New Update Launched Contact Us Download Now!
الصفحة الرئيسية
android
free

SQL Inject a Site using SQLMap

Please wait 0 seconds...
Scroll Down and click on Go to Link for destination
Congrats! Link is Generated

 

It is so hard to keep ourselves safe while we are on the Internet. And If you own a website, then you must give most of your time to its security.

Well, we are not going to talk about security, we are going to talk about breaking into security. The first step of hacking is gathering information as much as possible, secondly, analyze them to find holes in security.It’s hard to find a good script that can give us what we want. But SQLMap can help us with it. SQLMap is an open-source project written in python which can automate the process of SQL Injection.

What is SQL injection?

SQL injection is a method to bypass website security and get access to its database. Here malicious codes are applied on the website as SQL statements. It usually occurs when a user is asked to input something on a webpage.

Let’s try it on Termux and see what happens.





Configuring SQLMap on Termux

SQLMap comes preinstalled in Kali Linux but in the case of Termux, we have to download it from Github. Well, we can install it directly from Termux repos, but it gives so many annoying errors.

So, open up the Termux application and Download SQLMap. Now navigate to the downloaded directory and then to the SQLMap folder. Follow the instructions given below.

git clone  https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
ls

Navigate to the ‘sqlmap‘ folder and look for the script named “sqlmap.py“. This is the script we need to launch the tool. 

Finding SQL vulnerable Targets

You can either scan a website and gather as much as possible information, analyze them, and find out the loophole or you can just choose a random target, well if you are practicing only.

Option 1: To practice legally, you can visit the http://hack.me and create a sandbox and use it to apply SQL injection. To do that follow these steps.

#1. On the Hackme dashboard, click on ‘Start a Hackme’ and then in the search bar search for the term ‘sql‘.  

#2. It will show you some SQL vulnerable projects uploaded by developers willingly. Choose one and click on ‘Start’.

#3. After clicking on ‘Start’ it will create you a sandbox or in other words, it will give you a vulnerable site to practice.

Option 2: You can use google dorks to find out vulnerable sites but obviously you can’t just pick one and test it as it is not legal to do without the owner’s permission. But it’s on you. 

Here are some dorks you can use to find SQL vulnerable sites. 

article.php?id=
add-to-cart.php?id=
archive.php?id=
phpx?PageID
book_list.php?bookid=

Make sure you don’t get caught

This is the most important step and we don’t need to explain to you why this step is important. To hide/anonymize yourself you can use the TOR service with SQLmap. Just install the TOR service using the command- 

apt install tor

You just need to add ‘–tor‘ with the command you hit to run the TOR service.

Understanding SQLMap Options

We are describing a few options that are mostly used in the attack. To see the options you can use in SQL injection just hit this command- python sqlmap -h


#1. python sqlmap.py -u URL –all = Includes all options

#2. python sqlmap.py -u URL –tables = To find tables

#3. python sqlmap -u URL –columns = To find columns

#4. python sqlmap -u URL –dump = To dump database

#android #free #Hacking

إرسال تعليق

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.