PDF download Download Article
Easy ways to hack a website with basic HTML
PDF download Download Article

This wikiHow teaches you different ways to gain access to a website by hacking a login page. Websites are far more advanced and secure than they used to be, so there's virtually no way to gain access to private information just by looking at or writing basic HTML . It's much harder to hack into websites in general, especially if you're a novice! But, if you come across an older website written in rudimentary HTML by a beginning web developer, there's a slight chance you may come across passwords in the website's source code. Yes, we are being serious – passwords in the source code. A slightly more reliable way to exploit a website's login screen is to try a SQL injection. Whatever you do, don't hack into any websites without consent—it's illegal and could get you into big trouble. [1]

Method 1
Method 1 of 2:

Using the SQL Injection Hack

PDF download Download Article
  1. If you don't see the fields asking for your username and password, click the Log In or Sign In link on the homepage to get there.
    • Most developers have wised up to SQL injection hacks, so this probably won't work on the majority of websites. Still, if you find an older website with a login page, you may be able to use this hack to gain access without knowing a password.
  2. The simplest way to do this is to enter ' (this is the single quote mark) into the username field, and then click the Log In or Sign In button. [2] Leave the password field blank.
    • If you see an error message that contains a bunch of SQL code including QUERY: SELECT * FROM , the website is vulnerable.
    • If you get a simple error that says the username or password is incorrect, this method won't work.
    Advertisement
  3. If the single quote you entered into the Username field before is still there, delete it—you'll want that field to be blank. In the password field, type ' or 1=1--+ .
  4. If you were able to log in successfully, great!
    • If this didn't work, it could be because some sites block 1--+ . Try using one of these as the password instead (still leaving the Username field blank): ' or 1=1# or ' or 1=1-- . [3]
    • If you're able to gain access to the database , the ethical thing to do would be to alert the administrator.
    • If you're still not able to log in, the site is protected against this type of hack.
  5. Advertisement
Method 2
Method 2 of 2:

Finding Hidden Passwords in HTML Source Code

PDF download Download Article
  1. You can use any modern web browser, including Chrome , Firefox , or Safari.
    • Passwords are encrypted the vast majority of the time—it's extremely rare that websites and login forms are coded in basic, unsecured HTML. You may be able to use this method if you find a very basic website from a long time ago, or maybe the website of a new-to-HTML student.
  2. If the website has a dedicated login section, click the Log In or Sign In link or button to go there.
    • If the website loads to a login screen (or if the login section is on the home page), you can skip this step.
  3. This displays the HTML source code of the current page in a new tab.
  4. This opens the Find tool, which lets you search through the document.
  5. This identifies all instances of the word "password" in the code. Use the arrows next to the search field to scroll through the results.
    • If you don't see any results, shorten the search to pass and repeat, then do the same with user , username , login , and other keywords which may describe login information.
    • If you're attempting to hack the website by logging in under the website's administrator credentials, the username may be something like "admin" or "root".
  6. If you've combed through the HTML with no adequate search results, do the following:
    • Close the source tab.
    • Type in random letters for the username (or email address) and password fields.
    • Click the Log In button.
    • Re-open the source page by pressing Command + U or Control + U .
  7. Once you've updated the source code to reflect what's on the failed login attempt page, you can resume using the search bar to look for keywords pertaining to the login information.
  8. If you were able to retrieve some form of username and password from the website's HTML, try using the credentials in the website's login section. If they work, you've found the correct credentials.
    • Again, the chances of anything you found in the HTML working as a successful login are extremely low.
  9. Advertisement

Community Q&A

Search
Add New Question
  • Question
    Can you suggest any good hacking courses?
    Community Answer
    Sites like Hackthissite and Hellbound Hackers provide you with real life scenarios that can help you learn. You might start there.
  • Question
    Can I be caught if I hack a website?
    Community Answer
    Eventually, yes. Every time you access a page, it makes a log file that contains your information. This includes your IP, which can later be traced back to you by authorities if they have the legal right to do so.
  • Question
    What do I do if I can't change the script?
    Community Answer
    You don't literally change the script; you copy it to a text editor, then open it as an HTML file. This will open the website through the script that you saved in your computer.
See more answers
Ask a Question
      Advertisement

      Tips

      • Learning HTML will give you a small advantage when reviewing your selected website's source code.
      • Login forms are one thing. Try looking for forms, comments, or anything else that lets you input text. Then, you can input HTML, CSS, or JS. But, don’t hack, this is just an example.

      Tips from our Readers

      The advice in this section is based on the lived experiences of wikiHow readers like you. If you have a helpful tip you’d like to share on wikiHow, please submit it in the field below.
      • Search source code for login-related keywords like "password" or "username." But again, hacking without consent remains illegal, despite ease of access.
      • If your first SQL injection try fails, tweak the code, but don't overdo it. Repeated failures draw attention and legal liability. Know when to move on.
      • Dig through the source code for any clues about passwords or logins, but encryption makes this unlikely nowadays. Still, carefully check.
      • With extremely primitive sites, you might find exposed login data in the source. But lack of permission makes hacking illegal regardless.
      • Input weird characters into login fields to check for SQL injection points. But, most modern sites protect against this method now.
      • Ethical hacking allows you to safely try exploits without legal risk. It's smarter than attempting illegal website hacks.
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!
      Advertisement

      Warnings

      • You cannot edit the website's HTML from your browser unless you have direct access to the server to which the website's HTML file is uploaded.
      Advertisement

      About This Article

      Article Summary X

      1. Go to the website's login screen.
      2. View the page's source code.
      3. Look for the word "password" in the source code.
      4. Find and try passwords from the code.

      Did this summary help you?
      Thanks to all authors for creating a page that has been read 3,280,916 times.

      Is this article up to date?

      Advertisement