carefully!
password=” or ‘1’=’1′
Either password is null or 1=1. String will be always validated!
Don’t misuse this trick! Think positively…………!