Feb 15, 2013

SQL Injection Using SqlMap

How To Hack Website Using SQLMap Sqlmap Is An Automated Pen Testing Tool. That Automates The Process Of Detecting And Exploiting SQL Injection Flaws And Taking Over Of Databases. It Comes With A Powerful Detection Engine, Many Niche Features For The Ultimate Pen Tester And A Broad Range Of Switchs Lasting From Database Fingerprinting. Over Data Fetching From The Database. This Tool Is Best For Beginners. Who Just Now Entered In Security Field. It Is Easy To Use Tool. This Tool Makes SQL Injection Easy As Compared To Manual SQL Injection.


SQLMap In BackTrack 5R3

1. Open Terminal And Type Following Command To Open SqlMap.

 cd /pentest/database/sqlmap 

Or
Go To Applications>BackTrack>Exploitation Tools>DataBase Exploitation Tools>MySQL Exploitation Tools>sqlmap

How To Hack Website Using SQLMap

SQLMap In Windows

1. Download Sqlmap From Here.
2. Extract It.
In Windows OS, You Can Use Sqlmap In Command Prompt. Same Like BackTrack. 

SQL Injection In SQLMap - Website Hacking

I Am Going To Tell, That How Can An Hacker Make Use Of Sqlmap For Hacking A Vulnerable Website. By Using This Tool Hacker Can Get Username And Password Information Too. We Are Sharing These Method's With You Just For Knowledge. HWA Is Not Responsible For Any Bad Activity Which You Do With The Knowledge Gain From HWA. Continue Reading Below If Agree. You Can Understand This Method Easily.
For Doing Following Steps. You Will Need A SQL Injection Vulnerable Website. You Can Find Vulnerable Website's Using Dorks In Google. Follow Steps Below To Continue:

1. Open Sqlmap.
2. Type Following Command.

 python sqlmap.py -u http://www.vulnerablewebsite.com --dbs 

How To Hack Website Using SQLMap

The Above Command Will Show You Database Information Of Vulnerable Website. See Following Picture.
How To Hack Website Using SQLMap
Note: In Your Case, Databases Maybe Different From Above Picture.
3. Now Choose Any Of The Database From Result. For Example: I Am Choosing dkg. Now Use Following Command.

python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg --tables

How To Hack Website Using SQLMap

It Will Show You Tables, Which dkg Database Has. Like Following Picture. Watch Following Picture.

How To Hack Website Using SQLMap

4. Now You Have Got Tables Of Database. Choose Any Of The Table From The Result For Getting Information From It. Hacker's Need Username And Password To Login The Victim Site. So, In This Case. You Should Choose uvp_Users Table. It May Contain Information About The Users Of Website. It Maybe Username, Password In This Table. So, I Am Going To Dump uvp_Users Table Now. By Dumping The Table You Will Be Able To See Information Saved In Table.
Use Following Command To Dump Information From Table.

python sqlmap.py -u http://www.vulnerablewebsite.com -D dkg -T uvp_Users --dump

How To Hack Website Using SQLMap

Above Command Will Dump The Information From Choosed Table. If The Table Which You Choosed, Contains Password In It In Hash Format. Then Sqlmap Will Ask You For Dictionary Based Hash Cracking Attack. Allow It To Get Password In ABC Characters. See Following Picture.

How To Crack Password

5. Press Y And Press Enter. It Will Ask What Dictionary Do You Want To Use?. Choose Default Dictionary. Type 1 And Press Enter.

Password Cracking
6. Now It Will Ask For Common Password Suffixies (slow!). Type y And Press Enter.

Now Password Cracking Procedure Is Started. It Will Some Minutes To Crack It. After The Cracking Process Finishes. You Will Be Able To See Password In Characters Form Along With Other Information. Which Is Saved In Table. Like In uvp_Users You Can See, Username, Password, UserGroup Etc.
After Finishing The Cracking Process. You Will Be Able To See Result Like Following Picture:
How To Hack Website Using SQLMap
You Can See Username And Password In Above Picture. SQL Injection Is Done Using Sqlmap. Have Any Question? Ask In Comments.

6 comments:

  1. I strongly recommend secretrevealer04@gmail.com if you want to hack in to your school system to change your grades , hack money transfers, hacking into your partners phones and social network profiles, credit cards, into social networks(whatsapp, Facebook, snapchat, twitter, Instagram, e.t.c.). And also if you want to learn how to hack into the above stated earlier.

    ReplyDelete
  2. My husband and i got Married last year and we have been living happily for a while. We used to be free with everything and never kept any secret from each other until recently everything changed when he got a new Job in NewYork 2 months ago.He has been avoiding my calls and told me he is working,i got suspicious when i saw a comment of a woman on his Facebook Picture and the way he replied her. I asked my husband about it and he told me that she is co-worker in his organization,We had a big argument and he has not been picking my calls,this went on for long until one day i decided to notify my friend about this and that was how she introduced me to Mr James(Worldcyberhackers@gmail.com) a Private Investigator  who helped her when she was having issues with her Husband. I never believed he could do it but until i gave him my husbands Mobile phone number. He proved to me by hacking into my husbands phone. where i found so many evidence and  proof in his Text messages, Emails and pictures that my husband has an affairs with another woman.i have sent all the evidence to our lawyer.I just want to thank Mr James for helping me because i have all the evidence against my Husband  in court.

    ReplyDelete
  3. Hello. Are you in need of a Hacker .I recommend (Worldcyberhackers@gmail.com) via Email. I have used them and they are the best. They render services such as:

    -Facebook hack 
    -Gmail hack
    -Twitter hack
    -WhatsApp hack
    -Mobile phone hack
    -Database Hack
    -Retrival of lost files
    -Viber hack 
    -Untraceable IP 
    -University grades changing 
    -Bank account hack 
    -Bypassing of Icloud 
    -Verified Paypal account.

    They are reliable, contact them via Email(WORLDCYBERHACKERS@GMAIL.COM)

    ReplyDelete